目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
14
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:curl
CURLOPT_UNRESTRICTED_AUTH Dangerous Default Documentation Gap
curl Information Disclosure (CWE-200)
Low
2026-03-10
LM Challenge-Response Hash Always Sent in SMB Authentication
curl Reversible One-Way Hash (CWE-328)
Medium
2026-03-09
In curl's SASL OAUTHBEARER authentication, including the SOH character (0x01) in the username corrupts the message structure.
curl Improper Neutralization of Value Delimiters (CWE-142)
Medium
2026-03-08
SSTI leads to Command injection
curl Command Injection - Generic (CWE-77)
None
2026-03-04
Use after free in hyperfifo example
curl Use After Free (CWE-416)
None
2026-03-03
Integer Overflow in curl_multi_get_handles() Leading to Heap Buffer Overflow
curl Classic Buffer Overflow (CWE-120)
Medium
2026-02-26
RTSP RTP Interleaved Parser Assertion Failure (Zero-Length RTP Payload)
curl Improper Check or Handling of Exceptional Conditions (CWE-703)
None
2026-02-26
Able to bypass HSTS using trailing dot
curl Missing Required Cryptographic Step (CWE-325)
Medium
2026-02-26
Curl Telnet Handler Buffer Overflow
curl Buffer Underflow (CWE-124)
None
2026-02-26
MQTT Protocol Packet Injection via Unchecked CONNACK Remaining Length
curl
Low
2026-02-05
wcurl Argument Injection via Unquoted Variable
curl Command Injection - Generic (CWE-77)
Medium
2026-01-26
Integer Underflow in src/var.c
curl Integer Underflow (CWE-191)
Medium
2026-01-26
Cross‑origin cookies leak and injection risk when using a custom Host header
curl Insufficiently Protected Credentials (CWE-522)
Unknown
2026-01-20
SSL options ISSUERCERT, EC_CURVES and CRLFILE silently ignored by non-OpenSSL backends
curl Missing Required Cryptographic Step (CWE-325)
Medium
2026-01-20
Cookie Replacement Use-After-Free Vulnerability
curl Use After Free (CWE-416)
None
2026-01-19
Cookie Max-Age Integer Overflow Vulnerability
curl Integer Overflow (CWE-190)
Critical
2026-01-19
libcurl: Improper Authentication State Management on Cross-Protocol Redirects
curl Insufficiently Protected Credentials (CWE-522)CVE-2025-14524CVE-2022-27774
Low
2026-01-17
IMAP Protocol Desynchronization and Response Smuggling via Naive Literal Parsing
curl Improper Input Validation (CWE-20)
Low
2026-01-14
Integer-underflow leads to heap over-read in TFTP implementation
curl Buffer Over-read (CWE-126)
Low
2026-01-14
Digest Authentication Header Injection
curl HTTP Response Splitting (CWE-113)
Low
2026-01-14
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895