Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,262
CVE-linked
1,866
Programs
343
New This Week
0
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 654 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Cookie injection leads to complete DoS over whole domain *.mackeeper.com. Injection point accountstage.mackeeper.com/
Clario Uncontrolled Resource Consumption (CWE-400)
Low
2020-10-21
DOM based XSS in store.acronis.com/<id>/purl-corporate-standard-IT [cfg parameter]
Acronis
Low
2020-10-20
Slowloris, body parsing
Node.js Uncontrolled Resource Consumption (CWE-400)
Low
2020-10-17
Getting New Invitations without Leaving Programs
HackerOne Business Logic Errors (CWE-840)
Low
2020-10-15
Send Empty CSRF leads to log out user on [https://hosted.weblate.org/accounts/profile]
Weblate Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-10-12
Race condition while removing the love react in community files.
Figma Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)
Low
2020-10-10
Null Pointer Dereference in phar_create_or_parse_filename
Internet Bug Bounty NULL Pointer Dereference (CWE-476)
Low
2020-10-10
Use of uninitialized value in ftp_getrc_msg method of mod_proxy_ftp.c
Internet Bug Bounty Information Disclosure (CWE-200)CVE-2020-1934
Low
2020-10-10
PHP Integer Overflow in gdImageWebpCtx
Internet Bug Bounty Memory Corruption - Generic (CWE-119)
Low
2020-10-10
GET based Open redirect on [streamlabs.com/content-hub/streamlabs-obs/search?query=]
Logitech Open Redirect (CWE-601)
Low
2020-10-09
[api.tumblr.com] Exploiting clickjacking vulnerability to trigger self DOM-based XSS
Automattic UI Redressing (Clickjacking) (CAPEC-103)
Low
2020-10-09
Password Reset Link Leaked In Refer Header In Request To Third Party Sites
Nord Security Cleartext Transmission of Sensitive Information (CWE-319)
Low
2020-10-06
Making program preference -> program visibilty feature usless and disclosing API Identifier in the progress and data that may cause potential IDORS.
HackerOne Information Disclosure (CWE-200)
Low
2020-10-02
No rate limiting on sinup page
Nextcloud Business Logic Errors (CWE-840)CVE-2020-8228
Low
2020-09-28
Bypass Filter on link of build
CS Money
Low
2020-09-28
Cross Site Scripting (XSS) Stored - Private messaging
Concrete CMS Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2020-09-25
Reflected XSS on www.hackerone.com via Wistia embed code
HackerOne Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2020-09-24
Stored XSS in collabora via user name
Nextcloud Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2020-09-19
Clear text storage of proxy parameters and passwords
Nextcloud Cleartext Storage of Sensitive Information (CWE-312)CVE-2020-8225
Low
2020-09-16
staff can able to extend shopify trial period without admin permission
Shopify Improper Access Control - Generic (CWE-284)
Low
2020-09-15
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify465
curl464
Node.js third-party modules307
GitLab258
X / xAI250 $7,000
Uber239