REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
80
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
56
b'ooooooo_q'
50
b'jon_bottarini'
49
b'haxta4ok00'
48
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'HackerOne'
disclosed a bug submitted by
b'marvelmaniac'
b'An attacker can submit a Pentest Opportunity and change the status of the opportunity from submitted to in_review or reviewed'
04 Jan 2024
b'GitHub'
disclosed a bug submitted by
b'archangel'
b'[PATs] Ability to leak comments from issues without ANY "Issues" repo permissions by utilizing "Pull Request" permissions'
03 Jan 2024
b'GitHub'
disclosed a bug submitted by
b'archangel'
b'[PATs] Token with Read-Only permissions on Issues able to modify issue comments using content write permission'
03 Jan 2024
b'TikTok'
disclosed a bug submitted by
b'sinayeganeh'
b"1 Click to 'Close Account and Refund' via POSTMESSAGE"
03 Jan 2024
b'Teleport'
disclosed a bug submitted by
b'technolord1292'
b'Improper session management - Failure to invalidate old session after password change'
02 Jan 2024
b'curl'
disclosed a bug submitted by
b'dinesh_b'
b'Buffer Overflow Vulnerability in WebSocket Handling'
02 Jan 2024
b'Nextcloud'
disclosed a bug submitted by
b'retr02332'
b'DNS pin middleware can be tricked into DNS rebinding allowing SSRF'
01 Jan 2024
b'MTN Group'
disclosed a bug submitted by
b'zer0code'
b'Remote code execution via crafted pentaho report uploaded using default credentials for pentaho business server'
31 Dec 2023
b'Teleport'
disclosed a bug submitted by
b'moaz219'
b'access list owner can escalate his role to the highest roles'
29 Dec 2023
b'Nextcloud'
disclosed a bug submitted by
b'lukasreschke'
b'RCE on Wordpress website'
28 Dec 2023
b'Automattic'
disclosed a bug submitted by
b'sodium_'
b'Authentication bypass on JetPack SSO manager - Allows to access the administration panel of wordpress without user interaction'
28 Dec 2023
b'Khan Academy'
disclosed a bug submitted by
b'grassye'
b'Text Injection/ Content Spoofing on https://cloud.e.khanacademy.org by breaking out of input tag.'
22 Dec 2023
b'Internet Bug Bounty'
disclosed a bug submitted by
b'aimotonorihito'
b'Possibility of Request smuggling attack'
22 Dec 2023
b'Internet Bug Bounty'
disclosed a bug submitted by
b'nyymi'
b'curl cookie mixed case PSL bypass'
22 Dec 2023
b'Internet Bug Bounty'
disclosed a bug submitted by
b'hkario'
b'OpenSSL vulnerable to the Marvin Attack (CVE-2022-4304)'
21 Dec 2023
b'Kubernetes'
disclosed a bug submitted by
b'tomerpeled92'
b'CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes'
21 Dec 2023
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'fdeleite'
b'RCE in [CVE-2021-26084]'
21 Dec 2023
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'fdeleite'
b'Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)'
21 Dec 2023
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'fdeleite'
b'RCE on [CVE-2021-26084]'
21 Dec 2023
b'U.S. Dept Of Defense'
disclosed a bug submitted by
b'maskedpersian'
b'IDOR to delete profile images in https:'
21 Dec 2023
1
...
34
35
36
37
38
...
717
BY DENIS WERNER - @NOBBD -
IMPRESSUM
