Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,224
CVE-linked
1,856
Programs
342
New This Week
5
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Leakage of traffic in plaintext towards the IP address of VPN server
Mozilla Cleartext Transmission of Sensitive Information (CWE-319)
Low
2024-11-08
Leaking VPN traffic through non-RFC1918 local IP addresses
Mozilla Cleartext Transmission of Sensitive Information (CWE-319)
Medium
2024-11-08
Buffer overflow in strcpy
curl Buffer Underflow (CWE-124)
Critical
2024-11-07
A potential risk in the experimental-programmatic-access-ccft which can be used to privilege escalation.
AWS VDP Incorrect Privilege Assignment (CWE-266)
High
2024-11-06
CVE-2024-9681: HSTS subdomain overwrites parent cache entry
curl Business Logic Errors (CWE-840)CVE-2024-9681
Low
2024-11-06
Potential XSS Vulnerability in Acronis Login Callback URL
Acronis Cross-site Scripting (XSS) - Generic (CWE-79)
High
2024-11-06
Potential XSS in redirect_url Parameter
Acronis Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-11-06
Exploitable Format String Vulnerability in curl_mfprintf Function
curl Use of Externally-Controlled Format String (CWE-134)
High
2024-11-06
CSRF in ticket function
TikTok Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2024-11-05
Open redirect via redirect_to parameter in tumblr.com
Automattic Open Redirect (CWE-601)
Low
2024-11-05
Overwrite any file of the web server
MOD Supply Chain VDP File Manipulation (CAPEC-165)
Critical
2024-11-05
When curl uses Schannel as TLS backend, it fails to enforce TLS 1.3 cipher suite selections correctly
curl Business Logic Errors (CWE-840)
Medium
2024-11-04
Stored XSS on trix editor version 2.1.1
Basecamp Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2024-34341
High
2024-11-04
Social media account takeover
MTN Group Externally Controlled Reference to a Resource in Another Sphere (CWE-610)
Low
2024-11-03
Insecure Invitation Link Handling
ProductBoard, Inc.
Medium
2024-10-31
Bypassing Recaptcha Protection in `https://connect.acronis.com`
Acronis Violation of Secure Design Principles (CWE-657)
Low
2024-10-30
Blind XSS on admin.acronis.com via delete account form on account.acronis.com
Acronis Cross-site Scripting (XSS) - Stored (CWE-79)
High
2024-10-30
ReDoS Vulnerability in HTTP Accept Headers Parsing
Internet Bug Bounty CVE-2024-39316
Medium
2024-10-30
Bypassing HackerOne 2FA due to race condition
HackerOne Business Logic Errors (CWE-840)
Medium
2024-10-30
Missing Line Terminator on allowedOrigins enables origin spoofing
MetaMask Improper Access Control - Generic (CWE-284)
High
2024-10-29
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl442
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239