目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
14
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:cloudflare
A malicious actor could rotate tokens of a victim, given that he knows the victim's token ID
Cloudflare Public Bug Bounty Improper Access Control - Generic (CWE-284)
High
2023-04-13
Cloudflare is not properly deleting user's account
Cloudflare Public Bug Bounty Business Logic Errors (CWE-840)
Medium
2023-04-13
Session mismatch leading to potential account takeover (local access required)
Cloudflare Public Bug Bounty Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2023-04-10
Bypassing creation of API tokens without email verification
Cloudflare Public Bug Bounty Improper Authentication - Generic (CWE-287)
Low
2023-03-27
Extraction of Pages build scripts, config values, tokens, etc. via symlinks
Cloudflare Public Bug Bounty Information Disclosure (CWE-200)
Medium
2023-03-06
Using special IPv4-mapped IPv6 addresses to bypass local IP ban
Cloudflare Public Bug Bounty
Critical
2023-01-24
Origin IP address disclosure through Pingora response header
Cloudflare Public Bug Bounty Information Exposure Through an Error Message (CWE-209)
Medium
2023-01-10
cd=false (DNSSEC) not respected in DNS over HTTPS JSON requests
Cloudflare Public Bug Bounty Business Logic Errors (CWE-840)
Low
2022-12-12
Ability to bypass locked Cloudflare WARP on wifi networks.
Cloudflare Public Bug Bounty Client-Side Enforcement of Server-Side Security (CWE-602)CVE-2022-3512
High
2022-11-16
I found another way to bypass Cloudflare Warp lock!
Cloudflare Public Bug Bounty Client-Side Enforcement of Server-Side Security (CWE-602)CVE-2022-3321
High
2022-11-07
Bypass Cloudflare WARP lock on iOS.
Cloudflare Public Bug Bounty Client-Side Enforcement of Server-Side Security (CWE-602)CVE-2022-3322
Medium
2022-11-07
Completely remove VPN profile from locked WARP iOS cient.
Cloudflare Public Bug Bounty Client-Side Enforcement of Server-Side Security (CWE-602)CVE-2022-3337
High
2022-11-07
Misconfigured build on websites "abuse.cloudflare.com"
Cloudflare Public Bug Bounty
Low
2022-10-13
Bypass two-factor authentication
Cloudflare Public Bug Bounty Improper Authentication - Generic (CWE-287)
Low
2022-10-04
Lack of Packet Sanitation in Goflow Results in Multiple DoS Attack Vectors and Bugs
Cloudflare Public Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2022-2529
High
2022-09-30
Password Policy Restriction Bypass
Cloudflare Public Bug Bounty Violation of Secure Design Principles (CWE-657)
Low
2022-09-30
Take over subdomains of r2.dev using R2 custom domains
Cloudflare Public Bug Bounty
Medium
2022-09-28
Signup with any Email and Enable 2-FA without verifying Email
Cloudflare Public Bug Bounty Improper Authentication - Generic (CWE-287)
Medium
2022-09-12
Enable 2Fa verification without verifying email
Cloudflare Public Bug Bounty Improper Access Control - Generic (CWE-284)
Medium
2022-08-31
Blind SSRF on platform.dash.cloudflare.com Due to Sentry misconfiguration
Cloudflare Public Bug Bounty Server-Side Request Forgery (SSRF) (CWE-918)
Low
2022-08-31
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895