Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
11
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: 8x8-bounty
wavecell.com: Broken Link Hijacking / Instagram Takeover @██
8x8 Externally Controlled Reference to a Resource in Another Sphere (CWE-610)
Low
2023-01-27
Unprotected Atlantis Server at https://152.70.█.█
8x8 Improper Authentication - Generic (CWE-287)
Medium
2022-12-06
Jitsi: Attacker is able to cast a vote using the Victim's name on the Polls
8x8
Low
2022-11-18
Directory Listing at https://█.█.█.█
8x8 File and Directory Information Exposure (CWE-538)
Low
2022-11-18
Subdomain Takeover at http://██.get8x8.com/
8x8 Leftover Debug Code (Backdoor) (CWE-489)
Medium
2022-10-14
Directory Listing vulnerability on █.packet8.net/php/include/
8x8 Information Exposure Through Directory Listing (CWE-548)
Low
2022-09-28
DLL Search-Order Hijacking Vulnerability in work-64-exe-v7.16.3-1.exe
8x8 Privilege Escalation (CAPEC-233)
Low
2022-09-22
LFI via Jolokia at https://█.█.█.█:1293
8x8 Information Disclosure (CWE-200)
Medium
2022-07-20
CVE-2019-11248 on http://█.█.█.█:9100/debug/pprof/goroutine
8x8 Information Disclosure (CWE-200)CVE-2019-11248
Low
2022-07-18
Public Apache Tomcat /examples example directory
8x8 Information Exposure Through Directory Listing (CWE-548)
Medium
2022-07-18
Open Redirect ███.8x8.com
8x8 Open Redirect (CWE-601)
Low
2022-07-17
8x8pilot.com: Reflected XSS in Apache Tomcat /jsp-examples example directory
8x8 Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2022-05-19
Hardcoded AWS credentials in ███████.msi
8x8 Use of Hard-coded Credentials (CWE-798)
Critical
2022-04-29
subdomain takeover (abandoned Zendesk █.easycontactnow.com)
8x8
Medium
2022-04-28
F5 BIG-IP TMUI RCE - CVE-2020-5902 (██.packet8.net)
8x8 Code Injection (CWE-94)CVE-2020-5902
Critical
2022-03-25
Open Redirect on https://██.8x8.com/login?nextPage=%2F
8x8 Open Redirect (CWE-601)
Low
2022-03-10
████ api key exposed in github.com/███/███
8x8 Cleartext Storage of Sensitive Information (CWE-312)
High
2022-02-22
Remote Code Execution on ██.8x8.com via .NET VSTATE Deserialization
8x8 Code Injection (CWE-94)
Critical
2022-02-03
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
8x8 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)
Low
2022-01-05
Default credentials lead to Spring Boot Admin dashboard access
8x8 Information Disclosure (CWE-200)
Medium
2022-01-02
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895