Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'80 
b'linkks'75 
b'jobert'70 
b'someonenobbd'62 
b'nyymi'58 
b'ooooooo_q'52 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'Nextcloud' disclosed a bug submitted by b'st0nzyy' 
b'Admins can change authentication details of user configured external storage'
21 Dec 2023 timeline
b'Ruby' disclosed a bug submitted by b'z2_' 
b"DoS in bigdecimal's sqrt function due to miscalculation of loop iterations"
20 Dec 2023 timeline
b'Zendesk' disclosed a bug submitted by b'cybxis' 
b'Privilege escalation - Support-Contributor to Support and Product Admin via `/api/v2/` . No ADMIN PRIVILEGE required.'
18 Dec 2023 timeline
b'Mozilla Core Services' disclosed a bug submitted by b'yakirka' 
b"Mozilla Employee's Token for sql.telemetry.mozilla.org Exposed in Git Commit"
18 Dec 2023 timeline
b'Nextcloud' disclosed a bug submitted by b'spell1' 
b'App PIN code can be bypassed in Files iOS'
18 Dec 2023 timeline
b'Liberapay' disclosed a bug submitted by b'mdivecky' 
b'Avatar URL is exposed in patron export for secret donations'
15 Dec 2023 timeline
b'HackerOne' disclosed a bug submitted by b'archangel' 
b'How the Arch Angel stole Live Events'
15 Dec 2023 timeline
b'CS Money' disclosed a bug submitted by b'benjamin-mauss' 
b'Able to blocking users with 2fa from login into their accounts by just knowing the SteamID'
14 Dec 2023 timeline
b'EXNESS' disclosed a bug submitted by b'ashwarya' 
b'Unrestricted Access to Celery Flower Instance'
14 Dec 2023 timeline
b'Ruby' disclosed a bug submitted by b'dee-see' 
b"URI parser's RFC3986 regular expression has poor performance when there are two # characters, leading to ReDoS"
13 Dec 2023 timeline
b'Daimler Truck' disclosed a bug submitted by b'abhhinavsecondary' 
b'Default credential to login at site management panel'
12 Dec 2023 timeline
b'Valve' disclosed a bug submitted by b'xpaw' 
b'Web API key registration allows registering multiple keys by reusing `request_id` '
12 Dec 2023 timeline
b'HackerOne' disclosed a bug submitted by b'mega7' 
b'Server Side Request Forgery (SSRF) via Analytics Reports'
08 Dec 2023 timeline
b'Glassdoor' disclosed a bug submitted by b'saboorhakimi' 
b'Web Cache Deception'
08 Dec 2023 timeline
b'CS Money' disclosed a bug submitted by b'smalx' 
b'Authentication Bypass to (CVE-2023-2982)'
08 Dec 2023 timeline
b'HackerOne' disclosed a bug submitted by b'byq' 
b'Private program name disclosure in the invitation mail for another program'
08 Dec 2023 timeline
b'curl' disclosed a bug submitted by b'cxshakal' 
b'CVE-2023-46219: HSTS long file name clears contents'
08 Dec 2023 timeline
b'Internet Bug Bounty' disclosed a bug submitted by b'p4fg' 
b'Misconfiguration in AWS CloudFront CDN configuration makes rubygems.org serve (and cache) content from a unclaimed S3-bucket'
07 Dec 2023 timeline
b'LinkedIn' disclosed a bug submitted by b'tushar6378' 
b'User Details Can Be Disclosed Even If The Account IS In Hibernation State'
06 Dec 2023 timeline
b'LinkedIn' disclosed a bug submitted by b'marvelmaniac' 
b'CSRF that makes any linkedin user follow attacker controlled accounts by simply clicking https://www.linkedin.com/comm/mynetwork/discovery-see-all/*'
06 Dec 2023 timeline
1 ... 48 49 50 51 52 ... 730
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM