Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'83 
b'linkks'75 
b'jobert'70 
b'nyymi'62 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'New Relic' disclosed a bug submitted by b'skavans' 
b"Account owner/admin can't actually delete personal users' API keys"
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Ability to buy PRO subscriptions by arbitrary reduced prices'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Cross-account reading of Insights dashboards through GraphQL'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b"Restricted user can manage the NerdGraph entities' tags"
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Stored XSS at Synthetics private locations (planted through location label or description)'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Attacker can create new account inside any partnership with no approve from the Partnership owner'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Secure credentials values disclosure to regular users due to access control issue in monitor creating function'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'arsene_lupin' 
b'One Click Remote Code Injection - *.blog.newrelic.com'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Stored XSS at APM transaction map (transactionName field)'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Cross-account stored XSS at embedded charts'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b"Ability to run monitors' jobs of other accounts and to read these jobs content (including the secure credentials values)"
13 Aug 2020 timeline
b'InnoGames' disclosed a bug submitted by b'aeswagyewgyes' 
b'Stored XSS on recruit.innogames.de'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Stored admin-to-owner XSS at infrastructure alerts runbook URL leading to account takeover by malicious admin'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Disclosure of locally served nerdpacks due to nr-local.net CORS policy misconfiguration'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'NR-wide cross account access through misconfigured CORS-policy of multiple endpoints'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Stored XSS in notes (charts) because of insecure chart data JSON generation'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Passive stored XSS at Synthetics job result page (View resource)'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Unsafe charts embedding implementation leads to cross-account stored XSS and SSRF'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Cross-account stored XSS at notes (through "swf" note parameter)'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Stored XSS at Mobile (Versions tab)'
13 Aug 2020 timeline
1 ... 275 276 277 278 279 ... 738
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM