Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'80 
b'linkks'75 
b'jobert'70 
b'someonenobbd'62 
b'nyymi'56 
b'ooooooo_q'50 
b'jon_bottarini'49 
b'haxta4ok00'48 

the unofficial HackerOne disclosure timeline.

X
b'U.S. Dept Of Defense' disclosed a bug submitted by b'pizzapower' 
b'RCE via File Upload with a Null Byte Truncated File Extension at https:///'
21 Dec 2023 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'qu1nten' 
b'[] RXSS via "CurrentFolder" parameter'
21 Dec 2023 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'maskedpersian' 
b'Default Admin Username and Password on '
21 Dec 2023 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'devdevrl' 
b'Unauthorized access to Argo dashboard on '
21 Dec 2023 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'r00tdaddy' 
b'Unauthenticated File Read Adobe ColdFusion'
21 Dec 2023 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'0r10nh4ck' 
b'Adobe ColdFusion Access Control Bypass - CVE-2023-38205'
21 Dec 2023 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'roland_hack' 
b'Elasticsearch is currently open without authentication on https://l'
21 Dec 2023 timeline
b'Nextcloud' disclosed a bug submitted by b'max_nextcloud' 
b'Self XSS when pasting HTML into Text app with Ctrl+Shift+V'
21 Dec 2023 timeline
b'Nextcloud' disclosed a bug submitted by b'st0nzyy' 
b'Admins can change authentication details of user configured external storage'
21 Dec 2023 timeline
b'Ruby' disclosed a bug submitted by b'z2_' 
b"DoS in bigdecimal's sqrt function due to miscalculation of loop iterations"
20 Dec 2023 timeline
b'Zendesk' disclosed a bug submitted by b'cybxis' 
b'Privilege escalation - Support-Contributor to Support and Product Admin via `/api/v2/` . No ADMIN PRIVILEGE required.'
18 Dec 2023 timeline
b'Mozilla Core Services' disclosed a bug submitted by b'yakirka' 
b"Mozilla Employee's Token for sql.telemetry.mozilla.org Exposed in Git Commit"
18 Dec 2023 timeline
b'Nextcloud' disclosed a bug submitted by b'spell1' 
b'App PIN code can be bypassed in Files iOS'
18 Dec 2023 timeline
b'Liberapay' disclosed a bug submitted by b'mdivecky' 
b'Avatar URL is exposed in patron export for secret donations'
15 Dec 2023 timeline
b'HackerOne' disclosed a bug submitted by b'archangel' 
b'How the Arch Angel stole Live Events'
15 Dec 2023 timeline
b'CS Money' disclosed a bug submitted by b'benjamin-mauss' 
b'Able to blocking users with 2fa from login into their accounts by just knowing the SteamID'
14 Dec 2023 timeline
b'EXNESS' disclosed a bug submitted by b'ashwarya' 
b'Unrestricted Access to Celery Flower Instance'
14 Dec 2023 timeline
b'Ruby' disclosed a bug submitted by b'dee-see' 
b"URI parser's RFC3986 regular expression has poor performance when there are two # characters, leading to ReDoS"
13 Dec 2023 timeline
b'Daimler Truck' disclosed a bug submitted by b'abhhinavsecondary' 
b'Default credential to login at site management panel'
12 Dec 2023 timeline
b'Valve' disclosed a bug submitted by b'xpaw' 
b'Web API key registration allows registering multiple keys by reusing `request_id` '
12 Dec 2023 timeline
1 ... 35 36 37 38 39 ... 717
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM