Top10 publishers:
bobrov114 
linkks74 
geeknik71 
sp1d3rs62 
jobert54 
guido45 Twitter
bl4de42 
ryat40 
bigbear_38 
zombiehelp5437 Twitter

the unofficial HackerOne disclosure timeline.

X
Starbucks disclosed a bug submitted by gamer7112 
DOM XSS on app.starbucks.com via ReturnUrl
17 Mar 2020 timeline
Mail.ru disclosed a bug submitted by circuit 
[https://seosan.io] Account owner disclosure
16 Mar 2020 timeline
Shopify disclosed a bug submitted by mosuan 
Timeline Editor Self-XSS (Previous Fix #738072 Incomplete)
16 Mar 2020 timeline
Node.js third-party modules disclosed a bug submitted by visat 
[htmr] DOM-based XSS
15 Mar 2020 timeline
Nextcloud disclosed a bug submitted by foobar7 
SSRF protection bypass
14 Mar 2020 timeline
Nextcloud disclosed a bug submitted by teaport 
Only the file extensions are checked, not the MIME types as configured
14 Mar 2020 timeline
Nextcloud disclosed a bug submitted by beched 
Docker image with FPM is vulnerable to CVE-2019-11043
14 Mar 2020 timeline
Khan Academy disclosed a bug submitted by jamesconnor 
Information can be changed without a password
14 Mar 2020 timeline
Twitter disclosed a bug submitted by safehacker_27 
Accepting error message on twitter sends you to attacker site
13 Mar 2020 timeline
Mail.ru disclosed a bug submitted by hackervision 
Brute-force any email account through allods.mail.ru
13 Mar 2020 timeline
Ping Identity disclosed a bug submitted by jackb898 
Internal Hostname disclosure from multiple Apache servers via blank host header method
12 Mar 2020 timeline
Twitter disclosed a bug submitted by meepmerp 
lack of input validation that can lead Denial of Service (DOS)
12 Mar 2020 timeline
TTS Bug Bounty disclosed a bug submitted by nathand 
Cache poisoning DoS to various TTS assets
12 Mar 2020 timeline
BCM Messenger disclosed a bug submitted by namunah 
Account Takeover with old password and login QR
12 Mar 2020 timeline
Revive Adserver disclosed a bug submitted by hoangn144 
bypass old password with array in /admin/account-user-email.php
12 Mar 2020 timeline
Revive Adserver disclosed a bug submitted by hoangn144 
Open redirection bypass in /www/admin/campaign-modify.php
12 Mar 2020 timeline
HackerOne disclosed a bug submitted by tolo7010 
Disabled account can still use GraphQL endpoint
12 Mar 2020 timeline
Slack disclosed a bug submitted by defparam 
Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies
12 Mar 2020 timeline
Slack disclosed a bug submitted by sandrogauci 
Slack DTLS uses a private key that is in the public domain, which may lead to SRTP stream hijack
12 Mar 2020 timeline
Slack disclosed a bug submitted by sandrogauci 
TURN server allows TCP and UDP proxying to internal network, localhost and meta-data services
12 Mar 2020 timeline
1 2 3 4 5 6 ... 417
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM