the unofficial HackerOne disclosure timeline.

X
b'Mail.ru' disclosed a bug submitted by b'rainbow_json' 
b'[MY.GAMES] XSS '
11 Feb 2021 timeline
b'Sixt GmbH & Co. Autovermietung KG' disclosed a bug submitted by b'reliance' 
b'Company Employes Sensitive Information exposed in Android App'
11 Feb 2021 timeline
b'Automattic' disclosed a bug submitted by b'superman85' 
b'[sub.wordpress.com] - XSS when adjust block Poll - Confirmation Message - On submission:Redirect to another webpage - Redirect address:[xss_payload]'
11 Feb 2021 timeline
b'VK.com' disclosed a bug submitted by b'executor' 
b'XSS '
11 Feb 2021 timeline
b'QIWI' disclosed a bug submitted by b'xaleraf4ra' 
b'[z.tochka.com] Unlimited file uploads lead to malware executed'
11 Feb 2021 timeline
b'VK.com' disclosed a bug submitted by b'onlymalelove' 
b'Stored XSS .'
11 Feb 2021 timeline
b'Ruby on Rails' disclosed a bug submitted by b'tktech' 
b'HostAuthorization middleware does not suitably sanitize the Host / X-Forwarded-For header allowing redirection.'
11 Feb 2021 timeline
b'Ruby on Rails' disclosed a bug submitted by b'dee-see' 
b"Regular expression denial of service in ActiveRecord's PostgreSQL Money type"
11 Feb 2021 timeline
b'GitHub Security Lab' disclosed a bug submitted by b'someonenobbd' 
b'[Java] CWE-295: Disabled certificate validation in JXBrowser'
10 Feb 2021 timeline
b'PayPal' disclosed a bug submitted by b'cr33pb0y' 
b'Reflect XSS and CSP Bypass on https://www.paypal.com/businesswallet/currencyConverter/ '
10 Feb 2021 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'mrsinister15' 
b'Bypassed a fix to gain access to PII of more than 100 Officers'
10 Feb 2021 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'dianeme_' 
b'Register with non accepted email types on https://'
10 Feb 2021 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'nagli' 
b'PII Leak of Personal at https://www.'
10 Feb 2021 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'un4gi' 
b'Stored XSS via 64(?) vulnerable fields in leads to credential theft/account takeover'
10 Feb 2021 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'skarsom' 
b'Insecure credentials on staging app at leads to application takeover'
10 Feb 2021 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'sleepnotf0und' 
b'Reflected XSS In https://'
10 Feb 2021 timeline
b'Lark Technologies' disclosed a bug submitted by b'mike12' 
b'RPC Implementation allows unauthenticated remote calls'
10 Feb 2021 timeline
b'Automattic' disclosed a bug submitted by b'fuzzme' 
b'[intensedebate.com] Open Redirect'
10 Feb 2021 timeline
b'Yelp' disclosed a bug submitted by b'alexbirsan' 
b'RCE on build server via misconfigured pip install'
09 Feb 2021 timeline
b'PayPal' disclosed a bug submitted by b'alexbirsan' 
b'RCE via npm misconfig -- installing internal libraries from the public registry'
09 Feb 2021 timeline
1 ... 254 255 256 257 258 ... 769
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM