Bounties for eligible zero-day exploits range from $2,600 to $2,600,000 per submission. The amounts paid by VulnPoint to researchers to acquire their original zero-day exploits depend on the popularity and security level of the affected software/system, as well as the quality of the submitted exploit (full or partial chain, supported versions/systems/architectures, reliability, bypassed exploit mitigations, default vs. non-default components, process continuation, etc). For more information, please read our FAQ. We pay only ready-made exploit POC.
FC = Full-Chain
RCE = Remote Code Execution
LPE = Local Privilege Escalation
SBX = Sandbox Escape
Win (RCE) Zero Click
$1,000,000+
MMS IIS (RCE)
$500,000+
Windows (LPE/SBX)
$80,000+
USB (LPE)
$50,000+
VMware WS (VME)
$80,000+
MS Outlook (RCE)
$250,000+
MS Exchange (RCE)
$250,000+
Thunderbird (RCE)
$200,000+
Word/Excel (RCE)
$100,000+
Antivirus (RCE)
$50,000+
Antivirus (LPE)
$10,000+
Chrome (RCE+LPE)
$500,000+
Edge (RCE+LPE)
$100,000+
Firefox (RCE+LPE)
$100,000+
Adobe PDF (RCE+SBX)
$80,000+
WinRAR (RCE)
$80,000+
7-Zip (RCE)
$80,000+
WinZip (RCE)
$50,000+
Safari (RCE+LPE)
$100,000+
macOS (LPE/SBX)
$50,000+
USB (LPE)
$50,000+
Apache (RCE)
$500,000+
Open SSL (RCE)
$250,000+
VMware WS (VME)
$80,000+
Linux (RCE)
$50,000+
BSD (RCE)
$50,000+
Thunderbird (RCE)
$200,000+
Exim (RCE)
$200,000+
Postfix (RCE)
$200,000+
Sendmail (RCE)
$200,000+
Dovecot (RCE)
$200,000+
nginx (RCE)
$200,000+
PHP (RCE)
$250,000+
WordPress (RCE)
$100,000+
cPanel/WHM (RCE)
$100,000+
Plesk (RCE)
$100,000+
Webmink (RCE)
$100,000+
Joomla (RCE)
$10,000+
Horde (RCE)
$10,000+
tar (RCE)
$50,000+
Drupal (RCE)
$10,000+
Roundcobe (RCE)
$10,000+
phpBB (RCE)
$10,000+
vBulletin (RCE)
$10,000+
MyBB (RCE)
$10,000+
Android (FCP) Zero Click
$2,500,000+
Baseband (RCE+LPE)
$200,000+
LPE to Kernel/Root
$200,000+
Documents (RCE+LPE)
$200,000+
Media FIles (RCE+LPE)
$200,000+
WiFi (RCE)
$100,000+
SMS/MMS (RCE)
$1,000,000+
WhatsApp (RCE+LPE) Zero Click
$1,500,000+
WhatsApp (RCE+LPE)
$1,000,000+
WeChat (RCE+LPE)
$500,000+
FB Messenger (RCE+LPE)
$500,000+
Signal (RCE+LPE)
$500,000+
Telegram (RCE+LPE)
$500,000+
Email App (RCE+LPE)
$500,000+
Chrome (RCE+LPE)
$500,000+
Chrome (RCE) w/o (SBX)
$200,000+
SBX for Chrome
$200,000+
RCE via MitM
$100,000+
LPE to System
$100,000+
Information Disclosure
$100,000+
[k]ASLR Bypass
$100,000+
PIN Bypass
$100,000+
IOS (FCP) Zero Click
$2,000,000+
Baseband (RCE+LPE)
$200,000+
LPE to Kernel/Root
$200,000+
Documents (RCE+LPE)
$200,000+
Media FIles (RCE+LPE)
$200,000+
WiFi (RCE)
$100,000+
SMS/MMS (RCE)
$1,000,000+
iMessage (RCE+LPE) Zero Click
$1,500,000+
iMessage (RCE+LPE)
$1,500,000+
WhatsApp (RCE+LPE) Zero Click
$1,500,000+
WhatsApp (RCE+LPE)
$1,000,000+
WeChat (RCE+LPE)
$500,000+
FB Messenger (RCE+LPE)
$500,000+
Signal (RCE+LPE)
$500,000+
Telegram (RCE+LPE)
$500,000+
Email App (RCE+LPE)
$500,000+
Safari (RCE+LPE)
$500,000+
Chrome (RCE+LPE)
$500,000+
Safari (RCE) w/o (SBX)
$200,000+
SBX for Saifari
$200,000+
Perisitence
$500,000+
RCE via MitM
$100,000+
Information Disclosure
$100,000+
[k]ASLR Bypass
$100,000+
Passcode Bypass
$100,000+
Touch ID Bypass
$100,000+
Researcher sends minimal details Researcher submits the full Researcher accepts the final offer and specifications of the exploit, technical details and exploit to and receives the payment within to VulnPoint one week
VulnPoint reviews the minimal details of the exploit and sends a premilinary
Researcher submits the full technical details and expliot to VulnPoint
VulnPoint reviews the reasearch and tests the exploit then sends the final offer
Researcher accepts the final offer and receives the payment within on week