It is generally prohibited by law for you to attack or otherwise interfere with a remote or local system in which you do not have proper permission to attack. In the UK, doing so may result in you breaking the Computer Misuse Act which (depending on which Section you break) may land you with up to 10 years in prison. If you are working with people or companies in different countries, please also be aware of the local laws surrounding computer ‘misuse’.
If you are doing bug bounty programs, please be aware of the Terms and Conditions (T&Cs) for each program as well as any ‘Fair Use’ policies that may be in place. You should also consider reading the general T&Cs for the product you are testing as well as the End User Licence Agreement (EULA). For example, a lot of proprietary software prohibits the use of reverse engineering either in the T&Cs or EUL