Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
7
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: veris
Password reset link is not Expiring
Veris Violation of Secure Design Principles (CWE-657)
Unknown
2016-06-12
Multiple Stored XSS
Veris Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-06-12
Multiple Stored XSS on Sanbox.veris.in through Veris Frontdesk Android App
Veris Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-06-12
Missing Server Side Validation of CSRF Middleware Token in Change Password Request
Veris Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2016-06-12
Critical IDOR - Can select any Parent while creating new Venue
Veris Privilege Escalation (CAPEC-233)
Unknown
2016-06-12
Critical IDOR - Get Rules of any organization remotely
Veris Privilege Escalation (CAPEC-233)
Unknown
2016-06-12
Critical IDOR - Make Rule for Any Group & Any Venue remotely
Veris Privilege Escalation (CAPEC-233)
Unknown
2016-06-12
Critical IDOR - Get venue data of any organization remotely
Veris Privilege Escalation (CAPEC-233)
Unknown
2016-06-12
Unauthenticated CSRF(User can input any value for CSRF Token)
Veris Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2016-06-08
[Stored XSS] sandbox.veris.in
Veris Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-05-26
Text injection can be used in phishing 404 page and should not include attacker text
Veris Violation of Secure Design Principles (CWE-657)
Unknown
2016-05-17
XSS in Asset name
Veris Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-05-13
Stored XSS on 'Badges' page
Veris Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-05-13
Captcha Bypass enable login bruteforce
Veris Improper Authentication - Generic (CWE-287)
Unknown
2016-05-13
Password(s) can be found via login process.
Veris Improper Authentication - Generic (CWE-287)
Unknown
2016-05-13
Complete or Edit Another User's Profile
Veris Improper Authentication - Generic (CWE-287)
Unknown
2016-05-13
Stored XSS in member book
Veris Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-05-13
Server and PHP version Disclosed in Response Header
Veris Information Disclosure (CWE-200)
Unknown
2016-05-04
Stored XSS in Access Rules
Veris Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-05-04
www.veris.in DOM based XSS
Veris Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2016-04-22
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895