目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
11
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:ibm
SQL Injection vulnerability found on ibm.com endpoint
IBM SQL Injection (CWE-89)
Critical
2026-03-12
SQL injection identified on IBM endpoint.
IBM SQL Injection (CWE-89)
Critical
2026-01-07
Remote Code Execution identified on IBM endpoint.
IBM CVE-2025-55182
Critical
2025-12-31
[RCE] Remote Code Execution via React Server Components Vulnerability CVE-2025-55182
IBM Code Injection (CWE-94)CVE-2025-55182
Critical
2025-12-18
Path Traversal Vulnerability found on IBM Cloud
IBM Path Traversal (CWE-22)
Critical
2025-05-07
Middleware Authentication Bypass on IBM Portal
IBM Command Injection - Generic (CWE-77)CVE-2025-29927
Critical
2025-05-02
Weak credentials found in Jenkins endpoint
IBM
Critical
2025-02-05
Insecure Direct Object Reference Protection bypass by changing HTTP method in IBM Your Learning endpoint.
IBM Insecure Direct Object Reference (IDOR) (CWE-639)
Critical
2024-05-01
Unauthenticated Remote Access to Testing Endpoint
IBM Improper Access Control - Generic (CWE-284)
Critical
2023-12-04
IDOR in upload videos of a Channel on https://video.ibm.com
IBM Insecure Direct Object Reference (IDOR) (CWE-639)
Critical
2023-08-31
response manipulation leads to bypass in register at employee website than 0 click account takeover
IBM Improper Authentication - Generic (CWE-287)
Critical
2023-06-21
Subdomain Takeover Affecting at vex.weather.com
IBM Improper Authentication - Generic (CWE-287)
Critical
2023-05-10
Cleartext storage of sensitive information at https://staging.status.ai-apps-comms.ibm.com/env can lead to account takeover of several IBM employees
IBM Cleartext Storage of Sensitive Information (CWE-312)
Critical
2022-09-09
Insecure Object Permissions for Guest User leads to access to internal documents!
IBM Improper Authentication - Generic (CWE-287)
Critical
2022-07-15
sql injection via https://setup.p2p.ihost.com/
IBM SQL Injection (CWE-89)
Critical
2022-06-17
SQL injection in URL path processing on www.ibm.com
IBM SQL Injection (CWE-89)
Critical
2022-05-06
Public Jenkins instance with /script enabled
IBM Improper Access Control - Generic (CWE-284)
Critical
2022-03-11
Remote Code Execution at https://169.38.86.185/ (edst.ibm.com)
IBM Command Injection - Generic (CWE-77)
Critical
2021-11-04
SQL Injection in IBM access control panel & Broken access in admin panel
IBM SQL Injection (CWE-89)
Critical
2021-10-18
Unauthorized Kubernetes to RCE (root) and found TEAMTNT Crypto Miner on it
IBM
Critical
2021-10-18
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895