Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bug Bounty Intelligence

Source: HackerOne public disclosures · updated every 6h

Browse publicly disclosed bug bounty reports from HackerOne. Filter by severity, weakness type, or program. Cross-referenced with CVE IDs where available.

Disclosed Reports
12,219
CVE-linked
1,854
Programs
342
New This Week
10
Severity: All CriticalHighMediumLow
Type: All Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Program filter: 8x8-bounty
█.8x8.vc/index.js: Exposed Google Maps API Key Allowing Potential Abuse of Paid Services
8x8 Information Disclosure (CWE-200)
Medium
2025-08-14
Information Disclosure of metrics fax.wavecell.com/metrics
8x8 Information Disclosure (CWE-200)
Low
2025-05-30
connect.8x8.com: Users with no permission can track/access restricted details/data via GET /api/v2/support/requests/<ticket number >HTTP/2
8x8 Information Disclosure (CWE-200)
High
2023-02-15
LFI via Jolokia at https://█.█.█.█:1293
8x8 Information Disclosure (CWE-200)
Medium
2022-07-20
CVE-2019-11248 on http://█.█.█.█:9100/debug/pprof/goroutine
8x8 Information Disclosure (CWE-200)CVE-2019-11248
Low
2022-07-18
Default credentials lead to Spring Boot Admin dashboard access
8x8 Information Disclosure (CWE-200)
Medium
2022-01-02
Exposed PHP dependencies at ██.8x8.com
8x8 Information Disclosure (CWE-200)CVE-2017-9841
Low
2021-10-27
Admin Reseller Account Disclosure
8x8 Information Disclosure (CWE-200)
Critical
2020-12-15
vidyard api auth_token exposed
8x8 Information Disclosure (CWE-200)
Medium
2020-12-15
Default Creds Spring Boot Admin
8x8 Information Disclosure (CWE-200)
High
2020-08-14
PHPinfo page on http://█████.callstats.io
8x8 Information Disclosure (CWE-200)
Low
2020-07-02
Publicly accessible .svn repository - aastraconf.packet8.net
8x8 Information Disclosure (CWE-200)
Medium
2020-06-22
Hardcoded credentials in Android App
8x8 Information Disclosure (CWE-200)
High
2020-06-22
Sensitive data disclosure via exposed phpunit file
8x8 Information Disclosure (CWE-200)
High
2020-06-09
Sensitive information disclosure
8x8 Information Disclosure (CWE-200)
Medium
2020-02-12
Top Weakness Types
Most Active Programs
ProgramReportsMax $
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895