Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,222
CVE-linked
1,855
Programs
342
New This Week
3
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
UrnState Heap Overflow
Internet Bug Bounty Classic Buffer Overflow (CWE-120)CVE-2019-12526
Critical
2021-08-26
URN Request bypass ACL Checks
Internet Bug Bounty Improper Access Control - Generic (CWE-284)CVE-2019-12523
Critical
2021-08-26
Cache Manager ACL Bypass
Internet Bug Bounty Authentication Bypass Using an Alternate Path or Channel (CWE-288)CVE-2019-12524
Critical
2021-08-26
Squid as reverse proxy RCE and data leak
Internet Bug Bounty Classic Buffer Overflow (CWE-120)
Critical
2021-08-26
CVE-2020-10938-buffer overflow/out-of-bounds write in compress.c:HuffmanDecodeImage()
Internet Bug Bounty Heap Overflow (CWE-122)CVE-2020-10938
Critical
2021-08-22
Several protocol parsers in before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal()
Internet Bug Bounty Classic Buffer Overflow (CWE-120)
Critical
2021-08-22
2x Remote file inclusion within your VMware Instances
MTN Group Remote File Inclusion (CWE-98)
Critical
2021-08-19
Blind SQL Injection
MTN Group SQL Injection (CWE-89)
Critical
2021-08-14
Modify in-flight data to payment provider Smart2Pay
Valve Business Logic Errors (CWE-840)
Critical
2021-08-10
url redirection
UPchieve Open Redirect (CWE-601)
Critical
2021-07-30
Exposed Kubernetes API - RCE/Exposed Creds
Snapchat OS Command Injection (CWE-78)
Critical
2021-07-29
Publicly accessible Continuous Integration Tool
Snapchat Improper Access Control - Generic (CWE-284)
Critical
2021-07-29
Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████
U.S. Dept Of Defense File and Directory Information Exposure (CWE-538)CVE-2019-11510CVE-2019-11542CVE-2019-11539CVE-2019-11538CVE-2019-11508CVE-2019-11540
Critical
2021-07-29
SQL Injection on the administrator panel
MTN Group SQL Injection (CWE-89)
Critical
2021-07-29
blind sql on [ https://argocd.upchieve.org/login?return_url=id= ]
UPchieve SQL Injection (CWE-89)
Critical
2021-07-28
Github access token exposure
Shopify
Critical
2021-07-26
Blind XSS on Twitter's internal Big Data panel at █████████████
X / xAI Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2021-07-09
Arbitrary Code Execution via npm misconfiguration – installing internal libraries from the public registry
LY Corporation Code Injection (CWE-94)
Critical
2021-07-05
Unauthorized access to admin panel of the Questionmark Perception system at https://██████████
U.S. Dept Of Defense Improper Access Control - Generic (CWE-284)
Critical
2021-06-30
PIN bypass
MyEtherWallet Improper Authentication - Generic (CWE-287)
Critical
2021-06-29
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl440
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239