Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,240
CVE-linked
1,863
Programs
342
New This Week
20
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 657 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Remote code injection in Log4j on http://mtn1app.mtncameroon.net - CVE-2021-44228
MTN Group OS Command Injection (CWE-78)CVE-2021-44228
Critical
2024-08-24
Cross-site Scripting (XSS) - Reflected on https://api.mtn.sd/carbon/admin/login.jsp via `msgId` parameter - CVE-2020-17453
MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2020-17453
Medium
2024-08-24
Cross-site Scripting (XSS) - Reflected on http://callertunez.mtn.com.gh/wap/noauth/sharedetail.ftl via `callback` parameter
MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-08-24
Cross-site Scripting (XSS) - Reflected on http://h1b4e.n2.ips.mtn.co.ug:8080 via Nginx-module
MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-08-24
[CVE-2024-35176] DoS vulnerability in REXML
Internet Bug Bounty Allocation of Resources Without Limits or Throttling (CWE-770)CVE-2024-35176
Medium
2024-08-23
CVE-2024-38875: Denial-Of-Service through uncontrolled resource consumption caused by poor time complexity of strip_punctuation .
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2024-38875
Medium
2024-08-23
libcurl: freeing stack buffer during x509 certificate parsing
Internet Bug Bounty Memory Corruption - Generic (CWE-119)CVE-2024-6197
Medium
2024-08-23
Reflected Cross Site Scripting Cisco ASA on myvpn.mtncameroon.net CVE-2020-3580
MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2020-3580
Medium
2024-08-23
Cross-site Scripting (XSS) - Reflected
Drugs.com Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-08-21
Source Code and data exfiltration via Github Copilot
GitHub Code Injection (CWE-94)
Low
2024-08-19
FULL ACCOUNT TAKEOVER
MTN Group
Critical
2024-08-17
jazz.net - publicly accessible .svn repositories
IBM LLM06: Sensitive Information Disclosure
Unknown
2024-08-16
Cross Site Scripting
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-08-16
Course Registration Form Allowing an attacker to dump all the candidate name who had enrolled for the course
U.S. Dept Of Defense Information Disclosure (CWE-200)
High
2024-08-16
DoD workstation exposed to internet via TinyPilot KVM with no authentication
U.S. Dept Of Defense Improper Access Control - Generic (CWE-284)
Critical
2024-08-16
Blind Stored XSS on the internal host - █████████████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
High
2024-08-16
Unauthenticated arbitrary file upload on the https://█████/ (█████████)
U.S. Dept Of Defense Violation of Secure Design Principles (CWE-657)
High
2024-08-16
moderate: Apache HTTP Server: mod_rewrite proxy handler substitution (CVE-2024-39573) CWE-20 Improper Input Validation
Internet Bug Bounty Improper Input Validation (CWE-20)CVE-2024-39573
Medium
2024-08-12
Subdomain takeover in GitLab Pages [george.ratelimited.me]
RATELIMITED
High
2024-08-11
XSS via /api/v1/chat.postMessage
Rocket.Chat Cross-site Scripting (XSS) - Stored (CWE-79)
Critical
2024-08-10
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609 $1,500
Nextcloud583
Shopify464
curl455
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239