目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
10
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:nextcloud
Self xss
Nextcloud Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2020-04-05
Blind Stored XSS on iOS App due to Unsanitized Webview
Nextcloud Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-15614
Low
2020-03-07
Delete All Data of Any User
Nextcloud
Low
2020-03-01
Broken link for wrong domain entry may be leveraged for Phishing, Misinformation, Serving Malware
Nextcloud
Low
2020-03-01
DOMPurify 0.8.9 released
Nextcloud Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2020-03-01
Improper protection of FileContentProvider
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2018-3765
Low
2020-03-01
Stored XSS on scan.nextcloud.com
Nextcloud Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2020-03-01
[Reflected XSS] In Request URL
Nextcloud Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2019-15618
Low
2020-03-01
Persistent XSS via filename in projects
Nextcloud Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-15619
Low
2020-03-01
Talk - Leak of password-protected room name via already existent resource addition
Nextcloud Improper Authentication - Generic (CWE-287)CVE-2019-15620
Low
2020-03-01
Circle email-members have still access to a shared folder/file after they are removed from the circle
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2019-15610
Low
2020-03-01
Username and Access Token Disclousure
Nextcloud Violation of Secure Design Principles (CWE-657)CVE-2019-15611
Low
2020-03-01
Password authentication at newsletter.nextcloud.com discloses username list
Nextcloud Information Disclosure (CWE-200)CVE-2016-6210
Low
2020-03-01
Directory listing is enabled that exposes non public data through multiple path
Nextcloud Information Exposure Through Directory Listing (CWE-548)
Low
2020-02-01
Android content provider exposes password-protected share password hashes
Nextcloud Information Disclosure (CWE-200)
Low
2020-01-31
HTML injection and limited XSS via logo image upload - Nextcloud 12.0.0
Nextcloud Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2020-01-31
Nextcloud logs ldap passwords
Nextcloud Plaintext Storage of a Password (CWE-256)
Low
2020-01-31
SQL exception in JSON format
Nextcloud Information Exposure Through an Error Message (CWE-209)
Low
2020-01-31
CSRF vulnerability that allows an attacker to modify encryption settings
Nextcloud Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2019-12-07
Nextcloud Clickjacking Vulnerability
Nextcloud UI Redressing (Clickjacking) (CAPEC-103)
Low
2019-11-11
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895