目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
10
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:curl
Inconsistent URL Parsing in curl Leading to Potential SSRF and Access Control Bypass
curl Improper Input Validation (CWE-20)
Low
2025-09-26
Race condition on global `gss_context` during SOCKS5 GSS-API negotiation in libcurl
curl Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)
Medium
2025-09-26
Use-after-free when POST body buffer is freed before transfer
curl Use After Free (CWE-416)
Medium
2025-09-26
Timing Attack Vulnerability in curl Digest Authentication via Non-Constant-Time String Comparison
curl Information Exposure Through Timing Discrepancy (CWE-208)
Medium
2025-09-18
Security Analysis Report: CURL Integer Overflow Vulnerability
curl Integer Overflow (CWE-190)
Unknown
2025-09-18
int overflow in krb5_read_data() leads to (possible) massive `recv()` write
curl Integer Overflow (CWE-190)
Low
2025-09-18
Stack Buffer Overflow in cURL Cookie Parsing Leads to RCE
curl Stack Overflow (CWE-121)
High
2025-09-16
Multiple Unsafe strcpy() Function Calls Leading to Potential Buffer Overflow Vulnerabilities in cURL 8.16.1-DEV
curl Classic Buffer Overflow (CWE-120)
High
2025-09-14
TOCTOU Race Condition in HTTP/2 Connection Reuse Leads to Certificate Validation Bypass
curl Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
High
2025-09-11
CVE-2025-9086: Out of bounds read for cookie path
curl Buffer Over-read (CWE-126)CVE-2025-9086
Low
2025-09-10
CVE-2025-10148: predictable WebSocket mask
curl Reusing a Nonce, Key Pair in Encryption (CWE-323)CVE-2025-10148
Low
2025-09-10
Confirmed Security Misconfigurations on curl.se (BREACH, Missing Security Headers, ETag Info Disclosure)
curl Information Disclosure (CWE-200)CVE-2003-1418
Medium
2025-09-09
libcurl: Host-Only Cookies Leak to Alternate IPv4 Forms
curl
Unknown
2025-09-04
Heap-buffer-overflow (Out-of-Bounds Read) in DoH hostname encoding
curl Out-of-bounds Read (CWE-125)
None
2025-09-04
Incorrect Parsing of IPv6 Zone ID in curl
curl Authentication Bypass by Primary Weakness (CWE-305)
High
2025-09-01
Missing Security Headers
curl
Medium
2025-08-22
curl leaks destination IP via glibc getaddrinfo() UDP connect, bypassing SOCKS5/Tor
curl Information Disclosure (CWE-200)
Unknown
2025-08-20
Curl parse_connect_to_string Heap-Overread Leading to Denial of Service via CURLOPT_CONNECT_TO
curl Buffer Over-read (CWE-126)
Medium
2025-08-20
WebSocket Fragmentation DoS on Curl Client
curl Uncontrolled Resource Consumption (CWE-400)
High
2025-08-19
## Title Heap Use-After-Free Vulnerability in `curl` Leading to Potential Code Execution
curl Use After Free (CWE-416)
Medium
2025-08-18
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895