目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
10
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:deptofdefense
[CVE-2021-29156] LDAP Injection at https://██████
U.S. Dept Of Defense LDAP Injection (CWE-90)CVE-2021-29156
Medium
2021-08-26
XSS on ███
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-08-19
CUI labled and ████ and ██████ Restricted ██████ intelligence
U.S. Dept Of Defense Information Disclosure (CWE-200)
Medium
2021-08-19
XSS due to CVE-2020-3580 [███.mil]
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2020-3580
Medium
2021-08-19
S3 bucket listing/download
U.S. Dept Of Defense Improper Access Control - Generic (CWE-284)
Medium
2021-08-19
[CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol!
U.S. Dept Of Defense LDAP Injection (CWE-90)CVE-2021-29156
Medium
2021-08-19
All private support requests to ███████ are being disclosed at https://███████
U.S. Dept Of Defense Information Disclosure (CWE-200)
High
2021-07-29
SQL injection my method -1 OR 3*2*1=6 AND 000159=000159
U.S. Dept Of Defense Code Injection (CWE-94)
Medium
2021-07-29
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
U.S. Dept Of Defense Code Injection (CWE-94)CVE-2021-35464
High
2021-07-29
Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████
U.S. Dept Of Defense File and Directory Information Exposure (CWE-538)CVE-2019-11510CVE-2019-11542CVE-2019-11539CVE-2019-11538CVE-2019-11508CVE-2019-11540
Critical
2021-07-29
XSS DUE TO CVE-2020-3580
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2020-3580
Medium
2021-07-29
XSS DUE TO CVE-2020-3580
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2020-3580
Medium
2021-07-29
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
U.S. Dept Of Defense Code Injection (CWE-94)CVE-2021-35464
High
2021-07-29
Reflected XSS - https://███
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-07-29
[HTAF4-213] [Pre-submission] CVE-2018-2879 (padding oracle attack in the Oracle Access Manager) at https://█████████
U.S. Dept Of Defense Cryptographic Issues - Generic (CWE-310)CVE-2018-2879
High
2021-07-29
XSS Reflected on https://███ (███ parameter)
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-07-29
xss on https://███████(█████████ parameter)
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-07-29
xss reflected on https://███████- (███ parameters)
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-07-29
Cross site scripting
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-07-29
SQLi on █████████
U.S. Dept Of Defense SQL Injection (CWE-89)
High
2021-07-29
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895