目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1020

100%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,245
关联 CVE
1,864
参与项目数
343
近 7 天新增
23
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Chained vulnerabilities create DOS attack against users on desafio5estrelas.com
Uber Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2021-03-30
Non-changing "_idnonce" value leads to CSRF on accounts at https://intensedebate.com for account takeover
Automattic Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2021-02-17
[tumblr.com] CSRF in /svc/user/filtered_content
Automattic Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-12-26
User In The Same Center Can Create CSRF To Change The Information About Business
TikTok Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-12-18
[Admin Panel] CSRF to resume/pause runner
GitLab Cross-Site Request Forgery (CSRF) (CWE-352)CVE-2020-13350
Low
2020-12-01
Send Empty CSRF leads to log out user on [https://hosted.weblate.org/accounts/profile]
Weblate Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-10-12
CSRF Vulnerability on post creation page /community/create-post.json
Rockstar Games Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-07-07
csrf in https://www.rockstargames.com/reddeadonline/feedback/submit.json
Rockstar Games Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-07-07
Logout page does not prevent CSRF
Courier Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-07-06
Login CSRF vulnerability on hackerone.com
HackerOne Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-06-12
CSRF header is sent to external websites when using data-remote forms
Ruby on Rails Cross-Site Request Forgery (CSRF) (CWE-352)CVE-2020-8167CVE-2015-1840
Low
2020-05-26
Periscope iOS app CSRF in follow action due to deeplink
X / xAI Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-03-31
Periscope android app deeplink leads to CSRF in follow action
X / xAI Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2020-02-21
CSRF vulnerability that allows an attacker to modify encryption settings
Nextcloud Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2019-12-07
Missing CSRF Token On Remove Coupun From Cart
Starbucks Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2019-02-08
Missing CSRF Token On Add Coupon To Basket
Starbucks Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2019-01-22
CSRF | Ban or unban users in broadcast's chat
Valve Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2019-01-07
Found CSRF Vulnerability in https://support.rockstargames.com/
Rockstar Games Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2018-10-16
vulnerable to Cross-site Request Forgery | Jira
MariaDB Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2018-10-12
CSRF on change video thumbnail at https://chaturbate.com
Chaturbate Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2018-10-07
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239