Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,240
CVE-linked
1,863
Programs
342
New This Week
20
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 657 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
h1 hacky holidays CTF solution
h1-ctf Buffer Over-read (CWE-126)
Critical
2021-01-11
H1 Hackyholidays CTF - The Grinch was defeated
h1-ctf
Critical
2021-01-11
Infiltrating into Grinch-Networks and saving Christmas!
h1-ctf Server-Side Request Forgery (SSRF) (CWE-918)
Critical
2021-01-11
A Visit from The Grinch ~ 'Twas the night before Hackmas...
h1-ctf Improper Access Control - Generic (CWE-284)
Critical
2021-01-11
Grinch Networks compromised!
h1-ctf
Critical
2021-01-11
Grinch-Networks taken down - hacky holidays CTF
h1-ctf Improper Restriction of Authentication Attempts (CWE-307)
Critical
2021-01-11
How The Hackers Saved Christmas
h1-ctf Information Disclosure (CWE-200)
Critical
2021-01-11
[ Hacky Holidays CTF ] Completely taken down the Grinch Networks
h1-ctf Server-Side Request Forgery (SSRF) (CWE-918)
Critical
2021-01-11
12 Days of CTF Walkthroughs
h1-ctf Server-Side Request Forgery (SSRF) (CWE-918)
Critical
2021-01-11
[CTF] I've DDoSed Grinch Network
h1-ctf Uncontrolled Resource Consumption (CWE-400)
Critical
2021-01-11
SSRF via maliciously crafted URL due to host confusion
curl Server-Side Request Forgery (SSRF) (CWE-918)CVE-2018-3774
Critical
2021-01-08
SAML authentication bypass through unauthenticated `addSamlProvider` Meteor Call
Rocket.Chat Improper Access Control - Generic (CWE-284)CVE-2020-29594
Critical
2021-01-08
Other misconfiguration on Slack Server
ImpressCMS Authentication Bypass Using an Alternate Path or Channel (CWE-288)
Critical
2021-01-04
XSS leads to RCE on the RocketChat desktop client.
Rocket.Chat OS Command Injection (CWE-78)
Critical
2021-01-01
[intensedebate.com] SQL Injection Time Based on /changeReplaceOpt.php
Automattic SQL Injection (CWE-89)
Critical
2021-01-01
[intensedebate.com] SQL Injection Time Based On /js/commentAction/
Automattic SQL Injection (CWE-89)
Critical
2021-01-01
SQL Injection Union Based
Automattic
Critical
2021-01-01
Blind XSS on image upload
CS Money Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2020-12-26
Отправка писем с произвольным текстом/кликабельными ссылками любому зарегистрированному пользователю с указанной почтой, зная только steamid
CS Money Reliance on Cookies without Validation and Integrity Checking in a Security Decision (CWE-784)
Critical
2020-12-20
Admin Reseller Account Disclosure
8x8 Information Disclosure (CWE-200)
Critical
2020-12-15
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609 $1,500
Nextcloud583
Shopify464
curl455
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239