目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,220
关联 CVE
1,854
参与项目数
342
近 7 天新增
8
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Account Takeover on unverified emails in File Sync & Share
Acronis Violation of Secure Design Principles (CWE-657)
Medium
2021-06-16
Origin IP found, Cloudflare bypassed
CS Money Violation of Secure Design Principles (CWE-657)
Medium
2021-03-30
Over-Privileged API Credentials for Elastic Agent
Elastic Violation of Secure Design Principles (CWE-657)
Medium
2021-03-29
Indexing of urls on the "External link warning" pages discloses many vulnerable endpoints from the past and unlisted videos/photos
HackerOne Violation of Secure Design Principles (CWE-657)
Medium
2021-03-25
RDR2 game service method allows adding any player to a new Posse without consent
Rockstar Games Violation of Secure Design Principles (CWE-657)
Medium
2021-02-23
DNS Setup allows sending mail on behalf of other customers
Basecamp Violation of Secure Design Principles (CWE-657)
Medium
2021-02-21
Email flooding using user invitation feature in biz.yelp.com due to lack of rate limiting
Yelp Violation of Secure Design Principles (CWE-657)
Medium
2020-09-29
Session not invalidated after password reset
Gener8 Violation of Secure Design Principles (CWE-657)
Medium
2020-08-18
Unrestricted File Upload in Chat Window
OWOX, Inc. Violation of Secure Design Principles (CWE-657)
Medium
2020-08-16
No Rate Limiting on https://██████/██████████/accounts/password/reset/ endpoint leads to Denial of Service
U.S. Dept Of Defense Violation of Secure Design Principles (CWE-657)
Medium
2020-05-27
Improper email address verifiation while saving Account Details
Staging.every.org Violation of Secure Design Principles (CWE-657)
Medium
2020-03-23
**minor issue ** -Nextcloud 10.0 session issue with desktop client and android client
Nextcloud Violation of Secure Design Principles (CWE-657)
Medium
2020-03-01
WordPress vulnerable to multiple attacks at https://nextcloud.com
Nextcloud Violation of Secure Design Principles (CWE-657)
Medium
2020-03-01
Admin panel of https://www.stellar.org/wp-admin/
Stellar.org Violation of Secure Design Principles (CWE-657)
Medium
2020-02-23
No rate limiting for confirmation email lead to email flooding
Yelp Violation of Secure Design Principles (CWE-657)
Medium
2020-02-11
No Rate Limiting on /reset-password-request/ endpoint
Stripo Inc Violation of Secure Design Principles (CWE-657)
Medium
2020-02-04
Wordpress unzip_file path traversal
WordPress Violation of Secure Design Principles (CWE-657)
Medium
2020-01-29
Unrestricted file upload in www.semrush.com > /my_reports/api/v1/upload/image
Semrush Violation of Secure Design Principles (CWE-657)
Medium
2020-01-10
Password token leak via Host header
Stripo Inc Violation of Secure Design Principles (CWE-657)
Medium
2019-12-19
Access to job creation web page on http://████████
U.S. Dept Of Defense Violation of Secure Design Principles (CWE-657)
Medium
2019-12-02
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258 $1,730
X / xAI250 $2,500
Uber239 $9,895