Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'67 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'Shopify' disclosed a bug submitted by b'francisbeaudoin' 
b'Script Editor preview token still working with uninstalled application, even for unpublished script'
25 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'ryat' 
b'Self XSS in Timeline '
25 Aug 2020 timeline
b'WordPress' disclosed a bug submitted by b'apapedulimu' 
b'Stored XSS on Broken Themes via filename'
25 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'saltymermaid' 
b'Ability to see password protected content by bypassing the password page of shopify preview URL for new development stores (as of August 17, 2020)'
25 Aug 2020 timeline
b'HackerOne' disclosed a bug submitted by b'bugra' 
b"Recently added 'Country' field doesn't send email notification when changed"
25 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'macasun' 
b'Prototype pollution attack (lodash)'
25 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'ngalog' 
b'Path Traversal in App Proxy'
24 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'mik317' 
b'[windows-edge] RCE via insecure command formatting'
24 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'francisbeaudoin' 
b'Stocky App Administrator can create a backdoor admin account by using an existing POS User'
24 Aug 2020 timeline
b'Smule' disclosed a bug submitted by b'absshax' 
b'[com.smule.autorap.*] Cloud Messaging/Push Notification service takeover due to clear-text usage of Legacy FCM Server keys in the client app '
24 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'langduvnsec' 
b'STAFF "No-Permissions" on the Store can retrieve the details Order via exchangeReceiptSend'
24 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'nooblife' 
b'*.shopify.com - Authentication bypass'
24 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'meow-hacker-meow' 
b'Subdomain takeover in help.tictail.com pointing to Zendesk (a Shopify acquisition)'
24 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'zwail' 
b'xss stored in https://your store.myshopify.com/admin/'
24 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'jaka_tingkir' 
b'increased privileges on staff account'
24 Aug 2020 timeline
b'Trint Ltd' disclosed a bug submitted by b'dopaminedetox' 
b'SSO bypass in zendesk using trint organization able to leak internal ticket information'
24 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Restricted user is able to delete filter sets of admin users in https://infrastructure.newrelic.com/accounts/{{ACC#}}/settings/filterSets'
24 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'(Prerelease UI) Stored XSS via role name in JSON chart'
24 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Restricted user can view all account invoices, payment method details, PII of account owner through zoura_api endpoints'
24 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'NRQL Query allows restricted user to pull all data from Synthetics monitors without having read permissions enabled '
24 Aug 2020 timeline
1 ... 288 289 290 291 292 ... 756
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM