REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
56
b'ooooooo_q'
50
b'jon_bottarini'
49
b'haxta4ok00'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Internet Bug Bounty'
disclosed a bug submitted by
b'svalkanov'
b'[CVE-2024-26142] ReDoS vulnerability in Accept header parsing in Action Dispatch '
22 May 2024
b'Internet Bug Bounty'
disclosed a bug submitted by
b'svalkanov'
b'[CVE-2024-25126] Denial of Service Vulnerability in Rack Content-Type Parsing'
22 May 2024
b'Doppler'
disclosed a bug submitted by
b'zig_shark'
b'Acquisition on broken link listed on the page "https://docs.doppler.com/docs/removal-deprecated-packages-scripts in [scheduling a call]'
22 May 2024
b'HackerOne'
disclosed a bug submitted by
b'callmed0_4'
b'Able to Create Testimonials for myself using Sandbox'
22 May 2024
b'Nextcloud'
disclosed a bug submitted by
b'axosolaman'
b'Weak ssh algorithms and CVE-2023-48795 Discovered on various subdomains of nextcloud.com'
22 May 2024
b'Automattic'
disclosed a bug submitted by
b'xurizaemon0'
b'Authentication & Registration Bypass in Newspack Extended Access'
20 May 2024
b'PortSwigger Web Security'
disclosed a bug submitted by
b'osama-hamad'
b'A user with only [MODIFY_SETTINGS] permmision could takeover any user accounts'
20 May 2024
b'PortSwigger Web Security'
disclosed a bug submitted by
b'osama-hamad'
b'Changing the administrator password via admin console does not invalidate other sessions'
20 May 2024
b'Yahoo!'
disclosed a bug submitted by
b'agarri_fr'
b'YQL: From CR/LF injection to root compromise'
15 May 2024
b'Yahoo!'
disclosed a bug submitted by
b'agarri_fr'
b'Out-of-band read of arbitrary ASCII files on YQL backend servers via XML external parameter entities'
15 May 2024
b'Yahoo!'
disclosed a bug submitted by
b'agarri_fr'
b'Read arbitrary ASCII files on YQL backend servers via XSLT unparsed-entity-uri() and parameter entities'
15 May 2024
b'Yahoo!'
disclosed a bug submitted by
b'agarri_fr'
b'Read arbitrary XML files on YQL backend servers via XSLT document()'
15 May 2024
b'Yahoo!'
disclosed a bug submitted by
b'agarri_fr'
b'Code execution in "ymon" WebService, reached after bypassing the anti-loopback blacklist through YQL and HTTP redirects'
15 May 2024
b'Yahoo!'
disclosed a bug submitted by
b'claimingsouls'
b'Bitly link takeover '
15 May 2024
b'HackerOne'
disclosed a bug submitted by
b'hillybot__'
b"any user could upload attachments to pentest scoping form they don't have access to"
15 May 2024
b'HackerOne'
disclosed a bug submitted by
b'hacktus'
b'LLM01: Invisible Prompt Injection'
13 May 2024
b'HackerOne'
disclosed a bug submitted by
b'darkc0d3'
b'Possible PII Disclosure via Advanced Vetting Process - '
13 May 2024
b'HackerOne'
disclosed a bug submitted by
b'lu3ky-13'
b'Cloud Computer Hackerone Triager can be Accessible for everyone [h1_analyst_lucas+view@wearehackerone.com] computer'
10 May 2024
b'X (Formerly Twitter)'
disclosed a bug submitted by
b'th0h0'
b'Cross-Domain Leakage of X Username / UserID due to Dynamically Generated JS File'
10 May 2024
b'X (Formerly Twitter)'
disclosed a bug submitted by
b'mirhat'
b'Ability to see hidden likes'
10 May 2024
1
...
21
22
23
24
25
...
717
BY DENIS WERNER - @NOBBD -
IMPRESSUM