the unofficial HackerOne disclosure timeline.

X
b'Node.js third-party modules' disclosed a bug submitted by b'd3lla' 
b'[extra-asciinema] Command Injection via insecure command formatting'
22 Aug 2020 timeline
b'Yelp' disclosed a bug submitted by b'hk755a' 
b'CRITICAL-CLICKJACKING at Yelp Reservations Resulting in exposure of victim Private Data (Email info) + Victim Credit Card MissUse. '
21 Aug 2020 timeline
b'Yelp' disclosed a bug submitted by b'hk755a' 
b'ClickJacking on IMPORTANT Functions of Yelp'
21 Aug 2020 timeline
b'Yelp' disclosed a bug submitted by b'hk755a' 
b'Unauthorized Use of Victim Credit Card'
21 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'vbdev' 
b'Django debug enabled showing information about system, database, configuration files.'
21 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'higbee' 
b'Django should not have debug mode enabled'
21 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'exploit_db' 
b'Sensitive Information Disclosure'
21 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'awarau' 
b'Prototype Pollution lodash 4.17.15'
21 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'aungkyawphyo' 
b'Django DEBUG mode enabled and leaked system information.'
21 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'try___for_impossible' 
b'Information Disclosure through DEBUG at Subscription [https://app.dropcontact.io/app/subscription?connector=salesforce](CRITICAL)'
21 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'elmahdi' 
b'Registering with email [ +70 Chars ] Lead to Disclose some informations [Django Debug Mode ]'
21 Aug 2020 timeline
b'GitHub Security Lab' disclosed a bug submitted by b'someonenobbd' 
b'Java: CWE-522 Insecure basic authentication'
20 Aug 2020 timeline
b'GitHub Security Lab' disclosed a bug submitted by b'someonenobbd' 
b'[javascript] CWE-117: CodeQL query to detect Log Injection'
20 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'n1m0' 
b"Dropcontact's disclosed report is exposing Private/Confidential information"
20 Aug 2020 timeline
b'DuckDuckGo' disclosed a bug submitted by b'sijisu' 
b'DOM XSS on duckduckgo.com search'
20 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'try___for_impossible' 
b"API key is not validated for C.R.M integration [Pipedrive] of LOGGED IN USER, A user can use another USER'S API key for this operation."
20 Aug 2020 timeline
b'Twitter' disclosed a bug submitted by b'filedescriptor' 
b'Insufficient validation on Digits bridge'
20 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'0x1337r00t' 
b'[supermixer] Prototype pollution'
20 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'd3lla' 
b'[extra-ffmpeg] Command Injection via insecure command formatting'
20 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'd3lla' 
b'[object-path-set] Prototype pollution'
20 Aug 2020 timeline
1 ... 302 303 304 305 306 ... 768
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM