Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'80 
b'linkks'75 
b'jobert'70 
b'someonenobbd'62 
b'nyymi'56 
b'ooooooo_q'50 
b'jon_bottarini'49 
b'haxta4ok00'48 

the unofficial HackerOne disclosure timeline.

X
b'U.S. Dept Of Defense' disclosed a bug submitted by b'elevenoo1' 
b'Full Access to sonarQube and Docker'
22 Mar 2024 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'anonymlss' 
b'Reflective Cross Site Scripting (XSS) on /Pages'
22 Mar 2024 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'dishant_singh' 
b'DBMS information getting exposed publicly on -- [ ]'
22 Mar 2024 timeline
b'ownCloud' disclosed a bug submitted by b'kolokokop' 
b'Authentication Bypass with usage of PreSignedURL'
22 Mar 2024 timeline
b'8x8 Bounty' disclosed a bug submitted by b'pentestor' 
b'Open Redirect via Non-Latin Subdomain in vcc-*.8x8.com/AGUI/.php'
20 Mar 2024 timeline
b'Frontegg' disclosed a bug submitted by b'bugsv2' 
b'PATCH method manipulation allowing the users to escalate their functionalities and edit (upgrade/downgrade) API Keys settings which is not allowed'
20 Mar 2024 timeline
b'Frontegg' disclosed a bug submitted by b'bugsv2' 
b'Bypassing the block of Security Domain Restriction and normally invite blocked domains with special characters '
20 Mar 2024 timeline
b'New Relic' disclosed a bug submitted by b'archangel' 
b'User without "View/Modify/Delete" permissions on "Destinations" can view/modify & delete Destinations'
19 Mar 2024 timeline
b'New Relic' disclosed a bug submitted by b'archangel' 
b'Missing Authorization check on View permissions for Alerting Conditions via /internal_api/1/accounts/XXXXXXX/policies/YYYYYYY/conditions?offs endpoint'
19 Mar 2024 timeline
b'New Relic' disclosed a bug submitted by b'archangel' 
b'Steal any user in your orgs private GitHub token by pointing the GH integration at an attacker controlled GHE instance'
19 Mar 2024 timeline
b'GoCD' disclosed a bug submitted by b'redyetihacks' 
b'XSS in new.loading.page.html'
17 Mar 2024 timeline
b'HackerOne' disclosed a bug submitted by b'akashhamal0x01' 
b'Being able to disclose IBB bounty table of any public program'
17 Mar 2024 timeline
b'Node.js' disclosed a bug submitted by b'maple3142' 
b'Denial of Service by resource exhaustion in fetch() brotli decoding'
16 Mar 2024 timeline
b'Node.js' disclosed a bug submitted by b'valette' 
b'setuid() does not drop all privileges due to io_uring'
16 Mar 2024 timeline
b'GitHub' disclosed a bug submitted by b'inspector-ambitious' 
b'Bypassing Collaborator Restrictions: Retaining Admin Access Post-Repository Transfer'
15 Mar 2024 timeline
b'GitHub' disclosed a bug submitted by b'inspector-ambitious' 
b'Persistent Unauthorized Administrative Access on All Organization Repositories via RC in User Conversion to Organization'
15 Mar 2024 timeline
b'Doppler' disclosed a bug submitted by b'w3shi' 
b'Github app(link) Takeover Listed on "https://docs.doppler.com/docs/github-actions" page'
15 Mar 2024 timeline
b'Mozilla Critical Services' disclosed a bug submitted by b'psycho_012' 
b'Insecure S3 Bucket Exposing Git Directory in Mozilla Foundation Infographics Project'
13 Mar 2024 timeline
b'Publitas' disclosed a bug submitted by b'giwadaoud' 
b'Unauthorized Access to Offline Publication Cover Pages via SOURCE_DOCUMENT_ID'
13 Mar 2024 timeline
b'LinkedIn' disclosed a bug submitted by b'marvelmaniac' 
b'An attacker can submit arbitrary projects to their service accounts and obtain full information on projects of other users.'
12 Mar 2024 timeline
1 ... 26 27 28 29 30 ... 717
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM