Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Previously created sessions continue being valid after 2FA activation
WordPress Improper Access Control - Generic (CWE-284)
Low
2023-10-07
Existance of calendars and addressbooks can be checked by unauthenticated users
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2023-39959
Low
2023-09-26
fs.statfs bypasses Permission Model
Node.js Improper Access Control - Generic (CWE-284)CVE-2023-32005
Low
2023-09-10
Google dork lead to unsubscribe anyone from all Banfield emails
Mars Improper Access Control - Generic (CWE-284)
Low
2023-08-30
Improper access control on Linkedin Page
LinkedIn Improper Access Control - Generic (CWE-284)
Low
2023-08-24
Text does not respect 'Allow download' permissions
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2023-39961
Low
2023-08-23
Error in Booking an appointment reveals the full path of the website
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2023-33183
Low
2023-06-18
Any one can view collaborater email address via path /reports/<id>/participants
HackerOne Improper Access Control - Generic (CWE-284)
Low
2023-06-01
Hide download previews are accessible without a watermark
Nextcloud Improper Access Control - Generic (CWE-284)
Low
2023-05-04
Improper Access Control - Generic
Rocket.Chat Improper Access Control - Generic (CWE-284)CVE-2023-28316
Low
2023-04-25
Full Passcode bypass on Nextcloud App iOS
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2023-28647
Low
2023-04-10
Debugging panel exposure
LY Corporation Improper Access Control - Generic (CWE-284)
Low
2023-03-28
Attacker is able to query Github repositories of arbitrary Shopify Hydrogen Users
Shopify Improper Access Control - Generic (CWE-284)
Low
2023-03-09
Missing rate limiting on password reset functionality allows to send lot of emails
Nextcloud Improper Access Control - Generic (CWE-284)
Low
2023-03-05
Verifying email bypass
Stripe Improper Access Control - Generic (CWE-284)
Low
2023-03-03
Passcode bypass on Talk Android app
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2023-22473
Low
2023-01-09
Disabled download shares still allow download through preview images
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2022-41970
Low
2022-12-31
Talk Android broadcast receiver is not protected by broadcastPermission allowing malicious apps to communicate
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2022-4192
Low
2022-12-25
[Broken Access Control ] Unauthorized Linking accounts & Linked Accounts info DIsclosure
Stripe Improper Access Control - Generic (CWE-284)
Low
2022-12-20
Able to take over .zyrosite.com subdomains via `/v3/publish/connect-domain-hostinger` API endpoint
hostinger Improper Access Control - Generic (CWE-284)
Low
2022-12-05
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895