目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,262
关联 CVE
1,866
参与项目数
343
近 7 天新增
0
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 654 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:deptofdefense
Information Disclosure in API Endpoint /users
U.S. Dept Of Defense Information Disclosure (CWE-200)
Low
2026-01-12
Publicly Accessible CDN Endpoint Exposing XML Metadata (including ETag)
U.S. Dept Of Defense Information Disclosure (CWE-200)
Low
2026-01-12
Create account without auth via response manipulation
U.S. Dept Of Defense Business Logic Errors (CWE-840)
Low
2026-01-12
Information Disclosure via Publicly Accessible Debug Log
U.S. Dept Of Defense Information Exposure Through Debug Information (CWE-215)
Low
2026-01-12
Debug Info disclose
U.S. Dept Of Defense Information Exposure Through Debug Information (CWE-215)
Low
2026-01-12
Reflected XSS Vulnerability in SSL VPN Endpoint — CVE-2025-0133
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2025-0133
Medium
2026-01-12
Reflected XSS via user Parameter in /ssl-vpn/getconfig.esp
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2026-01-12
Reflected XSS via user Parameter on getconfig.esp Endpoint
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2026-01-12
XSS on ███
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2026-01-12
Cross-Site Scripting via URL on ████████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2026-01-12
Cross-Site Scripting via 'currentImage' parameter
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2026-01-12
Cross-Site Scripting via 'wikitext' parameter
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2026-01-12
Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ███████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2026-01-12
Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ███████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2026-01-12
Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ██████████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2026-01-12
Cross-Site Scripting via URL on ███████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2026-01-12
Cross-Site Scripting via URL on ███████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2026-01-12
Cross-Site Scripting via 'RAISED_FUNDS_DESC' parameter
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2026-01-12
Cross-Site Scripting via 'autoPlay' parameter
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2026-01-12
Cross-Site Scripting via 'description_extra' parameter
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2026-01-12
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify465
curl464
Node.js third-party modules307
GitLab258
X / xAI250 $7,000
Uber239