REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
84
b'linkks'
75
b'jobert'
70
b'nyymi'
67
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Basecamp'
disclosed a bug submitted by
b'xavlimsg'
b'DOM XSS in `fizzy.do` import filename preview enables one-click victim account takeover'
14 Apr 2026
b'Basecamp'
disclosed a bug submitted by
b'xavlimsg'
b'Improper Access Control in `fizzy.do` import flow allows cross-tenant ActionText reference resolution and data disclosure'
14 Apr 2026
b'Nextcloud'
disclosed a bug submitted by
b'cyberjoker'
b"BOLA/IDOR in Out-of-Office API allows any authenticated user to read other users' absence data"
14 Apr 2026
b'Cloudflare Public Bug Bounty'
disclosed a bug submitted by
b'matured_kazama'
b'[Variation of #3321406] YetAnother 1-Click Chaining of Self-XSS, Cookie Tossing and AntiCSRF Token Prediction leads to auto approval in AccessTempAuth'
14 Apr 2026
b'Cloudflare Public Bug Bounty'
disclosed a bug submitted by
b'matured_kazama'
b'[Variation of #1554049] 1-Click Chaining of Self-XSS, Cookie Tossing and AntiCSRF Token Prediction leads to auto approval in Access Temp Auth'
14 Apr 2026
b'Brave Software'
disclosed a bug submitted by
b'mousepadkalilinux12'
b'Brave Shields Domain Reordering Leads to Origin Confusion'
13 Apr 2026
b'Nextcloud'
disclosed a bug submitted by
b'py0zz1'
b'Credential Disclosure via Unvalidated directDownloadUrl (Missing DontAddCredentialsAttribute)'
13 Apr 2026
b'curl'
disclosed a bug submitted by
b'midoussa7'
b'Argument Injection via curl Short-Flag Grouping'
13 Apr 2026
b'curl'
disclosed a bug submitted by
b'pwnpwn'
b'Integer Overflow/Signedness Mismatch in Printf Precision for HTTP/2 Trailer Headers'
11 Apr 2026
b'AWS VDP'
disclosed a bug submitted by
b'misop00p'
b'Encryption context keys and values logged at INFO level'
10 Apr 2026
b'Rocket.Chat'
disclosed a bug submitted by
b'soohyun'
b'Open Redirect in Rocket.Chat'
10 Apr 2026
b'Mozilla'
disclosed a bug submitted by
b'adilnbabras'
b'[Vertical Privilege Escalation] User can Unapproved any Approved Translation at [/translations/unapprove/]'
10 Apr 2026
b'Mozilla'
disclosed a bug submitted by
b'adilnbabras'
b"User Can Delete Other Users' Personal Access Tokens at /delete-token/{token_id}/ on Mozilla Pontoon"
10 Apr 2026
b'RubyGems'
disclosed a bug submitted by
b'mclaren650sspider'
b'Memory leak in gem decode logic can allow attacker to take down Rubygems.org application'
09 Apr 2026
b'curl'
disclosed a bug submitted by
b'adityasunny_06'
b'libcurl: Integer truncation in curl_easy_ssls_import() causes TLS sessions to never expire'
09 Apr 2026
b'Glassdoor'
disclosed a bug submitted by
b'auxilus'
b"wasResumeUsed on /api-internal/api.htm endpoint leaking other user's resume usage status"
08 Apr 2026
b'Glassdoor'
disclosed a bug submitted by
b'amakki'
b'Account Takeover'
08 Apr 2026
b'Glassdoor'
disclosed a bug submitted by
b'z3ron3'
b'Open Redirect '
08 Apr 2026
b'AWS VDP'
disclosed a bug submitted by
b'misop00p'
b'Health check errors silently dropped when channel buffer full'
07 Apr 2026
b'Nextcloud'
disclosed a bug submitted by
b'shiva2550'
b"IDOR on via direct photo URL leads to unauthorized access to deleted and other users' photos"
07 Apr 2026
1
2
3
4
5
...
760
BY DENIS WERNER - @NOBBD -
IMPRESSUM
