Scope Updates
Recent changes to bug bounty program scopes.
| Change | Asset | Category | Scope | Program | Platform | Time |
|---|---|---|---|---|---|---|
| Added | all domains or subdomains not listed in the above list of 'scopes' | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | only vulnerabilities affecting the platform itself and ip owned by tencent will be accepted. if an ip belongs to tencent cloud external customer, it is not considered in scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | *notes about tencent cloud (cloud.tencent.com as included in *.tencent.com) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | third-party applications and websites | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | *. myqcloud.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | *.qzoneapp.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | please note that the vulnerabilities reported for the following assets will not be eligible for bounties | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | the components "imageconverter", "documentconverter", "spellchecker" and "cacheservice" are temporarily out of scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | antivirus and anti-spam filtering on the sandbox environment, this has been disabled to avoid research disruption | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | everything that is not directly related to the application or source-code in scope (e.g. github, domain settings) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | all domains which are not listed as "scopes", especially any production system operated by customers | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | all domains not listed in-scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | everything that is not directly related to the application or source-code in scope (e.g. github, domain settings) | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | "scopes" in this program refer to the binary packages and source-code provided there, the systems providing those artefacts are out of scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | all content which is not listed as "scopes", especially any production system operated by customers | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | agentconnect/franceconnect authentication feature | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | 'démarches' other than the two provided for the prupose of your tests | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | https://beta.gouv.fr/startups/demarches-simplifiees.fr | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | https://doc.demarches-simplifiees.fr | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | all domains or subdomains not listed in the above list of "scopes" are considered out of scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | all domains, devices and mobile apps not listed in-scope | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | social media accounts | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | www.sogexiaclub.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | support.sogexia.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 | |
| Added | www.sogexia.com | OTHER | Out of Scope | YesWeHack | 2026-02-21 00:33 |