REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
84
b'linkks'
75
b'jobert'
70
b'nyymi'
67
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'jonasdiasrebelo'
b"Cross-Site Scripting via 'autoPlay' parameter"
12 Jan 2026
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'jonasdiasrebelo'
b"Cross-Site Scripting via 'description_extra' parameter"
12 Jan 2026
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'the_reinhardt'
b'Reflected XSS in `Telerik.ReportViewer.axd` with F5 BIG-IP ASM Bypass on ``'
12 Jan 2026
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'jonasdiasrebelo'
b'Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on '
12 Jan 2026
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'jonasdiasrebelo'
b'Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on '
12 Jan 2026
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'jonasdiasrebelo'
b"Cross-Site Scripting via 'EVENT_DESCRIPTION' parameter"
12 Jan 2026
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'silentbreach'
b'Unauthenticated File Read Adobe ColdFusion'
12 Jan 2026
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'marucube35'
b'Secret Access Key of AWS Firehose Disclosure'
12 Jan 2026
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'aldenpartridge'
b'Exposed Extremely Sensitive Information in Public ZIP File'
12 Jan 2026
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'oxylis'
b'Air Force candidate PII + recruitment chat logs accessible via BAC/IDOR on (very large/significant exposure)'
12 Jan 2026
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'badlifeguard'
b'ASBS viewing other soldiers PII/Board/Board Voters/ETC'
12 Jan 2026
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'rocky1696'
b'[Critical Data Breach] Exposure of PII Data Leak via API Response'
12 Jan 2026
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'0xr2r'
b'DNN - Unrestricted Arbitrary File Upload #'
12 Jan 2026
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'0xr2r'
b'GlobalProtect - OS Command Injection #'
12 Jan 2026
b'curl'
disclosed a bug submitted by
b'darksql'
b'Heap Out-of-Bounds Read in lib/http2.c via Malformed PUSH_PROMISE Headers'
10 Jan 2026
b'curl'
disclosed a bug submitted by
b'unknowperson0212'
b'CRLF Injection in HTTP header values allows arbitrary header injection'
10 Jan 2026
b'curl'
disclosed a bug submitted by
b'raulvdv'
b'State Isolation Failure in Multiplexed Connections (Shared Auth Context)'
08 Jan 2026
b'curl'
disclosed a bug submitted by
b'han_ank'
b'Stack Buffer Overflow in mprintf.c formatting function (fallback path)'
08 Jan 2026
b'curl'
disclosed a bug submitted by
b'unknowperson0212'
b'inconsistently Rejection Logic in file:// URLs with Authority'
08 Jan 2026
b'curl'
disclosed a bug submitted by
b'anonymous_237'
b'CVE-2025-14524: bearer token leak on cross-protocol redirect'
07 Jan 2026
1
2
3
4
5
...
751
BY DENIS WERNER - @NOBBD -
IMPRESSUM
