Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
14
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: mtn_group
Broken Access Control leads to disclosure of transaction history via /v2/rechargeTransactionHistory endpoint
MTN Group
High
2025-03-02
CVE-2023-41763 Business Elevation of Privilege vulnerability on [.mtn.com]
MTN Group Command Injection - Generic (CWE-77)CVE-2023-41763CVE-2023-36780CVE-2023-36786CVE-2023-36789
High
2025-02-22
Improper Access Controls(Admin Path)
MTN Group Improper Access Control - Generic (CWE-284)
High
2025-01-31
DOM Based Reflected Cross Site Scripting
MTN Group Cross-site Scripting (XSS) - DOM (CWE-79)
High
2024-12-25
Reflected - XSS
MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2024-10-21
CVE-2010-1429 JBoss Insecure Storage of Sensitive Information on ips.mtn.co.ug
MTN Group Insecure Storage of Sensitive Information (CWE-922)CVE-2008-3273CVE-2018-0296CVE-2010-1429
High
2024-08-30
Leaking usernames through endpoints Wordpress
MTN Group Information Disclosure (CWE-200)
High
2024-08-10
Otp bypass in verifying nin
MTN Group Improper Authentication - Generic (CWE-287)
High
2022-10-17
Reflected xss on videostore.mtnonline.com
MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2022-09-25
String length restriction byepass at https://callerfeel.mtnonline.com/profile/feedback.html
MTN Group Violation of Secure Design Principles (CWE-657)
High
2022-09-07
Sensitive Information Disclosure Through Config File
MTN Group Cleartext Storage of Sensitive Information (CWE-312)
High
2022-09-01
Default Admin Username and Password on remedysso.mtncameroon.net
MTN Group
High
2022-09-01
Blind SSRF External Interaction on ████████
MTN Group Server-Side Request Forgery (SSRF) (CWE-918)
High
2022-08-21
cross site scripting in : mtn.bj
MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2022-08-06
POST BASED REFLECTED XSS IN dailydeals.mtn.co.za
MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2022-07-15
Insecure crossdomain.xml on https://vdc.mtnonline.com/
MTN Group Information Disclosure (CWE-200)
High
2022-03-20
PHP Info Exposing Secrets at https://radio.mtn.bj/info
MTN Group Information Disclosure (CWE-200)
High
2022-03-08
[mtn.com.af] Multiple vulnerabilities allow to Application level DoS
MTN Group Business Logic Errors (CWE-840)CVE-2018-6389
High
2021-09-28
Reflected Cross-Site scripting in : mtn.bj
MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2021-09-26
SQL injection [futexpert.mtngbissau.com]
MTN Group SQL Injection (CWE-89)
High
2021-09-09
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895