REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
bobrov
117
geeknik
79
linkks
75
jobert
69
sp1d3rs
68
someonenobbd
61
nyymi
53
jon_bottarini
49
haxta4ok00
48
netfuzzer
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
U.S. Dept Of Defense
disclosed a bug submitted by
cdl
[HTA2] XXE on https:// via SpellCheck Endpoint.
15 May 2023
U.S. Dept Of Defense
disclosed a bug submitted by
cdl
[hta3] Remote Code Execution on
15 May 2023
U.S. Dept Of Defense
disclosed a bug submitted by
0xmaruf
LDAP Server NULL Bind Connection Information Disclosure
15 May 2023
U.S. Dept Of Defense
disclosed a bug submitted by
cametome006
AEM misconfiguration leads to Information disclosure
15 May 2023
U.S. Dept Of Defense
disclosed a bug submitted by
0r10nh4ck
Sensitive Data Exposure via wp-config.php file
15 May 2023
U.S. Dept Of Defense
disclosed a bug submitted by
waterlord7788
Default Credentials on Kinetic Core System Console - https:///kinetic/app/
15 May 2023
8x8 Bounty
disclosed a bug submitted by
yassinek3ch
connect.8x8.com: Blind SSRF via /api/v2/chats/image-check allows for Internal Ports scan
15 May 2023
LinkedIn
disclosed a bug submitted by
find_me_here
[ Continuation Report from #1814842 ] Can create articles using other users' NewsLetters
15 May 2023
Nextcloud
disclosed a bug submitted by
lukasreschke
Reflected XSS vulnerability with full CSP bypass in Nextcloud installations using recommended bundle
15 May 2023
GlassWire
disclosed a bug submitted by
chip_sec
Facebook App API credentials leaked in the APK
12 May 2023
WordPress
disclosed a bug submitted by
chip_sec
PII of users can be downloaded from export pages
12 May 2023
HackerOne
disclosed a bug submitted by
iamr0000t
HTML injection in email at https://www.hackerone.com/
12 May 2023
LinkedIn
disclosed a bug submitted by
spaceboy20
Attacker can unpin posts from companies he's not part of.
12 May 2023
LinkedIn
disclosed a bug submitted by
find_me_here
Attackers do not need to Pay for a Subscription to get the `Discussion Group URL` in `Paid Learning`
12 May 2023
LinkedIn
disclosed a bug submitted by
encodedguy
Delete any LinkedIn comment on learning API of other users
12 May 2023
U.S. Department of State
disclosed a bug submitted by
doosec101
LDAP anonymous access enabled at certrep.pki.state.gov:389
11 May 2023
IBM
disclosed a bug submitted by
0xpugazh
Moodle XSS on s-immerscio.comprehend.ibm.com
11 May 2023
IBM
disclosed a bug submitted by
gdattacker
Subdomain Takeover Affecting at vex.weather.com
10 May 2023
Mattermost
disclosed a bug submitted by
uchihaluckycs
Reset password link sent over unsecured http protocol
10 May 2023
Brave Software
disclosed a bug submitted by
ameenbasha
download file type warning on Windows does not appear if "ask where to save file before downloading" setting is enabled
10 May 2023
1
2
3
4
5
...
658
BY DENIS WERNER - @NOBBD -
IMPRESSUM