目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
10
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:curl
Unicode-to-ASCII conversion on Windows can lead to argument injection and more
curl Encoding Error (CWE-172)
High
2024-06-18
Incorrect Encoding Conversion in hostname results in indeterminate SSRF vulnerabilities
curl Type Confusion (CWE-843)CVE-2012-1823CVE-2024-4577
Low
2024-06-18
Denial of Service in curl Request - HTTP headers eat all memory
curl Allocation of Resources Without Limits or Throttling (CWE-770)
Medium
2024-06-18
Incorrect Type Conversion in interpreting IPv4-mapped IPv6 addresses and below `curl` results in indeterminate SSRF vulnerabilities.
curl Type Confusion (CWE-843)CVE-2023-24329CVE-2024-22243
Critical
2024-05-08
cookie is sent on redirect
curl Insufficiently Protected Credentials (CWE-522)
Medium
2024-03-28
CVE-2024-2004: Usage of disabled protocol
curl Misinterpretation of Input (CWE-115)CVE-2024-2004
Low
2024-03-27
HTTP/2 PUSH_PROMISE DoS
curl Uncontrolled Resource Consumption (CWE-400)
Medium
2024-03-27
CVE-2024-2466: TLS certificate check bypass with mbedTLS
curl Improper Validation of Certificate with Host Mismatch (CWE-297)CVE-2016-3739CVE-2013-4545CVE-2013-6422CVE-2014-0139CVE-2014-1263CVE-2014-2522CVE-2014-8151CVE-2024-2466
Medium
2024-03-27
CVE-2024-2398: HTTP/2 push headers memory-leak
curl Uncontrolled Resource Consumption (CWE-400)CVE-2024-2398
Medium
2024-03-27
CVE-2024-2379: QUIC certificate check bypass with wolfSSL
curl Improper Certificate Validation (CWE-295)CVE-2024-2379
Low
2024-03-27
CVE-2024-0853: OCSP verification bypass with TLS session reuse
curl Improper Check for Certificate Revocation (CWE-299)CVE-2024-0853
Low
2024-01-31
Buffer Overflow Vulnerability in WebSocket Handling
curl Heap Overflow (CWE-122)
High
2024-01-02
CVE-2023-46219: HSTS long file name clears contents
curl Missing Encryption of Sensitive Data (CWE-311)CVE-2023-46219
Low
2023-12-08
CVE-2023-46218: cookie mixed case PSL bypass
curl Information Exposure Through Sent Data (CWE-201)CVE-2023-46218
Medium
2023-12-06
Buffer overflow and affected url:-https://github.com/curl/curl/blob/master/docs/examples/hsts-preload.c
curl Classic Buffer Overflow (CWE-120)
Critical
2023-11-15
[Critical] Curl CVE-2023-38545 vulnerability code changes are disclosed on the internet
curl Information Disclosure (CWE-200)
Critical
2023-10-16
CVE-2023-38546: cookie injection with none file
curl External Control of File Name or Path (CWE-73)CVE-2023-38546
Low
2023-10-11
CVE-2023-38545: socks5 heap buffer overflow
curl Heap Overflow (CWE-122)CVE-2023-38545
High
2023-10-11
NULL Pointer dereference in idn.c
curl NULL Pointer Dereference (CWE-476)
Critical
2023-09-20
CVE-2023-38039: HTTP header allocation DOS
curl Allocation of Resources Without Limits or Throttling (CWE-770)CVE-2023-38039
Medium
2023-09-13
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895