the unofficial HackerOne disclosure timeline.

X
b'Node.js third-party modules' disclosed a bug submitted by b'd3lla' 
b'[object-path-set] Prototype pollution'
20 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'd3lla' 
b'[vboxmanage.js] Command Injection via insecure command concatenation'
20 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'francisbeaudoin' 
b'Ability to generate shipping labels in another store orders'
19 Aug 2020 timeline
b'WakaTime' disclosed a bug submitted by b'harshita174' 
b'Rate Limit too lenient for endpoint sending emails'
19 Aug 2020 timeline
b'Avito' disclosed a bug submitted by b'harshita174' 
b'Missing SPF Records'
19 Aug 2020 timeline
b'Nextcloud' disclosed a bug submitted by b'ja3far' 
b'Denial of Service when entring an Array in email at seetings'
19 Aug 2020 timeline
b'Valve' disclosed a bug submitted by b'gamer7112' 
b"[GoldSrc] RCE via 'spk' Console Command"
19 Aug 2020 timeline
b'Valve' disclosed a bug submitted by b'gamer7112' 
b'[GoldSrc] RCE via malformed BSP file'
19 Aug 2020 timeline
b'Valve' disclosed a bug submitted by b'irukandjisecresearch' 
b"Buffer overflow In hl.exe's launch -game argument allows an attacker to execute arbitrary code locally or from browser"
19 Aug 2020 timeline
b'Yelp' disclosed a bug submitted by b'hk755a' 
b"CRITICAL Insecure Direct Object Reference (I.D.O.R) - Link Other User's Credit Card "
19 Aug 2020 timeline
b'Yelp' disclosed a bug submitted by b'hk755a' 
b"I.D.O.R To Order,Book,Buy,reserve On YELP FOR FREE (UNAUTHORIZED USE OF OTHER USER'S CREDIT CARD)"
19 Aug 2020 timeline
b'Yelp' disclosed a bug submitted by b'hk755a' 
b"I.D.O.R TO EDIT ALL USER'S CREDIT CARD INFORMATION+(Partial credit card info disclosure)"
19 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'ayyoub' 
b'Password reset link not expired at Stocky App'
18 Aug 2020 timeline
b'Starbucks' disclosed a bug submitted by b'rexvuz' 
b'Korea - Reflected XSS on https://www.istarbucks.co.kr/app/getGiftStock.do via "skuNo" and "skuImgUrl" parameters'
18 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'tolo7010' 
b'Some store settings/data are accessible to "No Access" permission users on GraphQL LiveView operation'
18 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'jmp_35p' 
b'Get analytics token using only apps permission'
18 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'sreeju_kc' 
b'OrderListInitial leaks order details'
18 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'jaka_tingkir' 
b'access permission is not revoked even if the email has been deleted or changed on the partner account -partners.shopify-'
18 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'rioncool22' 
b'Blind Stored XSS Via Staff Name'
18 Aug 2020 timeline
b'WordPress' disclosed a bug submitted by b'simonscannell' 
b'Stored XSS in Post Preview as Contributor'
18 Aug 2020 timeline
1 ... 299 300 301 302 303 ... 764
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM