the unofficial HackerOne disclosure timeline.

X
b'NordVPN' disclosed a bug submitted by b'n33dm0n3y' 
b'Password Reset Link not expiring after changing the email Leads To Account Takeover'
27 Oct 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'ryotak' 
b'[http-live-simulator] Application-level DoS'
27 Oct 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'mik317' 
b'[create-git] RCE via insecure command formatting'
26 Oct 2020 timeline
b'Yelp' disclosed a bug submitted by b'parzel' 
b'X-Forward-For Header allows to bypass access restrictions'
26 Oct 2020 timeline
b'8x8' disclosed a bug submitted by b'melbadry9' 
b'Open Redirect on [blog.wavecell.com]'
26 Oct 2020 timeline
b'Twitter' disclosed a bug submitted by b'keer0k' 
b'XSS via referrer parameter'
26 Oct 2020 timeline
b'Twitter' disclosed a bug submitted by b'gokay' 
b'Twitter Media Studio Source Information Disclosure With Analyst Role'
26 Oct 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'artebels' 
b'Insufficient limitation of web page title leads to DoS against ICQ for Android'
24 Oct 2020 timeline
b'Kartpay' disclosed a bug submitted by b'abhhi' 
b'Admin/Info lekage'
24 Oct 2020 timeline
b'Curve' disclosed a bug submitted by b'praseudo7' 
b'Sensitive Info Leak - An Attacker Can Retrieve All the Users Mobile Numbers at https://website-api.production.curve.app/api/waitlist/us'
23 Oct 2020 timeline
b'Shopify' disclosed a bug submitted by b'cforu' 
b'authenticity token not verfied leads to change business name'
23 Oct 2020 timeline
b'DRIVE.NET, Inc.' disclosed a bug submitted by b'what_web' 
b"[www.drive2.ru] Insufficient Security Configurability - The user's can set an existing password as a new password."
23 Oct 2020 timeline
b'DRIVE.NET, Inc.' disclosed a bug submitted by b'what_web' 
b'[www.drive2.ru] Insufficient Security Configurability - The user can using the same password as your current ID.'
23 Oct 2020 timeline
b'DRIVE.NET, Inc.' disclosed a bug submitted by b'what_web' 
b'[www.drive2.ru] Insufficient Security Configurability - Notification message not sent when account is deleted'
23 Oct 2020 timeline
b'DRIVE.NET, Inc.' disclosed a bug submitted by b'what_web' 
b'[www.drive2.ru] Insufficient Security Configurability - Notification email is not sent when email is changed.'
23 Oct 2020 timeline
b'Shopify' disclosed a bug submitted by b'ash_nz' 
b'Undocumented `fileCopy` GraphQL API'
22 Oct 2020 timeline
b'Shopify' disclosed a bug submitted by b'ash_nz' 
b'A staff member with no permissions can edit Store Customer Email'
22 Oct 2020 timeline
b'Kubernetes' disclosed a bug submitted by b'barsainya' 
b'Configuartion [Sensitive] Information Disclosure'
22 Oct 2020 timeline
b'Kubernetes' disclosed a bug submitted by b'njaysec' 
b'Private RSA key and Server key exposed on the GitHub repository'
22 Oct 2020 timeline
b'Shopify' disclosed a bug submitted by b'a_yang' 
b'User sensitive information disclosure'
22 Oct 2020 timeline
1 ... 285 286 287 288 289 ... 768
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM