Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,244
CVE-linked
1,864
Programs
343
New This Week
24
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 657 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Subdomain takeover on mta1a1.spmail.uber.com
Uber Improper Access Control - Generic (CWE-284)
Medium
2020-04-06
Change the rating of any trip, therefore change the average driver rating
Uber Business Logic Errors (CWE-840)
Medium
2020-04-06
Open Redirect filter bypass through '\' character via URL parameter
Myndr Open Redirect (CWE-601)
Medium
2020-04-06
[crm.unikrn.com] Open Redirect
Unikrn Open Redirect (CWE-601)
Medium
2020-04-05
Information Disclosure Microsoft IIS Server service.cnf in a mtn website
MTN Group Information Disclosure (CWE-200)
Medium
2020-04-03
Information Disclosure FrontPage Configuration Information /_vti_inf.html in https://www.mtn.co.za/
MTN Group Improper Access Control - Generic (CWE-284)
Medium
2020-04-03
IDOR in marketing calendar tool
Semrush Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2020-04-02
Relative Path Vulnerability Results in Arbitrary Command Execution/Privilege Escalation
Slack Command Injection - Generic (CWE-77)
Medium
2020-04-01
Able to Takeover Merchants Accounts Even They Have Already Setup SSO, After Bypassing the Email Confirmation
Shopify
Medium
2020-04-01
UniFi Video v3.10.1 (Windows) Local Privileges Escalation to SYSTEM from arbitrary filedelete and DLL hijack vulnerabilities.
Ubiquiti Inc. Privilege Escalation (CAPEC-233)CVE-2020-8146
Medium
2020-04-01
API Keys Hardcoded in Github repository
Rocket.Chat Use of Hard-coded Credentials (CWE-798)
Medium
2020-04-01
Lets Encrypt Certificates affected by CAA Rechecking Incident
Endless Group Improper Certificate Validation (CWE-295)
Medium
2020-04-01
Unrestricted File Upload on https://app.lemlist.com
lemlist Unrestricted Upload of File with Dangerous Type (CWE-434)
Medium
2020-04-01
SSRF via 3d.cs.money/pasteLinkToImage
CS Money Server-Side Request Forgery (SSRF) (CWE-918)
Medium
2020-03-31
[www.drive2.ru] CSRF through FCTX token bypass
DRIVE.NET, Inc. Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2020-03-31
Отправка подарков/стикерпаков не теряя голоса.
VK.com
Medium
2020-03-28
User input validation can lead to DOS
X / xAI Uncontrolled Resource Consumption (CWE-400)
Medium
2020-03-26
XSRF Token is Not being validated when sending emails test request which lead to CSRF attack using the flash file + 307 redirect technique
Stripo Inc Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2020-03-25
Strored Xss on https://my.stripo.email/ ( multiple inputs)
Stripo Inc Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2020-03-25
profile-picture name parameter with large value lead to DoS for other users and programs on the platform
HackerOne Uncontrolled Resource Consumption (CWE-400)
Medium
2020-03-25
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609 $1,500
Nextcloud583
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239