Top10 publishers:
b'bobrov'117 
b'geeknik'80 
b'linkks'75 
b'jobert'70 
b'sp1d3rs'68 
b'someonenobbd'62 
b'nyymi'55 
b'jon_bottarini'49 
b'haxta4ok00'48 
b'netfuzzer'48 

the unofficial HackerOne disclosure timeline.

X
b'U.S. Dept Of Defense' disclosed a bug submitted by b'oxylis' 
b' leaking PII of tour visitors (names, email addresses, phone numbers) via misconfigured record permissions'
22 Mar 2024 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'archyxsec' 
b'Improper Authentication (Login without Registration with any user) at '
22 Mar 2024 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'chor4o' 
b'Xss - '
22 Mar 2024 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'chor4o' 
b'Xss Parameter: /<s>/[*]/<s>.css '
22 Mar 2024 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'dishant_singh' 
b'Attacker can Add itself as admin user and can also change privileges of Existing Users []'
22 Mar 2024 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'chor4o' 
b'Parmetro XSS: Nome de usurio - '
22 Mar 2024 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'geej' 
b'Resource Injection - []'
22 Mar 2024 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'elevenoo1' 
b'Full Access to sonarQube and Docker'
22 Mar 2024 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'anonymlss' 
b'Reflective Cross Site Scripting (XSS) on /Pages'
22 Mar 2024 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'dishant_singh' 
b'DBMS information getting exposed publicly on -- [ ]'
22 Mar 2024 timeline
b'ownCloud' disclosed a bug submitted by b'kolokokop' 
b'Authentication Bypass with usage of PreSignedURL'
22 Mar 2024 timeline
b'8x8 Bounty' disclosed a bug submitted by b'pentestor' 
b'Open Redirect via Non-Latin Subdomain in vcc-*.8x8.com/AGUI/.php'
20 Mar 2024 timeline
b'Frontegg' disclosed a bug submitted by b'bugsv2' 
b'PATCH method manipulation allowing the users to escalate their functionalities and edit (upgrade/downgrade) API Keys settings which is not allowed'
20 Mar 2024 timeline
b'Frontegg' disclosed a bug submitted by b'bugsv2' 
b'Bypassing the block of Security Domain Restriction and normally invite blocked domains with special characters '
20 Mar 2024 timeline
b'New Relic' disclosed a bug submitted by b'archangel' 
b'User without "View/Modify/Delete" permissions on "Destinations" can view/modify & delete Destinations'
19 Mar 2024 timeline
b'New Relic' disclosed a bug submitted by b'archangel' 
b'Missing Authorization check on View permissions for Alerting Conditions via /internal_api/1/accounts/XXXXXXX/policies/YYYYYYY/conditions?offs endpoint'
19 Mar 2024 timeline
b'New Relic' disclosed a bug submitted by b'archangel' 
b'Steal any user in your orgs private GitHub token by pointing the GH integration at an attacker controlled GHE instance'
19 Mar 2024 timeline
b'GoCD' disclosed a bug submitted by b'redyetihacks' 
b'XSS in new.loading.page.html'
17 Mar 2024 timeline
b'HackerOne' disclosed a bug submitted by b'akashhamal0x01' 
b'Being able to disclose IBB bounty table of any public program'
17 Mar 2024 timeline
b'Node.js' disclosed a bug submitted by b'maple3142' 
b'Denial of Service by resource exhaustion in fetch() brotli decoding'
16 Mar 2024 timeline
1 2 3 4 5 ... 692
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM