the unofficial HackerOne disclosure timeline.

X
b'Mail.ru' disclosed a bug submitted by b'iframe' 
b'IDOR ????????? ???????? ?????????? ? ????????????.'
01 Sep 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'organdonor' 
b'Access to information about any video and its owner via GraphQL endpoint [dictor.mail.ru]'
01 Sep 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'pisarenko' 
b' [self?] XSS ? ?????? ???????????? [sbermarket.ru]'
31 Aug 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'jianjun' 
b'An implementation flaw in Mail.ru can be exploited for DKIM signature spoofing and email spoofing'
31 Aug 2020 timeline
b'QIWI' disclosed a bug submitted by b'honoki' 
b'DOM XSS triggered in secure support desk'
31 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'bp0lr' 
b'[hangersteak] Web Server Directory Traversal via Crafted GET Request'
30 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'bp0lr' 
b'[sirloin] Web Server Directory Traversal via Crafted GET Request'
30 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'zerox4' 
b'XSS Stored via Upload avatar PNG [HTML] File in accounts.shopify.com'
30 Aug 2020 timeline
b'WakaTime' disclosed a bug submitted by b'hy76t56f565' 
b'Private leaderboard owner email disclosure when sending invites'
28 Aug 2020 timeline
b'Slack' disclosed a bug submitted by b'oskarsv' 
b'Remote Code Execution in Slack desktop apps + bonus'
28 Aug 2020 timeline
b'WordPress' disclosed a bug submitted by b'kahoots' 
b'XSS via unicode characters in upload filename'
28 Aug 2020 timeline
b'Qulture.Rocks' disclosed a bug submitted by b'wisp' 
b'XSS from arbitrary attachment upload.'
28 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'saltymermaid' 
b'Ability to publish a paid theme without purchasing it.'
27 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'saltymermaid' 
b'Ability to publish a paid theme without purchasing it.'
27 Aug 2020 timeline
b'Khan Academy' disclosed a bug submitted by b'demonia' 
b'CSV Injection Via Student Password/Name Leads To Client Side RCE And Reading Client Files'
27 Aug 2020 timeline
b'Ruby on Rails' disclosed a bug submitted by b'jregele' 
b'The authenticity_token can be reversed and used to forge valid per_form_csrf_tokens for arbitrary routes'
27 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'phra' 
b'notevil - Sandbox Escape Lead to RCE on Node.js and XSS in the Browser'
27 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'chalker' 
b'[bl] Uninitialized memory exposure via negative .consume()'
27 Aug 2020 timeline
b'Open-Xchange' disclosed a bug submitted by b'catenacyber' 
b'Failed assert in `mail_index_transaction_lookup`'
27 Aug 2020 timeline
b'Open-Xchange' disclosed a bug submitted by b'catenacyber' 
b'Assert failed in `edit_mail_istream_read`'
27 Aug 2020 timeline
1 ... 299 300 301 302 303 ... 768
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM