Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'80 
b'linkks'75 
b'jobert'70 
b'someonenobbd'62 
b'nyymi'58 
b'ooooooo_q'52 
b'haxta4ok00'49 
b'jon_bottarini'49 

the unofficial HackerOne disclosure timeline.

X
b'Mars' disclosed a bug submitted by b'b_i_n_i_a_m' 
b'Sqli on search functionality'
25 Jun 2024 timeline
b'Mars' disclosed a bug submitted by b'blax17' 
b'Reflected xss on '
25 Jun 2024 timeline
b'Mars' disclosed a bug submitted by b'dr34m14' 
b'CSRF resulting in adding pet at '
25 Jun 2024 timeline
b'Mars' disclosed a bug submitted by b'haoshokunoo' 
b'Account takeover using reset password link'
25 Jun 2024 timeline
b'Booking.com' disclosed a bug submitted by b'jub0bs' 
b'Subdomain takeover of ci-support.booking.com (pointing to Zendesk)'
25 Jun 2024 timeline
b'Kubernetes' disclosed a bug submitted by b'jub0bs' 
b'monitoring.prow-canary.k8s.io is vulnerable to CVE-2022-21703 (Grafana 0-day)'
25 Jun 2024 timeline
b'Ruby on Rails' disclosed a bug submitted by b'ooooooo_q' 
b'DoS with crafted "Range" header'
25 Jun 2024 timeline
b'IBM' disclosed a bug submitted by b'samurai_jack0' 
b'S3 Bucket Takeover on apptio endpoint'
21 Jun 2024 timeline
b'HackerOne' disclosed a bug submitted by b'ketr0it' 
b'Ability to identify actual private from sandboxed programs using link hackerone.com/$handle/terms_acceptance_data.csv'
20 Jun 2024 timeline
b'Nextcloud' disclosed a bug submitted by b'maholli' 
b'Notes app can be tricked into using a received share created before the user logged in'
19 Jun 2024 timeline
b'Tools for Humanity' disclosed a bug submitted by b'lauritz' 
b'[Meetup][World ID][OIDC] Insufficient Filtering of "state" Parameter in Response Mode form_post leads to XSS and ATO'
19 Jun 2024 timeline
b'HackerOne' disclosed a bug submitted by b'v0id1' 
b'Program Member Could Duplicate Report To A Non Related Program Original Report '
19 Jun 2024 timeline
b'curl' disclosed a bug submitted by b'z2_' 
b'NULL dereference when encoding DN of x509 certificate'
19 Jun 2024 timeline
b'HackerOne' disclosed a bug submitted by b'iam_srpk' 
b'"package_name" can be set as desired when submitting a Pentest Opportunity form'
19 Jun 2024 timeline
b'HackerOne' disclosed a bug submitted by b'japz' 
b'[IDOR] Improper Access Control on Embedded Submission Form'
19 Jun 2024 timeline
b'Enjin' disclosed a bug submitted by b'19whoami19' 
b'Cloudflare /cdn-cgi/ path allows resizing images from unauthorised sources on enjinusercontent.com'
19 Jun 2024 timeline
b'HackerOne' disclosed a bug submitted by b'0x999' 
b'Ability to bulk submit reports via query named based batching'
19 Jun 2024 timeline
b'LinkedIn' disclosed a bug submitted by b'find_me_here' 
b'Attackers can *Upgrade and claim offer* on the Premium Trial Subscription with a total price of *IDR0.00* from the original *IDR7,022,061.82*'
18 Jun 2024 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'sp1d3rs' 
b'[HTAF4-213] [Pre-submission] HTTPOnly session cookie exposure on the /csstest endpoint'
18 Jun 2024 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'sp1d3rs' 
b'Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https:// ()'
18 Jun 2024 timeline
1 ... 30 31 32 33 34 ... 729
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM