Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,248
CVE-linked
1,864
Programs
343
New This Week
16
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Race condition via project team member invitation system.
Enjin Business Logic Errors (CWE-840)
Low
2022-06-17
xmlrpc file enabled
Yelp Information Disclosure (CWE-200)
Low
2022-06-16
curl "globbing" can lead to denial of service attacks
curl Uncontrolled Resource Consumption (CWE-400)
Low
2022-06-16
Hyper Link Injection while signup
UPchieve Improper Input Validation (CWE-20)
Low
2022-06-15
HTML Injection in E-mail
Acronis
Low
2022-06-14
Reflected Cross Site Scripting at ColdFusion Debugging Panel http://www.grouplogic.com/CFIDE/debug/cf_debugFr.cfm
Acronis Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2022-06-14
Reflected Cross Site Scripting at http://www.grouplogic.com/files/glidownload/verify3.asp [Uppercase Filter Bypass]
Acronis Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2022-06-14
Email address disclosure via invite token validatiion
TikTok Information Disclosure (CWE-200)
Low
2022-06-11
Moderator can enable cam/mic remotely if cam/mic-permission was disabled while user has activated cam/mic
Nextcloud Privacy Violation (CWE-359)CVE-2022-24890
Low
2022-06-09
Integer overflows in unescape_word()
curl Integer Overflow (CWE-190)CVE-2019-5435
Low
2022-06-09
Heap overflow via HTTP/2 PUSH_PROMISE
curl Heap Overflow (CWE-122)
Low
2022-06-05
Github Account Takeover from Docs page of `kubernetes-csi.github.io`
Kubernetes Improper Access Control - Generic (CWE-284)
Low
2022-06-04
Self XSS in attachments name
Acronis
Low
2022-05-31
Waitlist bypass for accessing SIGN.PLUS Beta
Alohi Improper Access Control - Generic (CWE-284)
Low
2022-05-30
Notification implicit PendingIntent in com.nextcloud.client allows to access contacts
Nextcloud Information Disclosure (CWE-200)CVE-2022-24886
Low
2022-05-27
[com.exness.android.pa Android] Universal XSS in webview. Lead to steal user cookies
EXNESS Improper Access Control - Generic (CWE-284)
Low
2022-05-24
Open redirect bypass
Flickr Open Redirect (CWE-601)
Low
2022-05-23
Email Verification Bypass by bruteforcing when setting up 2FA
Evernote Improper Restriction of Authentication Attempts (CWE-307)
Low
2022-05-22
Possible Domain Takeover on AWS Instance.
Rocket.Chat Phishing (CAPEC-98)
Low
2022-05-22
Error in Deleting Deck cards attachment reveals the full path of the website
Nextcloud Information Disclosure (CWE-200)CVE-2022-24906
Low
2022-05-20
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239