Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,262
CVE-linked
1,866
Programs
343
New This Week
0
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 654 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Missing permission check when removing a photo from an album
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2024-37314
Low
2024-07-14
Ability to by-pass second factor
Nextcloud Improper Authentication - Generic (CWE-287)CVE-2024-37313
Medium
2024-07-14
important: Apache HTTP Server weakness with encoded question marks in backreferences (CVE-2024-38474)
Internet Bug Bounty Improper Input Validation (CWE-20)CVE-2024-38474
High
2024-07-13
important: Apache HTTP Server on WIndows UNC SSRF (CVE-2024-38472)
Internet Bug Bounty Server-Side Request Forgery (SSRF) (CWE-918)CVE-2024-38472
High
2024-07-13
important: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. (CVE-2024-38475)
Internet Bug Bounty Improper Input Validation (CWE-20)CVE-2024-38475
High
2024-07-13
important: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect (CVE-2024-38476)
Internet Bug Bounty Inclusion of Functionality from Untrusted Control Sphere (CWE-829)CVE-2024-38476
High
2024-07-13
important: Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request (CVE-2024-38477)
Internet Bug Bounty NULL Pointer Dereference (CWE-476)CVE-2024-38477
High
2024-07-13
moderate: Apache HTTP Server: HTTP response splitting (CVE-2023-38709)
Internet Bug Bounty HTTP Response Splitting (CWE-113)CVE-2023-38709
Medium
2024-07-13
moderate: Apache HTTP Server proxy encoding problem (CVE-2024-38473)
Internet Bug Bounty Improper Input Validation (CWE-20)CVE-2024-38473
Medium
2024-07-13
Account Takeover via Authentication Bypass in TikTok Account Recovery
TikTok Authentication Bypass Using an Alternate Path or Channel (CWE-288)
Critical
2024-07-13
CVE-2024-3416: MTU of 4096 or greater without fragmentation may cause NGINX worker processes to leak previously freed memory
Internet Bug Bounty Information Disclosure (CWE-200)CVE-2024-3416
Medium
2024-07-12
NoSQL injection leaks visitor token and livechat messages
Rocket.Chat Information Disclosure (CWE-200)CVE-2024-37405
Medium
2024-07-11
0 Click account takeover via timed requests to ███████forgot-password (single-packet attack)
Mars Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
High
2024-07-11
Reports submitted by a non 2fa setupped user account can be transferred to a 2fa require submission program
HackerOne Improper Access Control - Generic (CWE-284)
Low
2024-07-11
2fa can't be activated on app.pullrequest.com
HackerOne Violation of Secure Design Principles (CWE-657)
None
2024-07-11
Two factor authentication bypass
HackerOne
Medium
2024-07-11
Session Not Expire / 2FA Bypass
HackerOne Insufficient Session Expiration (CWE-613)
Medium
2024-07-11
2FA Bypass via Leaked Cookies
HackerOne Improper Authentication - Generic (CWE-287)
Medium
2024-07-11
Two-factor authentication bypass lead to information disclosure about the program and all hackers participate
HackerOne Information Disclosure (CWE-200)
High
2024-07-11
Reset the 2FA of the user which can lead to Account Takeover
HackerOne Improper Access Control - Generic (CWE-284)
Medium
2024-07-11
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify465
curl464
Node.js third-party modules307
GitLab258
X / xAI250 $7,000
Uber239