the unofficial HackerOne disclosure timeline.

X
b'Starbucks' disclosed a bug submitted by b'moonlight323' 
b'Norway - store.starbucks.no - CSRF on email change'
23 Jan 2020 timeline
b'Badoo' disclosed a bug submitted by b'oo7hacker3' 
b'The login of Hotor Not is Vulnerable to bruteforce.'
23 Jan 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'skyn3t' 
b'[klona] Prototype pollution'
23 Jan 2020 timeline
b'8x8' disclosed a bug submitted by b'0xelkomy' 
b'Disclosure of Users Information On Wordpress Api [https://jitsi.org/]'
23 Jan 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'agametov' 
b'Boolean-based SQL Injection on relap.io'
22 Jan 2020 timeline
b'Lyst' disclosed a bug submitted by b'parzel' 
b'Subdomain takeover of storybook.lystit.com'
22 Jan 2020 timeline
b'Polymail, Inc.' disclosed a bug submitted by b'0xskull' 
b'Metadata leakage via IDOR'
22 Jan 2020 timeline
b'Mapbox' disclosed a bug submitted by b'renekroka' 
b'Stored XSS | api.mapbox.com | IE 11 | Styles name'
21 Jan 2020 timeline
b'MariaDB' disclosed a bug submitted by b'hanno' 
b'Ubuntu/Debian installation method allows key poisoning and code execution for network attacker'
21 Jan 2020 timeline
b'Revive Adserver' disclosed a bug submitted by b'jacopotediosi' 
b'Reflected XSS on www/delivery/afr.php'
21 Jan 2020 timeline
b'GitLab' disclosed a bug submitted by b'ooooooo_q' 
b'Double linking cause XSS (but blokeced by CSP in gitlab.com)'
20 Jan 2020 timeline
b'MobiSystems Ltd.' disclosed a bug submitted by b'kickino' 
b'open Firebase Database: msdict-dev.firebaseio.com'
20 Jan 2020 timeline
b'NordVPN' disclosed a bug submitted by b'nickelheck' 
b'Open redirect'
18 Jan 2020 timeline
b'Bumble' disclosed a bug submitted by b'0x3c3e' 
b'Bruteforce password recovery code'
18 Jan 2020 timeline
b'Vanilla' disclosed a bug submitted by b'h1_squirtle' 
b'Abusing "Report as abuse" functionality to delete any user\'s post.'
18 Jan 2020 timeline
b'Yelp' disclosed a bug submitted by b'md15ev' 
b'DoS of https://blog.yelp.com/ and other WP instances via CVE-2018-6389'
17 Jan 2020 timeline
b'Smule' disclosed a bug submitted by b'so_h1' 
b'Open redirect bypass & SSRF Security Vulnerability'
17 Jan 2020 timeline
b'DRIVE.NET, Inc.' disclosed a bug submitted by b'konqi' 
b'???????? XSS ? Business-????????, ?? ???????? ????????'
17 Jan 2020 timeline
b'Razer' disclosed a bug submitted by b'sambal0x' 
b"[Razer Pay Mobile App] Broken access control allowing other user's bank account to be deleted"
16 Jan 2020 timeline
b'Razer' disclosed a bug submitted by b'st00rm' 
b'Through blocking the redirect in /* the attacker able to bypass Authentication To see Sensitive Data sush as Game Keys , Emails ,..'
16 Jan 2020 timeline
1 ... 367 368 369 370 371 ... 768
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM