Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,240
CVE-linked
1,863
Programs
342
New This Week
20
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 657 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Хранимая XSS в функционале добавления аудио в WYSIWYG
VK.com Cross-site Scripting (XSS) - Stored (CWE-79)
High
2017-12-31
Uninitialized server memory disclosure via ImageMagick gif parser
Mavenlink Information Disclosure (CWE-200)
High
2017-12-30
The Uber Promo Customer Endpoint Does Not Implement Multifactor Authentication, Blacklisting or Rate Limiting
Uber Improper Restriction of Authentication Attempts (CWE-307)
High
2017-12-24
UniFi Video v3.2.2 (Windows) Local Privileges Escalation due to weak default install directory ACLs
Ubiquiti Inc. Privilege Escalation (CAPEC-233)CVE-2016-6914
High
2017-12-20
Provide a security sistem most fit to our team
Ruby
High
2017-12-15
Take back my all data from limfuimay@gmail.com
Ruby
High
2017-12-15
Bugs
Ruby
High
2017-12-15
[marketplace.informatica.com] - Stored XSS
Informatica Cross-site Scripting (XSS) - Stored (CWE-79)
High
2017-12-15
Password reset link injection allows redirect to malicious URL
Mavenlink
High
2017-12-13
Stored xss via template injection
WordPress Cross-site Scripting (XSS) - Stored (CWE-79)
High
2017-12-11
Command injection in the process of downloading the latest version of the cloud key firmware through the unifi management software.
Ubiquiti Inc. Command Injection - Generic (CWE-77)
High
2017-12-11
Kovri: potential buffer over-read in garlic clove handling + I2NP message creation
Monero Information Disclosure (CWE-200)
High
2017-12-05
Multiple Subdomain takeovers via unclaimed instances
Starbucks Privilege Escalation (CAPEC-233)
High
2017-12-04
[Simplenote for Windows] Client RCE via External JavaScript Inclusion leveraging Electron
Automattic Code Injection (CWE-94)
High
2017-12-01
Stored XSS via transloadit.com and imageproxy
Coursera Cross-site Scripting (XSS) - Stored (CWE-79)
High
2017-11-30
Subdomain Takeover
GSA Bounty Privilege Escalation (CAPEC-233)
High
2017-11-28
Stored xss в /lead_forms_app.php
VK.com Cross-site Scripting (XSS) - Stored (CWE-79)
High
2017-11-28
XSS в личных сообщениях
VK.com Cross-site Scripting (XSS) - Stored (CWE-79)
High
2017-11-27
Possible to redirect to a (non-existing) subdomain after logging in via GitHub (leaking the token)
Ed Open Redirect (CWE-601)
High
2017-11-25
Server-side cache poisoning leads to the http://my.dev.owox.com inaccessibility
OWOX, Inc.
High
2017-11-23
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609 $1,500
Nextcloud583
Shopify464
curl455
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239