Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,248
CVE-linked
1,864
Programs
343
New This Week
8
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
IDOR on TikTok Seller
TikTok Insecure Direct Object Reference (IDOR) (CWE-639)
Low
2022-08-16
Disable xmlrpc.php file
Top Echelon Software
Low
2022-08-11
Redirection in Repeater & Intruder Tab
PortSwigger Web Security Open Redirect (CWE-601)CVE-2022-35406
Low
2022-08-11
Lack of Brute force protection while joining video call in talk section which is password protected
Nextcloud Privacy Violation (CWE-359)CVE-2022-35932
Low
2022-08-08
Fix : (Security) Mitigate Path Traversal Bug
Linux Foundation Decentralized Trust Path Traversal (CWE-22)
Low
2022-08-05
Sensei LMS IDOR to send message
Automattic Insecure Direct Object Reference (IDOR) (CWE-639)
Low
2022-08-04
Unrestricted File Upload Blind Stored Xss in subdomain ads.tiktok.com
TikTok Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2022-08-04
Insecure TLS Configuration #3530
Linux Foundation Decentralized Trust Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
Low
2022-08-01
Race condition on https://judge.me/people
Judge.me Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)
Low
2022-08-01
Open redirection at https://smartreports.mtncameroon.net
MTN Group Open Redirect (CWE-601)
Low
2022-07-30
@nextcloud/logger NPM package brings vulnerable ansi-regex version
Nextcloud Uncontrolled Resource Consumption (CWE-400)
Low
2022-07-29
Twitter Account hijack through broken link in https://runpanther.io
Panther Labs
Low
2022-07-28
HTML Injection via Email Share
TikTok Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)
Low
2022-07-27
CVE-2022-27781: CERTINFO never-ending busy-loop
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2022-27781
Low
2022-07-24
IDOR in report download functionality on ads.tiktok.com
TikTok Insecure Direct Object Reference (IDOR) (CWE-639)
Low
2022-07-22
Without verifying email and activate account, user can perform all action which are not supposed to be done
Stripe Violation of Secure Design Principles (CWE-657)
Low
2022-07-18
subdomain takeover at odoo-staging.exness.io
EXNESS Privilege Escalation (CAPEC-233)
Low
2022-07-18
CVE-2019-11248 on http://█.█.█.█:9100/debug/pprof/goroutine
8x8 Information Disclosure (CWE-200)CVE-2019-11248
Low
2022-07-18
Open Redirect ███.8x8.com
8x8 Open Redirect (CWE-601)
Low
2022-07-17
rubygems.org Batching attack to `confirmation_token` by bypass rate limit
Internet Bug Bounty
Low
2022-07-13
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239