目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1020

100%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,245
关联 CVE
1,864
参与项目数
343
近 7 天新增
24
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Access to ██████████████ due to weak credentials
8x8 Improper Authentication - Generic (CWE-287)
Medium
2020-01-08
Clickjacking on my.stripo.email for MailChimp credentials
Stripo Inc UI Redressing (Clickjacking) (CAPEC-103)
Medium
2020-01-08
xmlrpc.php FILE IS enable it will used for Bruteforce attack and Denial of Service(DoS)
Nord Security Uncontrolled Resource Consumption (CWE-400)
Medium
2020-01-06
Reflected + Stored XSS - https://discussion.evernote.com
Evernote Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-01-03
Use Github pack with Coda employee github account (search code of Coda's private repositories)
Superhuman (formerly Grammarly)
Medium
2020-01-02
RXSS to Stored XSS - forums.pubg.com | URL parameter
PUBG Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-01-02
Add store to new partner account without confirming email address.
Shopify Improper Access Control - Generic (CWE-284)
Medium
2020-01-02
protected Tweet settings overwritten by other settings
X / xAI
Medium
2020-01-01
[seeftl] Stored XSS when directory listing via filename.
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-15603
Medium
2019-12-31
[webpack-bundle-analyzer] Cross-site Scripting
Node.js third-party modules Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2019-12-30
Clickjacking vkpay
VK.com UI Redressing (Clickjacking) (CAPEC-103)
Medium
2019-12-30
stripo.email reflected xss
Stripo Inc Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-12-26
CRLF injection
X / xAI
Medium
2019-12-25
subdomain takeover at status0.stripo.email
Stripo Inc Privilege Escalation (CAPEC-233)
Medium
2019-12-23
No length on password
Stripo Inc
Medium
2019-12-23
Uncontrolled Resource Consumption in any Markdown field using Mermaid
GitLab Uncontrolled Resource Consumption (CWE-400)CVE-2019-15584CVE-2019-9220
Medium
2019-12-20
Stored XSS in Jetpack's Simple Payment Module by Contributors / Authors
Automattic Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2019-12-19
Password token leak via Host header
Stripo Inc Violation of Secure Design Principles (CWE-657)
Medium
2019-12-19
OLD SESSION DOES NOT EXPIRE AFTER PASSWORD CHANGE
Stripo Inc
Medium
2019-12-19
SSRF in /cabinet/stripeapi/v1/siteInfoLookup?url=XXX
Stripo Inc Server-Side Request Forgery (SSRF) (CWE-918)
Medium
2019-12-18
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239