REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
83
b'linkks'
75
b'jobert'
70
b'nyymi'
62
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'GitLab'
disclosed a bug submitted by
b'70rpedo'
b'Maintainer can leak sentry token by changing the configured URL (fix bypass)'
08 Oct 2024
b'GitLab'
disclosed a bug submitted by
b'afewgoats'
b'ReDoS due to device-detector parsing user agents'
08 Oct 2024
b'Mozilla'
disclosed a bug submitted by
b'anhchangmutrang'
b'User API Key leakage in Github commit leads to unauthorized access to sql.telemetry.mozilla.org'
08 Oct 2024
b'MTN Group'
disclosed a bug submitted by
b'hazemhussien99'
b'IDOR at mtnmobad.mtnbusiness.com.ng leads to PII leakage. '
05 Oct 2024
b'MTN Group'
disclosed a bug submitted by
b'hazemhussien99'
b'Reflected XSS in https://nin.mtn.ng/nin/success?message=lol&nin=<VULNERABLE>'
05 Oct 2024
b'AWS VDP'
disclosed a bug submitted by
b'hesham_elsheme'
b'External service interaction (HTTP)'
04 Oct 2024
b'IBM'
disclosed a bug submitted by
b'mersa-v6'
b'SSRF via host header let access localhost via https://go.dialexa.com'
03 Oct 2024
b'TikTok'
disclosed a bug submitted by
b'ahmed_xyz'
b'Stored-XSS-ads.tiktok.com'
02 Oct 2024
b'GitLab'
disclosed a bug submitted by
b'tefa_'
b'Remove obsolete domain from handbook subdomain'
01 Oct 2024
b'IBM'
disclosed a bug submitted by
b'0xhassan'
b'IBM OpenPages vulnerable to exposure of sensitive information'
01 Oct 2024
b'Ruby on Rails'
disclosed a bug submitted by
b'ooooooo_q'
b'XSS when using `translate` in Action Controller (Rails 7.0, 7.1)'
01 Oct 2024
b'Mattermost'
disclosed a bug submitted by
b'c0rydoras'
b"Posts sent via websockets aren't sanitized properly"
01 Oct 2024
b'GitLab'
disclosed a bug submitted by
b'moblig'
b'IDOR Exposes All Machine Learning Models'
01 Oct 2024
b'Rocket.Chat'
disclosed a bug submitted by
b'h0011'
b'The initial E2EE password generated by Rocket.Chat mobile can be recovered in a practical timescale.'
01 Oct 2024
b'Nintendo'
disclosed a bug submitted by
b'regginator'
b'[Switch, PIA/MK8DX] Stack buffer overflow and potential RCE in PIA (LAN/LDN, possibly NEX) room info deserialization'
30 Sep 2024
b'Acronis'
disclosed a bug submitted by
b'mr-medi'
b'PUT Based CSRF via Client Side Path Traversal + Cookie Bomb on Acronis Cloud'
27 Sep 2024
b'LY Corporation'
disclosed a bug submitted by
b'never_die'
b'Client-Side Path Traversal on LINE Developers Console'
26 Sep 2024
b'MTN Group'
disclosed a bug submitted by
b'renzi'
b'SSRF Keycloak before 13.0.0 - CVE-2020-10770 on https://sponsoredata.mtn.ci'
26 Sep 2024
b'FetLife'
disclosed a bug submitted by
b'ezzra'
b'Able to see location coordinates in any event without permission to do so'
25 Sep 2024
b'Internet Bug Bounty'
disclosed a bug submitted by
b'ooooooo_q'
b'Possible DoS Vulnerability with Range Header in Rack'
25 Sep 2024
1
...
27
28
29
30
31
...
738
BY DENIS WERNER - @NOBBD -
IMPRESSUM
