the unofficial HackerOne disclosure timeline.

X
b'SEMrush' disclosed a bug submitted by b'nikitastupin' 
b'[oauth token leak] at oauth.semrush.com'
17 Apr 2018 timeline
b'ICQ' disclosed a bug submitted by b'catferq' 
b'XSS ? ???? ??? ??????? ? ????????.'
16 Apr 2018 timeline
b'ICQ' disclosed a bug submitted by b'catferq' 
b'XSS ? ???????? ????????'
16 Apr 2018 timeline
b'Zomato' disclosed a bug submitted by b'foobar7' 
b'Clickjacking: Delete Account, Change privacy settings, Rate business, follow/unfollow (IE)'
15 Apr 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'holyvier' 
b'Prototype pollution attack (merge-objects)'
15 Apr 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'holyvier' 
b'Prototype pollution attack (merge-options)'
15 Apr 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'holyvier' 
b'Prototype pollution attack (merge-recursive)'
15 Apr 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'holyvier' 
b'Prototype pollution attack (deep-extend)'
15 Apr 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'holyvier' 
b'Prototype pollution attack (deap)'
15 Apr 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'bl4de' 
b'[glance] Stored XSS via file name allows to run arbitrary JavaScript when directory listing is displayed in browser'
15 Apr 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'bl4de' 
b'[public] Stored XSS in filenames in directory served by public'
15 Apr 2018 timeline
b'concrete5' disclosed a bug submitted by b'r3naissance' 
b"'cnvID' parameter vulnerable to Insecure Direct Object References"
15 Apr 2018 timeline
b'Automattic' disclosed a bug submitted by b'mattaustin' 
b'Remote Code Execution in Wordpress Desktop'
14 Apr 2018 timeline
b'Zomato' disclosed a bug submitted by b'hacker_one_one' 
b'URL is vulnerable to clickjacking'
14 Apr 2018 timeline
b'Imgur' disclosed a bug submitted by b'protector47' 
b'Information disclosure (No rate limting in forgot password & other login)'
14 Apr 2018 timeline
b'LocalTapiola' disclosed a bug submitted by b'putsi' 
b'Flash-based XSS on mediaelement-flash-audio-ogg.swf of www.lahitapiolarahoitus.fi'
13 Apr 2018 timeline
b'Upserve ' disclosed a bug submitted by b'paresh_parmar' 
b'Blind stored xss in demo form'
12 Apr 2018 timeline
b'Mail.Ru' disclosed a bug submitted by b'101usb' 
b'[tanks.mail.ru] Open Redirect'
12 Apr 2018 timeline
b'Shopify' disclosed a bug submitted by b'newbie_101' 
b'Order notifications being sent for a deactivated staff account'
12 Apr 2018 timeline
b'LocalTapiola' disclosed a bug submitted by b'tan_stream' 
b'The parameter in the POST query allows to control size of returned page which in turn can lead to the potential DOS attack'
11 Apr 2018 timeline
1 ... 496 497 498 499 500 ... 766
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM