Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,222
CVE-linked
1,855
Programs
342
New This Week
3
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Outdated Coturn is vulnerable to known vulnerabilities (High)
8x8 Improper Authentication - Generic (CWE-287)CVE-2018-4059CVE-2018-4056CVE-2018-4058CVE-2020-6062CVE-2020-6061
High
2020-04-13
PII of Users Disclosure using "/members/invite/" endpoint
Lab45 Information Disclosure (CWE-200)
High
2020-04-13
Account Take over of millions of MTN users account due to lack of Rate limiting when sending OTP code
MTN Group Improper Authentication - Generic (CWE-287)
High
2020-04-13
Insecure OAuth redirection at [admin.8x8.vc]
8x8 Improper Input Validation (CWE-20)
High
2020-04-10
"Secure View" aka "Hide Download" can be bypassed easily
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2020-8139
High
2020-04-10
HTTP Request Smuggling on my.stripo.email
Stripo Inc
High
2020-04-10
load scripts DOS vulnerability
BlockDev Sp. Z o.o Improper Restriction of Authentication Attempts (CWE-307)CVE-2018-6389
High
2020-04-02
An attacker can buy marketplace articles for lower prices as it allows for negative quantity values leading to business loss
Semrush Business Logic Errors (CWE-840)
High
2020-04-02
UniFi Video web interface Configuration Restore user privilege escalation
Ubiquiti Inc. Privilege Escalation (CAPEC-233)CVE-2020-8145
High
2020-04-01
UniFi Video Server web interface admin user Firmware Update path traversal leading to local system compromise
Ubiquiti Inc. Path Traversal (CWE-22)CVE-2020-8144
High
2020-04-01
China - Leaked credentials permitted a limited ability to create Starbucks coupons and cards
Starbucks Insufficiently Protected Credentials (CWE-522)
High
2020-04-01
potential RCE and XSS via file upload requiring user account and default settings
Nextcloud Code Injection (CWE-94)
High
2020-04-01
H1514 CSRF in Domain transfer allows adding your domain to other user's account
Shopify Cross-Site Request Forgery (CSRF) (CWE-352)
High
2020-03-30
Malformed BSP in GoldSrc Engine may cause shellcode injection
Valve Classic Buffer Overflow (CWE-120)
High
2020-03-25
Vulnerability in GoldSource Engine allows to upload and run an arbitrary DLL on client
Valve Malware (CAPEC-549)
High
2020-03-25
SSRF on music.line.me through getXML.php
LY Corporation Server-Side Request Forgery (SSRF) (CWE-918)
High
2020-03-25
DOM-based XSS on mobile.line.me
LY Corporation Cross-site Scripting (XSS) - DOM (CWE-79)
High
2020-03-25
One Click Code Execution via File
Evernote Execution with Unnecessary Privileges (CWE-250)CVE-2019-17051
High
2020-03-24
Subdomain Takeover at creatorforum.roblox.com
Roblox Privilege Escalation (CAPEC-233)
High
2020-03-24
Blind SSRF while Creating Templates
Stripo Inc Server-Side Request Forgery (SSRF) (CWE-918)
High
2020-03-24
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl440
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239