目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
9
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Server Side Request Forgery (SSRF) via Analytics Reports
HackerOne Server-Side Request Forgery (SSRF) (CWE-918)
Critical
2023-12-08
Unauthenticated Remote Access to Testing Endpoint
IBM Improper Access Control - Generic (CWE-284)
Critical
2023-12-04
Mozilla FuzzManager API Token Exposed in Git Commit
Mozilla Cleartext Storage of Sensitive Information (CWE-312)
Critical
2023-11-29
Zip bomb
Tor Incorrect Calculation of Buffer Size (CWE-131)
Critical
2023-11-28
Blind SQL injection on id.indrive.com
inDrive Blind SQL Injection (CAPEC-7)
Critical
2023-11-24
Buffer overflow and affected url:-https://github.com/curl/curl/blob/master/docs/examples/hsts-preload.c
curl Classic Buffer Overflow (CWE-120)
Critical
2023-11-15
User automatically logged in as Sys Admin user on https://███/Administration/Administration.aspx
U.S. Dept Of Defense Improper Access Control - Generic (CWE-284)
Critical
2023-11-03
[Critical] Curl CVE-2023-38545 vulnerability code changes are disclosed on the internet
curl Information Disclosure (CWE-200)
Critical
2023-10-16
UAF on JSEthereumProvider
Brave Software Use After Free (CWE-416)
Critical
2023-10-11
Access to resumes applied through LinkedIn Jobs
LinkedIn Information Disclosure (CWE-200)
Critical
2023-09-22
Hashed data exposure via WebSockets to Workspace Members
Slack Insufficiently Protected Credentials (CWE-522)
Critical
2023-09-21
NULL Pointer dereference in idn.c
curl NULL Pointer Dereference (CWE-476)
Critical
2023-09-20
IDOR in upload videos of a Channel on https://video.ibm.com
IBM Insecure Direct Object Reference (IDOR) (CWE-639)
Critical
2023-08-31
[MK8DX] Improper metadata parsing
Nintendo NULL Pointer Dereference (CWE-476)
Critical
2023-08-17
Ad Account Takeover
LinkedIn Privilege Escalation (CAPEC-233)
Critical
2023-07-20
Server-side RCE through directory traversal-based arbitrary file write
Rocket.Chat Path Traversal (CWE-22)
Critical
2023-07-10
Full access to InDrive jira panel via exposed API token
inDrive Information Disclosure (CWE-200)
Critical
2023-06-28
Ability to join an arbitrary workspace by utilizing a proxy to manipulate invite links
Slack Improper Authentication - Generic (CWE-287)
Critical
2023-06-23
' Full Account Takeover ' at █████
Mars Improper Access Control - Generic (CWE-284)
Critical
2023-06-23
New XSS vector in ReaderMode with %READER-TITLE-NONCE%
Brave Software Cross-site Scripting (XSS) - Generic (CWE-79)
Critical
2023-06-22
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895