Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: ui
UniFi Video Server web interface Configuration Restore CSRF leading to full application compromise
Ubiquiti Inc. Cross-Site Request Forgery (CSRF) (CWE-352)CVE-2019-5430
High
2019-04-28
Login as root without password on EdgeSwitchX
Ubiquiti Inc. Improper Authentication - Generic (CWE-287)CVE-2019-5426
Medium
2019-03-31
Privilege-0 to Root Privilege Escalation on EdgeSwitch
Ubiquiti Inc. Privilege Escalation (CAPEC-233)CVE-2019-5425
High
2019-03-31
EdgeSwitch Command Injection
Ubiquiti Inc. Command Injection - Generic (CWE-77)CVE-2019-5424
Medium
2019-03-31
UBNT Amplification DDOS Attack
Ubiquiti Inc.
Critical
2019-02-06
UniFi Video Server - Broken access control on system configuration
Ubiquiti Inc. Privilege Escalation (CAPEC-233)
High
2018-11-07
UniFi Video Server - Arbitrary file upload as SYSTEM
Ubiquiti Inc. Path Traversal (CWE-22)
High
2018-11-07
Reflected XSS
Ubiquiti Inc. Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2018-09-25
Public Jenkins instance with /script enabled
Ubiquiti Inc. Code Injection (CWE-94)
Critical
2018-09-10
Two Factor Authentication Bypass
Ubiquiti Inc. Improper Restriction of Authentication Attempts (CWE-307)
Medium
2018-07-16
Bypass blocked profile protection on aircrm.ubnt.com
Ubiquiti Inc. Privilege Escalation (CAPEC-233)
Medium
2018-07-03
UniFi Video Server web interface Configuration Restore path traversal leading to local system compromise
Ubiquiti Inc. Path Traversal (CWE-22)
Critical
2018-07-02
Format String Vulnerability in the EdgeSwitch restricted CLI
Ubiquiti Inc. Use of Externally-Controlled Format String (CWE-134)
High
2018-06-19
Code Execution in restricted CLI of EdgeSwitch
Ubiquiti Inc. Command Injection - Generic (CWE-77)
High
2018-06-19
Authenticated RCE in ToughSwitch
Ubiquiti Inc. OS Command Injection (CWE-78)
High
2018-06-19
Triggering RCE using XSS to bypass CSRF in PowerBeam M5 300
Ubiquiti Inc. Command Injection - Generic (CWE-77)
High
2018-06-19
Unrestricted File System Access via Twig Template Injection on dev-ucrm-billing-demo.ubnt.com
Ubiquiti Inc. CVE-2017-0913
High
2018-03-07
Stored XSS => community.ubnt.com
Ubiquiti Inc. Cross-site Scripting (XSS) - Stored (CWE-79)
High
2018-01-10
Stored XSS in dev-ucrm-billing-demo.ubnt.com In Client Custom Attribute
Ubiquiti Inc. Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2017-12-30
UniFi Video v3.2.2 (Windows) Local Privileges Escalation due to weak default install directory ACLs
Ubiquiti Inc. Privilege Escalation (CAPEC-233)CVE-2016-6914
High
2017-12-20
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895