目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
11
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:nextcloud
Path Traversal Vulnerability in Nextcloud Tables Enables Arbitrary File Exfiltration of Any Files Supported by PhpSpreadsheet Library
Nextcloud Path Traversal (CWE-22)CVE-2025-58051
Medium
2025-10-16
Directory Listing of publicly available assets
Nextcloud Information Exposure Through Directory Listing (CWE-548)
Medium
2025-09-29
Exposing debug.log file leads to server full path disclosure
Nextcloud Business Logic Errors (CWE-840)
Medium
2025-09-29
X-E2EE-SIGNATURE verification can be bypassed, leading to loss of confidentiality of end-to-end encrypted files
Nextcloud Improper Certificate Validation (CWE-295)CVE-2024-52510
Medium
2024-12-15
Incomplete sanitization in SVG preview provider
Nextcloud Information Disclosure (CWE-200)CVE-2024-52515
Medium
2024-12-15
Invisible Salamanders Attack against end_to_end_encryption in Nextcloud
Nextcloud Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
Medium
2024-12-03
External storage - global credentials returned to the client side in plaintext
Nextcloud Information Disclosure (CWE-200)CVE-2024-52517
Medium
2024-11-21
Nextcloud Tables app - inserting rows to an arbitrary table possible
Nextcloud CVE-2024-52511
Medium
2024-11-17
User can copy locked folders and gain access to the contents
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2024-52514
Medium
2024-11-16
ID4ME does not validate signature or expiration
Nextcloud Improper Verification of Cryptographic Signature (CWE-347)CVE-2024-37886
Medium
2024-07-14
Re-emergence of Security Vulnerability in Nextcloud Version 28 Previously Fixed in 25.0.4
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2024-37884
Medium
2024-07-14
Event create can create attachments that link to other websites
Nextcloud Open Redirect (CWE-601)CVE-2024-37316
Medium
2024-07-14
Ability to by-pass second factor
Nextcloud Improper Authentication - Generic (CWE-287)CVE-2024-37313
Medium
2024-07-14
Notes app can be tricked into using a received share created before the user logged in
Nextcloud Business Logic Errors (CWE-840)CVE-2024-37317
Medium
2024-06-19
see card comments after remove shared board
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2024-37883
Medium
2024-06-18
Read-only users can restore old versions
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2024-37315
Medium
2024-06-14
ID4me feature of OpenID connect app available even when disabled
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2024-37312
Medium
2024-05-30
Weak ssh algorithms and CVE-2023-48795 Discovered on various subdomains of nextcloud.com
Nextcloud Use of a Broken or Risky Cryptographic Algorithm (CWE-327)CVE-2023-48795
Medium
2024-05-22
Can download files by zipping the folder
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2024-22404
Medium
2024-02-17
Improper handling of request URLs in nextcloud/guests allows guest users to bypass app allowlist
Nextcloud Improper Handling of URL Encoding (Hex Encoding) (CWE-177)CVE-2024-22402
Medium
2024-01-18
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895