Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,262
CVE-linked
1,866
Programs
343
New This Week
0
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 654 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
CVE-2022-30115: HSTS bypass via trailing dot
curl Missing Required Cryptographic Step (CWE-325)CVE-2022-30115
Medium
2022-05-11
CVE-2022-27780: percent-encoded path separator in URL host
curl Server-Side Request Forgery (SSRF) (CWE-918)CVE-2022-27780
Medium
2022-05-11
CVE-2022-27782: TLS and SSH connection too eager reuse
curl Business Logic Errors (CWE-840)CVE-2022-27782
Medium
2022-05-11
CVE-2022-27779: cookie for trailing dot TLD
curl Information Exposure Through Sent Data (CWE-201)CVE-2022-27779
Medium
2022-05-11
CVE-2022-27778: curl removes wrong file on error
curl Business Logic Errors (CWE-840)CVE-2022-27778
Medium
2022-05-11
Certificate authentication re-use on redirect
curl Business Logic Errors (CWE-840)
Medium
2022-05-11
Misconfigured rate limit for SMS phone verification endpoint
Alohi Business Logic Errors (CWE-840)
Medium
2022-05-10
XSS at http://nextapps.mtnonline.com/search/suggest/q/{xss payload}
MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2022-05-01
XSS at videostore.mtnonline.com/GL/*.aspx via all parameters
MTN Group Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2022-05-01
Reflected XSS due to vulnerable version of sockjs
Automattic Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2022-04-29
Reflected XSS [██████]
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2022-04-29
Reflected XSS [███]
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2022-04-29
Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ████████
U.S. Dept Of Defense Information Disclosure (CWE-200)CVE-2020-14179
Medium
2022-04-29
SSRF due to CVE-2021-27905 in www.████████
U.S. Dept Of Defense Server-Side Request Forgery (SSRF) (CWE-918)CVE-2021-27905
Medium
2022-04-29
Blind SQL Injection
U.S. Dept Of Defense SQL Injection (CWE-89)
Medium
2022-04-29
SQL INJECTION in https://████/██████████
U.S. Dept Of Defense SQL Injection (CWE-89)
Medium
2022-04-29
OAUTH2 bearer not-checked for connection re-use
Internet Bug Bounty Improper Authentication - Generic (CWE-287)CVE-2022-22576
Medium
2022-04-29
CVE-2022-22576: OAUTH2 bearer bypass in connection re-use
curl Improper Authentication - Generic (CWE-287)CVE-2022-22576
Medium
2022-04-29
CVE-2022-27774: Credential leak on redirect
Internet Bug Bounty Insufficiently Protected Credentials (CWE-522)CVE-2022-27774
Medium
2022-04-29
subdomain takeover (abandoned Zendesk █.easycontactnow.com)
8x8
Medium
2022-04-28
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify465
curl464
Node.js third-party modules307
GitLab258
X / xAI250 $7,000
Uber239