Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,220
CVE-linked
1,854
Programs
342
New This Week
8
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: concretecms
Stored XSS in Testimonial name
Concrete CMS Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-07-08
Stored XSS in Feature tile
Concrete CMS Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-07-08
Stored Xss in Feature Paragraph
Concrete CMS Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-07-08
Stored XSS in title of date navigation
Concrete CMS Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-07-08
Stored XSS in Title of the topic List
Concrete CMS Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-07-08
Stored XSS in Contact Form
Concrete CMS Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-07-08
Stored XSS on Search Title
Concrete CMS Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-07-08
Stored XSS on Title of Page List in edit page list
Concrete CMS Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-07-08
SQL Injection Vulnerability in Concrete5 version 5.7.3.1
Concrete CMS SQL Injection (CWE-89)
Unknown
2015-06-11
Sendmail Remote Code Execution Vulnerability in Concrete5 version 5.7.3.1
Concrete CMS Command Injection - Generic (CWE-77)
Unknown
2015-06-06
Multiple Reflected Cross Site Scripting Vulnerabilities in Concrete5 version 5.7.3.1
Concrete CMS Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-06-06
Stored XSS in concrete5 5.7.0.4.
Concrete CMS Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2015-03-11
Weak random number generator used in concrete/authentication/concrete/controller.php
Concrete CMS Cryptographic Issues - Generic (CWE-310)
Unknown
2014-10-26
broken authentication
Concrete CMS Improper Authentication - Generic (CWE-287)
Unknown
2014-09-21
XSS on [/concrete/concrete/elements/dashboard/sitemap.php]
Concrete CMS Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2014-08-28
XSS in Theme Preview Tools File
Concrete CMS Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2014-08-28
Cross-Site Scripting in getMarketplacePurchaseFrame
Concrete CMS Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2014-08-18
CONCRETE5 - path disclosure.
Concrete CMS Information Disclosure (CWE-200)
Unknown
2014-06-09
dashboard/pages/types [Unknown column 'Array' in 'where clause'] disclosure.
Concrete CMS Information Disclosure (CWE-200)
Unknown
2014-06-09
/index.php/dashboard/sitemap/explore/ Cross-site scripting
Concrete CMS Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2014-06-09
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895