目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,221
关联 CVE
1,854
参与项目数
342
近 7 天新增
8
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:curl
MQTT CONNACK Packet Type Bypass leads to RCE via Malicious Broker
curl ASI05: Unexpected Code Execution (RCE)
Critical
2026-05-05
Argument Injection via curl Short-Flag Grouping
curl Command Injection - Generic (CWE-77)
Critical
2026-04-13
Internal application wrapper or script using curl
curl Code Injection (CWE-94)
Critical
2026-04-03
Cookie Max-Age Integer Overflow Vulnerability
curl Integer Overflow (CWE-190)
Critical
2026-01-19
Directory listing vulnerability is disclosing names and emails, widespread (thousands of records, publicly accessible without auth)
curl Information Exposure Through Directory Listing (CWE-548)
Critical
2026-01-14
State Isolation Failure in Multiplexed Connections (Shared Auth Context)
curl Exposure of Data Element to Wrong Session (CWE-488)
Critical
2026-01-08
Cross‑Layer State Confusion in libcurl: Credential & Key‑Material Persistence Across Redirect / Connection Reuse Boundaries
curl Violation of Secure Design Principles (CWE-657)
Critical
2025-12-28
CRLF Injection / Protocol Smuggling in libcurl via CURLOPT_USERNAME (IMAP)
curl CRLF Injection (CWE-93)
Critical
2025-12-28
HTTP/3 Protocol Smuggling and Header Injection via CRLF in QPACK value conversion
curl CRLF Injection (CWE-93)
Critical
2025-12-27
Buffer Overflow in cURL Internal printf Function
curl Stack Overflow (CWE-121)
Critical
2025-12-12
Heap Buffer Overflow in TFTP
curl Heap Overflow (CWE-122)
Critical
2025-12-01
Silent TLS Trust Model Hijacking via `CURL_CA_BUNDLE` Environment Variable Leads to MITM
curl Improper Certificate Validation (CWE-295)
Critical
2025-11-11
Arbitrary Configuration File Inclusion: via External Control of File Name or Path
curl External Control of File Name or Path (CWE-73)
Critical
2025-11-10
SMTP CRLF Injection in curl/libcurl via MAIL FROM/RCPT TO parameters
curl
Critical
2025-11-10
Exposure of Hard-coded Private Keys and Credentials in curl Source Repository (CWE-321)
curl Use of Hard-coded Cryptographic Key (CWE-321)
Critical
2025-08-12
Title: Remote Code Execution (RCE) via Arbitrary Library Loading in `--engine` option
curl Code Injection (CWE-94)
Critical
2025-08-10
Path Traversal in SFTP QUOTE command leads to Arbitrary File Write and potential RCE
curl Relative Path Traversal (CWE-23)
Critical
2025-08-10
Arbitrary File Read via file:// Protocol in cURL
curl Path Traversal (CWE-22)
Critical
2025-07-09
Buffer Overflow in curl MQTT Test Server (tests/server/mqttd.c) via Malicious CONNECT Packet
curl Memory Corruption - Generic (CWE-119)
Critical
2025-06-28
Improper Restriction of Authentication Attempts in cURL
curl Improper Restriction of Authentication Attempts (CWE-307)
Critical
2025-06-28
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl440
Node.js third-party modules307
GitLab258 $13,950
X / xAI250 $2,500
Uber239 $9,895