目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,221
关联 CVE
1,854
参与项目数
342
近 7 天新增
4
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
No Security check at changing password and at adding mobile number which leads to account takeover and spam
Khan Academy Violation of Secure Design Principles (CWE-657)
Medium
2017-02-21
[wave.informatica.com]- Subdomain missconfiguration
Informatica Violation of Secure Design Principles (CWE-657)
Medium
2017-02-19
QuickTime Promotion on a DoD website
U.S. Dept Of Defense Violation of Secure Design Principles (CWE-657)
Low
2017-02-15
Email Spoofing
PortSwigger Web Security Violation of Secure Design Principles (CWE-657)
Low
2017-02-14
API: Bug in method auth.signup , дающий возможность бесконечно звонить
VK.com Violation of Secure Design Principles (CWE-657)
Unknown
2017-02-13
Missing SPF Flags on nextcloud.com
Nextcloud Violation of Secure Design Principles (CWE-657)
Unknown
2017-02-10
X.509 certificate validation fails on international vanity domains
Yelp Violation of Secure Design Principles (CWE-657)
None
2017-02-06
Restricted file access when it exists in old versions of task or wiki document
Phabricator Violation of Secure Design Principles (CWE-657)
Unknown
2017-02-06
Enumerating emails through "Forgot Password" form
Phabricator Violation of Secure Design Principles (CWE-657)
Unknown
2017-02-06
cloudup Subdomain Takeover That resolves to Desk.com ( CNAME cloudup.desk.com )
Automattic Violation of Secure Design Principles (CWE-657)
Medium
2017-02-02
Securing "Reset password" pages from bots
Vimeo Violation of Secure Design Principles (CWE-657)
Unknown
2017-01-31
Subdomain take over signup.websummit
WebSummit Violation of Secure Design Principles (CWE-657)
Unknown
2017-01-29
Email Spoofing
Nextcloud Violation of Secure Design Principles (CWE-657)
Unknown
2017-01-25
Email Spoofing
Bumble Violation of Secure Design Principles (CWE-657)
Low
2017-01-24
[Screenhero] Subdomain takeover
Slack Violation of Secure Design Principles (CWE-657)
Unknown
2017-01-21
Email spoofing possible via Legal Robot domain
Legal Robot Violation of Secure Design Principles (CWE-657)
Unknown
2017-01-21
Validation bypass on user profile
Legal Robot Violation of Secure Design Principles (CWE-657)
Unknown
2017-01-20
No user confirmation when an auto-updated extension gets more permissions
Brave Software Violation of Secure Design Principles (CWE-657)
Low
2017-01-20
Text injection on Auth problem at urbandictionary.com
Urban Dictionary Violation of Secure Design Principles (CWE-657)
Unknown
2017-01-17
HTTP-Basic Authentication on logs.nextcloud.com
Nextcloud Violation of Secure Design Principles (CWE-657)
Unknown
2017-01-17
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl440
Node.js third-party modules307
GitLab258 $13,950
X / xAI250 $2,500
Uber239