Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: unikrn
An IDOR that can lead to enumeration of a user and disclosure of email and phone number within cashier
Unikrn Insecure Direct Object Reference (IDOR) (CWE-639)
High
2023-07-17
Open URL Redirection
Unikrn Open Redirect (CWE-601)
Medium
2021-06-28
Lack of Input sanitization leads to database Character encoding configuration Disclosure
Unikrn Information Exposure Through an Error Message (CWE-209)
Low
2020-08-07
Open Redirection leads to redirect Users to malicious website
Unikrn Open Redirect (CWE-601)
None
2020-05-06
[crm.unikrn.com] Open Redirect
Unikrn Open Redirect (CWE-601)
Medium
2020-04-05
Staging Rabbitmq instance is exposed to the internet with default credentials
Unikrn Improper Authentication - Generic (CWE-287)
Low
2019-12-09
Rate Limit workaround in the message of the phone number verification
Unikrn Improper Restriction of Authentication Attempts (CWE-307)
Medium
2019-07-26
multiple vulnerabilities on your mautic server
Unikrn
Medium
2019-07-10
Email abuse and Referral Abuse
Unikrn
Medium
2019-06-12
[unikrn.com] Profile updated with error":true,"success":false"
Unikrn
Unknown
2019-06-12
Full Path Disclosure
Unikrn
Medium
2019-05-29
bypass Claudflare access crm.mautic.com
Unikrn
None
2019-04-05
Path Disclosure Vulnerability http://crm.******.com
Unikrn
Low
2019-04-05
█████████ on CRM server without authorization
Unikrn
Unknown
2019-03-14
ssh: unprivileged users may hijack due to backdated ssh version open port found(███.unikrn.com)
Unikrn Remote File Inclusion (CWE-98)
Low
2019-03-04
Rate-limit protection get executed in the last stage of the registration process, allowing enumeration of existing account.
Unikrn Violation of Secure Design Principles (CWE-657)
Low
2018-05-03
CSRF logs the victim into attacker's account
Unikrn Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2018-04-19
CSRF log victim into the attacker account
Unikrn Cross-Site Request Forgery (CSRF) (CWE-352)
High
2018-04-10
session_id is not being validated at email invitation endpoint
Unikrn Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2018-04-10
CSRF in Raffles Ticket Purchasing
Unikrn Cross-Site Request Forgery (CSRF) (CWE-352)
High
2018-04-10
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895