目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
14
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:rocket_chat
RBAC bypass on App log endpoints via `permissionRequired` typo — any authenticated user reads admin-only Enterprise App logs
Rocket.Chat Improper Access Control - Generic (CWE-284)CVE-2026-29197
Medium
2026-04-23
Open Redirect in Rocket.Chat
Rocket.Chat Open Redirect (CWE-601)CVE-2026-22560
Medium
2026-04-10
Upload of Avatars for other Users
Rocket.Chat Improper Access Control - Generic (CWE-284)
Medium
2024-08-10
Online Status of arbitrary users can be changed
Rocket.Chat Improper Access Control - Generic (CWE-284)
Medium
2024-08-10
CSS Injection in Message Avatar
Rocket.Chat Code Injection (CWE-94)
Medium
2024-08-10
Unread Messages can leak Message IDs
Rocket.Chat Information Disclosure (CWE-200)
Medium
2024-08-10
Unauthenticated clients can modify Livechat Business Hours
Rocket.Chat Improper Access Control - Generic (CWE-284)
Medium
2024-08-10
Improper ACL in Message Starring
Rocket.Chat Improper Access Control - Generic (CWE-284)
Medium
2024-08-10
User Impersonation through sendMessage options
Rocket.Chat UI Redressing (Clickjacking) (CAPEC-103)
Medium
2024-08-10
Impersonation in Sequential Messages
Rocket.Chat
Medium
2024-08-10
NoSQL injection leaks visitor token and livechat messages
Rocket.Chat Information Disclosure (CWE-200)CVE-2024-37405
Medium
2024-07-11
Clickjacking at open.rocket.chat
Rocket.Chat UI Redressing (Clickjacking) (CAPEC-103)
Medium
2023-06-15
Cross-Site-Scripting in "Search Messages"
Rocket.Chat Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2023-28358
Medium
2023-05-09
Mute User can disclose private channel members to unauthorized users
Rocket.Chat Information Disclosure (CWE-200)CVE-2023-28357
Medium
2023-05-09
Maliciously crafted message can cause Rocket.Chat server to stop responding
Rocket.Chat Uncontrolled Resource Consumption (CWE-400)CVE-2023-28356
Medium
2023-05-09
Retrospective change of message timestamp and order
Rocket.Chat CVE-2023-28317
Medium
2023-04-25
Messages can be hidden regardless of server configuration
Rocket.Chat CVE-2023-28318
Medium
2023-04-25
getUsersOfRoom discloses users in private channels
Rocket.Chat CVE-2022-32226
Medium
2022-09-22
Rocket.chat user info security issue
Rocket.Chat Cleartext Transmission of Sensitive Information (CWE-319)CVE-2022-32227
Medium
2022-09-22
Message ID Enumeration with Regular Expression in getReadReceipts Meteor method
Rocket.Chat Information Disclosure (CWE-200)CVE-2022-32228
Medium
2022-09-22
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895