REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
bobrov
117
geeknik
79
linkks
75
sp1d3rs
68
jobert
64
someonenobbd
60
jon_bottarini
49
netfuzzer
48
haxta4ok00
48
ryat
47
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
curl
disclosed a bug submitted by
maslahhunter
match
09 Jun 2022
Reddit
disclosed a bug submitted by
3amii
Several Subdomains Takeover
08 Jun 2022
GitLab
disclosed a bug submitted by
ooooooo_q
XSS by clicking Jira's link
08 Jun 2022
GitLab
disclosed a bug submitted by
ehhthing
Gitlab Pages token theft using service workers
08 Jun 2022
GitLab
disclosed a bug submitted by
joaxcar
"External status checks" can be accepted by users below developer access if the user is either author or assignee of the target merge request
08 Jun 2022
GitLab
disclosed a bug submitted by
jarij
Stored XSS on issue comments and other pages which contain notes
08 Jun 2022
Glassdoor
disclosed a bug submitted by
0x7
Reflected XSS on https://www.glassdoor.com/parts/header.htm
08 Jun 2022
Glassdoor
disclosed a bug submitted by
0x7
Reflected XSS on https://help.glassdoor.com/gd_requestsubmitpage
08 Jun 2022
Glassdoor
disclosed a bug submitted by
0x7
Open redirect on https://www.glassdoor.com/profile/siwa.htm via state parameter
08 Jun 2022
GitLab
disclosed a bug submitted by
saltyyolk
Path traversal, to RCE
07 Jun 2022
GitLab
disclosed a bug submitted by
saltyyolk
Steal private objects of other projects via project import
07 Jun 2022
GitLab
disclosed a bug submitted by
saltyyolk
Private objects exposed through project import
07 Jun 2022
GitLab
disclosed a bug submitted by
saltyyolk
Path traversal in Nuget Package Registry
07 Jun 2022
Acronis
disclosed a bug submitted by
ub3rsick
Store Admin Page Accessible Without Authentication at http://www.grouplogic.com/ADMIN/store/index.cfm
07 Jun 2022
Acronis
disclosed a bug submitted by
ub3rsick
Stored Cross Site Scripting at http://www.grouplogic.com/ADMIN/store/index.cfm?fa=disprocode
07 Jun 2022
Reddit
disclosed a bug submitted by
h1ugroon
Misconfigurated login page able to lock login action for any account without user interaction
06 Jun 2022
Exodus
disclosed a bug submitted by
bismillahfortuner
2 Cache Poisoning Attack Methods Affect Core Functionality www.exodus.com
06 Jun 2022
U.S. General Services Administration
disclosed a bug submitted by
rptl
Registered users contact information disclosure on salesforce lightning endpoint https://disposal.gsa.gov
06 Jun 2022
curl
disclosed a bug submitted by
nyymi
Heap overflow via HTTP/2 PUSH_PROMISE
05 Jun 2022
curl
disclosed a bug submitted by
nyymi
KRB-FTP: Security level downgrade
05 Jun 2022
1
2
3
4
5
...
613
BY DENIS WERNER - @NOBBD -
IMPRESSUM