Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: deptofdefense
[██████] Reflected XSS via Keycloak on ██████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2023-09-29
CVE-2023-24488 xss on https://██████/
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2023-24488
Medium
2023-09-08
stored cross site scripting in https://████████.edu
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2023-09-08
XSS Reflected
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2023-09-08
Blind Sql Injection in https://█████/qsSearch.aspx
U.S. Dept Of Defense SQL Injection (CWE-89)
High
2023-09-08
Blind Sql Injection in https://████████/
U.S. Dept Of Defense SQL Injection (CWE-89)
High
2023-09-08
LDAP Anonymous Login enabled in ████
U.S. Dept Of Defense Information Disclosure (CWE-200)
High
2023-09-08
SqlInject at ██████
U.S. Dept Of Defense SQL Injection (CWE-89)
Medium
2023-09-08
Adobe ColdFusion - Access Control Bypass [CVE-2023-38205] at ██████
U.S. Dept Of Defense Improper Access Control - Generic (CWE-284)CVE-2023-38205
High
2023-09-08
Blind Sql Injection https:/████████
U.S. Dept Of Defense SQL Injection (CWE-89)
Medium
2023-06-30
External service interaction ( DNS and HTTP ) in www.████████
U.S. Dept Of Defense Server-Side Request Forgery (SSRF) (CWE-918)
High
2023-06-23
Docker Registry without authentication leads to docker images download
U.S. Dept Of Defense Improper Access Control - Generic (CWE-284)
Medium
2023-06-23
CVE-2023-29489 XSS in cpanel at [www.███] - Securado, Oman
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2023-29489
Medium
2023-06-09
Reflected xss on https://█████████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2023-06-02
DOM-XSS
U.S. Dept Of Defense Cross-site Scripting (XSS) - DOM (CWE-79)CVE-2013-5968
Medium
2023-06-02
Leaks of username and password leads to CVE-2018-18862 exploitation
U.S. Dept Of Defense Improper Access Control - Generic (CWE-284)CVE-2018-18862
High
2023-06-02
Exposed GIT repo on ██████████[HtUS]
U.S. Dept Of Defense Cleartext Storage of Sensitive Information (CWE-312)
Critical
2023-05-15
CSRF to delete accounts [HtUS]
U.S. Dept Of Defense Cross-Site Request Forgery (CSRF) (CWE-352)
High
2023-05-15
XSS in ServiceNow logout https://████:443
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2022-38463
Medium
2023-05-15
[HTA2] XXE on https://███ via SpellCheck Endpoint.
U.S. Dept Of Defense XML External Entities (XXE) (CWE-611)
Critical
2023-05-15
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895