目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,221
关联 CVE
1,854
参与项目数
342
近 7 天新增
7
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:nextcloud
Cross site scripting - XSRF Token
Nextcloud Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2020-06-14
Allows any user to share their "Root" level folder by sharing "."
Nextcloud Improper Access Control - Generic (CWE-284)
None
2020-06-03
Mail does not verify IMAP/SMTP host connected via TLS
Nextcloud Improper Certificate Validation (CWE-295)CVE-2020-8156
Medium
2020-06-03
Code injection possible with malformed Nextcloud Talk chat commands
Nextcloud Code Injection (CWE-94)CVE-2020-8180
High
2020-06-02
XSS in PDF Viewer
Nextcloud Cross-site Scripting (XSS) - Generic (CWE-79)CVE-2020-8155CVE-2018-5158
Low
2020-05-23
Missing ownership check on remote wipe endpoint
Nextcloud Insecure Direct Object Reference (IDOR) (CWE-639)CVE-2020-8154
High
2020-04-19
User can delete data in shared folders he's not autorized to access
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2020-8153
Medium
2020-04-10
Code injection in macOS Desktop Client
Nextcloud Code Injection (CWE-94)CVE-2020-8140
Low
2020-04-10
"Secure View" aka "Hide Download" can be bypassed easily
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2020-8139
High
2020-04-10
Self xss
Nextcloud Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2020-04-05
potential RCE and XSS via file upload requiring user account and default settings
Nextcloud Code Injection (CWE-94)
High
2020-04-01
SSRF protection bypass
Nextcloud Server-Side Request Forgery (SSRF) (CWE-918)CVE-2020-8138
Medium
2020-03-14
Only the file extensions are checked, not the MIME types as configured
Nextcloud CVE-2019-15613
Medium
2020-03-14
Docker image with FPM is vulnerable to CVE-2019-11043
Nextcloud Code Injection (CWE-94)CVE-2019-11043
Critical
2020-03-14
http://www.nextcloud.com/wp-includes/js/swfupload/swfupload.swf allows open redirect / site defacement
Nextcloud Open Redirect (CWE-601)
Unknown
2020-03-07
Blind Stored XSS on iOS App due to Unsanitized Webview
Nextcloud Cross-site Scripting (XSS) - Stored (CWE-79)CVE-2019-15614
Low
2020-03-07
Remote code execution via path traversal in Zip extraction in the Extract app
Nextcloud Path Traversal (CWE-22)
High
2020-03-07
Disabled user can reset their password
Nextcloud Violation of Secure Design Principles (CWE-657)
None
2020-03-01
Nextcloud 10.0 privilege escalation issue - Normal user can mask external storage shared by admin
Nextcloud Privilege Escalation (CAPEC-233)
Medium
2020-03-01
**minor issue ** -Nextcloud 10.0 session issue with desktop client and android client
Nextcloud Violation of Secure Design Principles (CWE-657)
Medium
2020-03-01
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl440
Node.js third-party modules307
GitLab258 $13,950
X / xAI250 $2,500
Uber239 $9,895