Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'80 
b'linkks'75 
b'jobert'70 
b'someonenobbd'62 
b'nyymi'58 
b'ooooooo_q'52 
b'haxta4ok00'49 
b'jon_bottarini'49 

the unofficial HackerOne disclosure timeline.

X
b'Basecamp' disclosed a bug submitted by b'fr4via' 
b"Path traversal in deeplink query parameter can expose any user's private info to a public directory (one click)"
09 Jul 2024 timeline
b'Basecamp' disclosed a bug submitted by b'fr4via' 
b'Navgraph confusion allows any 3p app to send and read requests from the server at app.hey.com'
09 Jul 2024 timeline
b'Node.js' disclosed a bug submitted by b'haxatron1' 
b'fs.lstat bypasses permission model'
09 Jul 2024 timeline
b'Node.js' disclosed a bug submitted by b'tianst' 
b'Bypass incomplete fix of CVE-2024-27980'
09 Jul 2024 timeline
b'Node.js' disclosed a bug submitted by b'4xpl0r3r' 
b'fs.fchown/fchmod bypasses permission model'
09 Jul 2024 timeline
b'Node.js' disclosed a bug submitted by b'dittyroma' 
b'Bypass network import restriction via data URL'
08 Jul 2024 timeline
b'Flickr' disclosed a bug submitted by b'fr4via' 
b'Incorrect Deep-link validation leading to unresponsive application and device'
06 Jul 2024 timeline
b'Flickr' disclosed a bug submitted by b'0xcyborg' 
b'IDOR may allow access to non-public photos'
06 Jul 2024 timeline
b'Automattic' disclosed a bug submitted by b'xurizaemon0' 
b'Authentication & Registration Bypass in Newspack Extended Access'
05 Jul 2024 timeline
b'Internet Bug Bounty' disclosed a bug submitted by b'devme4f' 
b'CVE-2024-34750 Apache Tomcat DoS vulnerability in HTTP/2 connector'
05 Jul 2024 timeline
b'TikTok' disclosed a bug submitted by b'zhyar_11011' 
b'Authentication Bypass on TikTok Seller Signup Process Allows Account Creation Without Phone Verification'
03 Jul 2024 timeline
b'Booking.com' disclosed a bug submitted by b'tuantv89' 
b'Default Admin Account lead to full access control at https://desk-demo.fareharbor.engineering'
03 Jul 2024 timeline
b'Ruby' disclosed a bug submitted by b'ooooooo_q' 
b'RCE by parsing `.rdoc_options` in RDoc'
03 Jul 2024 timeline
b'inDrive' disclosed a bug submitted by b'bugsv2' 
b'Unlimited fake rate to the passenger in city to city, Affected endpoint `/api/v1/reviews/ride/<ID>/driver`'
02 Jul 2024 timeline
b'inDrive' disclosed a bug submitted by b'zxwo' 
b'Reflected XSS of media.indrive.com'
02 Jul 2024 timeline
b'Internet Bug Bounty' disclosed a bug submitted by b'noentry' 
b'CVE-2024-32760 in nginx'
01 Jul 2024 timeline
b'Internet Bug Bounty' disclosed a bug submitted by b'noentry' 
b'CVE-2024-31079 in nginx'
01 Jul 2024 timeline
b'Internet Bug Bounty' disclosed a bug submitted by b'noentry' 
b'CVE-2024-35200 in nginx'
01 Jul 2024 timeline
b'Internet Bug Bounty' disclosed a bug submitted by b'ooooooo_q' 
b'[CVE-2024-32464] ActionText ContentAttachments can Contain Unsanitized HTML'
30 Jun 2024 timeline
b'MercadoLibre' disclosed a bug submitted by b'fr4via' 
b'Account Takeover / Arbitrary File read and deletion / Partial code execution (intent redirection through com.mercadopago.wallet.splash.SplashActivity)'
28 Jun 2024 timeline
1 ... 24 25 26 27 28 ... 724
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM