Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
9
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Possible to enumerate valid files in password protected shares/files drop shares as well as spam folder with files
Nextcloud Information Disclosure (CWE-200)
Low
2025-02-21
IDOR on ads.tiktok.com Allows Unauthorized Product Addition
TikTok Insecure Direct Object Reference (IDOR) (CWE-639)
Low
2025-02-20
Uncontrolled Resource Consumption when parsing maliciously crafted XML with REXML
Ruby Uncontrolled Resource Consumption (CWE-400)CVE-2024-43398
Medium
2025-02-20
Unauthenticated phpinfo()files could lead to ability file read at h2f54.n1.ips.mtn.co.ug [/dashboard/]
MTN Group Violation of Secure Design Principles (CWE-657)
Medium
2025-02-20
Format string vulnerability, curl_msnprintf() function
curl Use of Externally-Controlled Format String (CWE-134)
Medium
2025-02-20
IDOR Vulnerability Allowing Unauthorized Profile Picture Change
Autodesk Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2025-02-19
Insecure Direct Object Reference (IDOR) Vulnerability in Autodesk User Profile
Autodesk Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2025-02-19
Cisco IOS XE instance at ████ vulnerable to CVE-██████
MTN Group Command Injection - Generic (CWE-77)CVE-2023-20198CVE-2023-20273
Critical
2025-02-19
Linkedin Broken Link Hijacking on https://hemi.xyz/about
Hemi VDP Externally Controlled Reference to a Resource in Another Sphere (CWE-610)
Low
2025-02-13
Applicant security exam Attachments/Documents accessible through an IDOR/BAC on the custom Apex controller on https://█████.mil
U.S. Dept Of Defense Improper Access Control - Generic (CWE-284)
Critical
2025-02-12
Improper Authentication Allows Making Appeals as Other Users
U.S. Dept Of Defense Improper Authentication - Generic (CWE-287)
Medium
2025-02-12
Publicly Editable U.S. Air Force Google Spreadsheet Exposing Student Leave Data
U.S. Dept Of Defense Improper Access Control - Generic (CWE-284)
Medium
2025-02-12
Wordpress users Disclosure
Autodesk Information Disclosure (CWE-200)
Critical
2025-02-12
Clickjacking in main domain https://topechelon.com/
Top Echelon Software
High
2025-02-10
Unauthenticated API Access Exposing Premium Content and Financial Data
XVIDEOS Information Exposure Through Sent Data (CWE-201)
None
2025-02-09
API Data Leakage Vulnerability Report - `xvcams.com`
XVIDEOS Information Exposure Through Sent Data (CWE-201)
None
2025-02-09
Host Header Attac
RubyGems
Medium
2025-02-08
("possible") UAF
curl Memory Corruption - Generic (CWE-119)
None
2025-02-08
Error Page Content Spoofing or Text Injection
XVIDEOS Violation of Secure Design Principles (CWE-657)
Unknown
2025-02-07
CVE-2024-53908: Django Potential SQL injection in `HasKey(lhs, rhs)` on Oracle
Internet Bug Bounty SQL Injection (CWE-89)CVE-2024-53908
High
2025-02-07
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895