Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,262
CVE-linked
1,866
Programs
343
New This Week
0
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 654 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
SSRF and LFI in site-audit tool
Semrush Server-Side Request Forgery (SSRF) (CWE-918)
High
2020-04-30
Korea - LFI Server directory traversal at starbucks.co.kr
Starbucks Path Traversal (CWE-22)
High
2020-04-30
Prototype pollution attack (lodash)
Node.js third-party modules Allocation of Resources Without Limits or Throttling (CWE-770)CVE-2020-8203
High
2020-04-27
Missing ownership check on remote wipe endpoint
Nextcloud Insecure Direct Object Reference (IDOR) (CWE-639)CVE-2020-8154
High
2020-04-19
Stored XSS on upload files leads to steal cookie
Palo Alto Software Cross-site Scripting (XSS) - Stored (CWE-79)
High
2020-04-18
Server Side Request Forgery mitigation bypass
GitLab Server-Side Request Forgery (SSRF) (CWE-918)CVE-2019-5464
High
2020-04-18
Outdated Coturn is vulnerable to known vulnerabilities (High)
8x8 Improper Authentication - Generic (CWE-287)CVE-2018-4059CVE-2018-4056CVE-2018-4058CVE-2020-6062CVE-2020-6061
High
2020-04-13
PII of Users Disclosure using "/members/invite/" endpoint
Lab45 Information Disclosure (CWE-200)
High
2020-04-13
Account Take over of millions of MTN users account due to lack of Rate limiting when sending OTP code
MTN Group Improper Authentication - Generic (CWE-287)
High
2020-04-13
Insecure OAuth redirection at [admin.8x8.vc]
8x8 Improper Input Validation (CWE-20)
High
2020-04-10
"Secure View" aka "Hide Download" can be bypassed easily
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2020-8139
High
2020-04-10
HTTP Request Smuggling on my.stripo.email
Stripo Inc
High
2020-04-10
load scripts DOS vulnerability
BlockDev Sp. Z o.o Improper Restriction of Authentication Attempts (CWE-307)CVE-2018-6389
High
2020-04-02
An attacker can buy marketplace articles for lower prices as it allows for negative quantity values leading to business loss
Semrush Business Logic Errors (CWE-840)
High
2020-04-02
UniFi Video web interface Configuration Restore user privilege escalation
Ubiquiti Inc. Privilege Escalation (CAPEC-233)CVE-2020-8145
High
2020-04-01
UniFi Video Server web interface admin user Firmware Update path traversal leading to local system compromise
Ubiquiti Inc. Path Traversal (CWE-22)CVE-2020-8144
High
2020-04-01
China - Leaked credentials permitted a limited ability to create Starbucks coupons and cards
Starbucks Insufficiently Protected Credentials (CWE-522)
High
2020-04-01
potential RCE and XSS via file upload requiring user account and default settings
Nextcloud Code Injection (CWE-94)
High
2020-04-01
H1514 CSRF in Domain transfer allows adding your domain to other user's account
Shopify Cross-Site Request Forgery (CSRF) (CWE-352)
High
2020-03-30
Malformed BSP in GoldSrc Engine may cause shellcode injection
Valve Classic Buffer Overflow (CWE-120)
High
2020-03-25
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify465
curl464
Node.js third-party modules307
GitLab258
X / xAI250 $7,000
Uber239