the unofficial HackerOne disclosure timeline.

X
b'Automattic' disclosed a bug submitted by b'hannanhaseeb' 
b'Denial-of- service By Cache Poisoning The Cross-Origin Resource Sharing Misconfiguration Allow Origin Header'
14 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'chalker' 
b'Arbitrary code execution via untrusted schemas in ajv'
14 Aug 2020 timeline
b'8x8' disclosed a bug submitted by b'testingforbugs' 
b'Default Creds Spring Boot Admin'
14 Aug 2020 timeline
b'Nextcloud' disclosed a bug submitted by b'secconsult' 
b'Missing memory corruption protection on Windows release built'
14 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Stored XSS Via NRQL chartbuilder JSON view '
13 Aug 2020 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'un4gi' 
b'Remote Code Execution via CVE-2019-18935'
13 Aug 2020 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'un4gi' 
b'Path traversal on https://??? allows arbitrary file read (CVE-2020-3452)'
13 Aug 2020 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'they' 
b'https://????? is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Bypass of #447975 - view mobile application token though "Application Information" sidebar on Installation page '
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'IDOR allows accounts to view full name of other accounts based on email through share notes feature'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Restricted user can add and delete tags of APM key transactions '
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Restricted user can remove NerdStorage documents/collections scoped to ACCOUNT or ENTITY'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Restricted user can update Apdex target for applications by leveraging the GraphQL mutation'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b"Account owner/admin can't actually delete personal users' API keys"
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Ability to buy PRO subscriptions by arbitrary reduced prices'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Cross-account reading of Insights dashboards through GraphQL'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b"Restricted user can manage the NerdGraph entities' tags"
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Stored XSS at Synthetics private locations (planted through location label or description)'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Attacker can create new account inside any partnership with no approve from the Partnership owner'
13 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'skavans' 
b'Secure credentials values disclosure to regular users due to access control issue in monitor creating function'
13 Aug 2020 timeline
1 ... 302 303 304 305 306 ... 765
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM