Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports

12,219

CVE-linked

1,854

Programs

342

New This Week

Severity: All Critical High Medium Low

Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375

Program filter: acronis✕

Cross Origin Resource Sharing Misconfiguration

Acronis Improper Access Control - Generic (CWE-284)

Medium

2023-01-10

XSS in Acronis Cloud Manager Admin Portal

Acronis Cross-site Scripting (XSS) - Generic (CWE-79)

Medium

2022-12-02

CSS Injection via Client Side Path Traversal + Open Redirect leads to personal data exfiltration on Acronis Cloud

Acronis Cross-site Scripting (XSS) - DOM (CWE-79)

Medium

2022-11-04

Read-only administrator can change agent update settings

Acronis Improper Access Control - Generic (CWE-284)

Medium

2022-08-10

HTML Injection in E-mail Not Resolved ()

Acronis

Medium

2022-07-19

unauth mosquitto ( client emails, ips, license keys exposure )

Acronis Improper Access Control - Generic (CWE-284)

Medium

2022-07-18

Store Admin Page Accessible Without Authentication at http://www.grouplogic.com/ADMIN/store/index.cfm

Acronis Improper Access Control - Generic (CWE-284)

Medium

2022-06-07

Stored Cross Site Scripting at http://www.grouplogic.com/ADMIN/store/index.cfm?fa=disprocode

Acronis Cross-site Scripting (XSS) - Stored (CWE-79)

Medium

2022-06-07

Session Fixation on Acronis

Acronis Session Fixation (CWE-384)

Medium

2022-03-01

Cross-site Scripting (XSS) - Stored | forum.acronis.com

Acronis Cross-site Scripting (XSS) - Stored (CWE-79)

Medium

2022-02-08

Stored Cross-site Scripting on devicelock.com/forum/

Acronis Cross-site Scripting (XSS) - Stored (CWE-79)

Medium

2022-02-08

Attacker Can Access to any Ticket Support on https://www.devicelock.com/support/

Acronis Improper Access Control - Generic (CWE-284)

Medium

2022-02-08

Information Disclosure via ZIP file on AWS Bucket [http://acronis.1.s3.amazonaws.com]

Acronis Information Disclosure (CWE-200)

Medium

2022-02-08

admin password disclosure via log file

Acronis Information Disclosure (CWE-200)

Medium

2021-12-21

IDOR vulnerability (Price manipulation)

Acronis Insecure Direct Object Reference (IDOR) (CWE-639)

Medium

2021-11-30

Stored XSS in profile page

Acronis Cross-site Scripting (XSS) - Stored (CWE-79)

Medium

2021-11-14

Subdomain takeover of main domain of https://www.cyberlynx.lu/

Acronis Privilege Escalation (CAPEC-233)

Medium

2021-10-12

Domain does not Match SSL Certificate

Acronis

Medium

2021-10-05

No server side check on terms of service page which leads to bypass

Acronis Client-Side Enforcement of Server-Side Security (CWE-602)

Medium

2021-10-05

bypass sql injection #1109311

Acronis SQL Injection (CWE-89)

Medium

2021-10-05

Top Weakness Types

Most Active Programs

Program	Reports	Max $
U.S. Dept Of Defense	896	—
Internet Bug Bounty	817	—
HackerOne	609	—
Nextcloud	582	—
Shopify	464	—
curl	439	—
Node.js third-party modules	307	—
GitLab	258	—
X / xAI	250	$2,500
Uber	239	$9,895

Goal Reached Thanks to every supporter — we hit 100%!

Bug Bounty Intelligence