目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,262
关联 CVE
1,866
参与项目数
343
近 7 天新增
0
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 654 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Subdomain Takeover of brand.zen.ly
Zenly
Medium
2022-02-17
Broken Authentication Session Token Bug
Courier Insufficient Session Expiration (CWE-613)
Medium
2022-02-16
When sharing a Deck card in conversation the metaData can be manipulated to open arbitrary URL
Nextcloud Business Logic Errors (CWE-840)CVE-2022-24887
Medium
2022-02-15
IDOR
U.S. Dept Of Defense Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2022-02-14
CUI Labelled document out in the open
U.S. Dept Of Defense Information Disclosure (CWE-200)
Medium
2022-02-14
XSS trigger via HTML Iframe injection in ( https://██████████ ) due to unfiltered HTML tags
U.S. Dept Of Defense Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2022-02-14
Reflected XSS at https://█████████ via "███" parameter
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2022-02-14
Reflected XSS at https://█████ via "██████████" parameter
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2022-02-14
Reflected XSS at https://██████████/████████ via "███████" parameter
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2022-02-14
Reflected XSS at https://██████/██████ via "██████" parameter
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2022-02-14
Reflected XSS at https://██████/██████████ via "████████" parameter
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2022-02-14
(CORS) Cross-origin resource sharing misconfiguration on https://█████████
U.S. Dept Of Defense Business Logic Errors (CWE-840)
Medium
2022-02-14
RXSS ON https://██████████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2022-02-14
Able to detect if a user is FetLife supporter although this user hides their support badge in fetlife.com/conversations/{id} JSON response
FetLife Information Disclosure (CWE-200)
Medium
2022-02-11
Information Exposure Through Directory Listing vulnerability
Nextcloud Information Exposure Through Directory Listing (CWE-548)
Medium
2022-02-11
[h1-2102] Information disclosure - ShopifyPlus add user displays existing Shopify ID fullname
Shopify Information Disclosure (CWE-200)
Medium
2022-02-10
Sending Arbitrary Requests through Jupyter Notebooks on gitlab.com and Self-Hosted GitLab Instances
GitLab Command Injection - Generic (CWE-77)
Medium
2022-02-10
Node.js Certificate Verification Bypass via String Injection
Node.js Improper Following of a Certificate's Chain of Trust (CWE-296)CVE-2021-44531CVE-2021-44532CVE-2021-44533
Medium
2022-02-10
Cross-site Scripting (XSS) - Stored | forum.acronis.com
Acronis Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2022-02-08
Stored Cross-site Scripting on devicelock.com/forum/
Acronis Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2022-02-08
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify465
curl464
Node.js third-party modules307
GitLab258
X / xAI250 $7,000
Uber239