Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,240
CVE-linked
1,863
Programs
342
New This Week
20
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 657 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
TrueImage for Acronis True Image 2020 - Untrusted DLL Search-Ordering lead to Privilege Escalation as Administrative account
Acronis Privilege Escalation (CAPEC-233)
Medium
2024-08-27
Acronis True Image 2020 Build 22510 Nonstop Backup Service Unquoted service path (privilege escalation)
Acronis Privilege Escalation (CAPEC-233)
Low
2024-08-27
DLL Hijacking when creating Rescue Media Builder leading to Privilege Escalation
Acronis Privilege Escalation (CAPEC-233)
Medium
2024-08-27
DLL Hijacking when sending feedback and crash report leading to Privilege Escalation
Acronis Privilege Escalation (CAPEC-233)
Medium
2024-08-27
Local Privilege Escalation via EXE hijacking with Acronis True Image 2021 - Acronis Scheduler2 Service
Acronis Privilege Escalation (CAPEC-233)
Low
2024-08-27
Local Privilege Escalation via EXE hijacking with Acronis True Image 2021 installer
Acronis Privilege Escalation (CAPEC-233)
Low
2024-08-27
HTML injection in swagger UI
Ionity GmbH Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2024-08-27
important: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows (CVE-2024-40898)
Internet Bug Bounty CVE-2024-40898
High
2024-08-27
Credentials leaked via Github
Acronis Use of Hard-coded Credentials (CWE-798)
Medium
2024-08-26
Large Amounts of Back-End Acronis Source Code is Publicly Accessible
Acronis Information Exposure Through Directory Listing (CWE-548)
Medium
2024-08-26
XSS in https://promo.acronis.com/
Acronis Cross-site Scripting (XSS) - DOM (CWE-79)
Low
2024-08-26
CSRF and XSS on www.acronis.com
Acronis Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2024-08-26
Cross Site Scripting (Reflected) on https://www.acronis.cz/dotaznik/roadshow-2020/
Acronis Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2024-08-26
Local Privilege Escalation when deleting a file from Quarantine
Acronis Privilege Escalation (CAPEC-233)
Medium
2024-08-26
Acronis Sync Agent Service - Untrusted DLL Search-Ordering lead to Privilege Escalation
Acronis Privilege Escalation (CAPEC-233)
Medium
2024-08-26
DLL Hijacking when performing operations in Acronis Secure Zone partition leading to Privilege Escalation
Acronis Privilege Escalation (CAPEC-233)
Medium
2024-08-26
Local Privilege Escalation via DLL Search-Order Hijacking with Cyber Protection Agent - tibxread.exe utility
Acronis Privilege Escalation (CAPEC-233)
Medium
2024-08-26
Jitsi: Bridge Message Spoofing due to Improper JSON Handling leads to Prototype Pollution
8x8 Command Injection - Generic (CWE-77)
Medium
2024-08-26
CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list()
Internet Bug Bounty CVE-2024-42005
High
2024-08-24
Remote code injection in Log4j on https://mymtn.mtncongo.net - CVE-2021-44228
MTN Group OS Command Injection (CWE-78)CVE-2021-44228
Critical
2024-08-24
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609 $1,500
Nextcloud583
Shopify464
curl455
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239