目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1110

100%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,245
关联 CVE
1,864
参与项目数
343
近 7 天新增
23
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Organization Admin Privilege Escalation To Owner
Bitwarden Business Logic Errors (CWE-840)
Medium
2017-10-28
No notification on Password Change
Infogram
Medium
2017-10-27
No Confirmation or Notification During Email Change which can leads to account takeover
Infogram
Medium
2017-10-27
User enumeration via forgot password error message
Infogram
Medium
2017-10-27
CSV Injection https://hub.grab.com
Grab Command Injection - Generic (CWE-77)
Medium
2017-10-27
[www.zomato.com/dubai/gold] CRITICAL - Allowing arbitrary amount to become a GOLD Member
Eternal Improper Access Control - Generic (CWE-284)
Medium
2017-10-27
Report Private Links Leaks to Google Analytics via Query String Param
HackerOne Information Disclosure (CWE-200)
Medium
2017-10-25
IDNs displayed in unicode
Quora Violation of Secure Design Principles (CWE-657)
Medium
2017-10-25
Ruby 2.3.x and 2.2.x still bundle DoS vulnerable verision of libYAML
Ruby Memory Corruption - Generic (CWE-119)CVE-2014-9130
Medium
2017-10-25
Crashes/Buffer at 0x2C0086,name=PBrowser::Msg_Destroy
Tor Classic Buffer Overflow (CWE-120)
Medium
2017-10-24
Formula injection via CSV exports in WordCamp Talks plugin
Ian Dunn Command Injection - Generic (CWE-77)
Medium
2017-10-23
Potential server misconfiguration leads to disclosure of vendor/ directory
Eternal Forced Browsing (CWE-425)
Medium
2017-10-23
Open Redirect
Inflection Open Redirect (CWE-601)
Medium
2017-10-20
Enforce minimum master password complexity
Tor Password in Configuration File (CWE-260)
Medium
2017-10-19
[Markdown] Stored XSS via character encoding parser bypass
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2017-10-18
Open Redirect through POST Request
Inflection Open Redirect (CWE-601)
Medium
2017-10-16
Homograph fix Bypass
HackerOne Violation of Secure Design Principles (CWE-657)
Medium
2017-10-16
Cross Site WebSocket Hijacking
Legal Robot Improper Authentication - Generic (CWE-287)
Medium
2017-10-16
Improper access control lead To delete anyone comment
Paragon Initiative Enterprises Improper Access Control - Generic (CWE-284)
Medium
2017-10-16
Paragonie Airship Admin CSRF on Extensions Pages
Paragon Initiative Enterprises Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2017-10-16
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239