目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,221
关联 CVE
1,854
参与项目数
342
近 7 天新增
4
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
xss reflected - pq.tva.com
Tennessee Valley Authority Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2023-09-11
Dependency Policy Bypass via process.binding
Internet Bug Bounty Privilege Escalation (CAPEC-233)
Medium
2023-09-09
Argocd's web terminal session doesn't expire
Internet Bug Bounty Insufficient Session Expiration (CWE-613)
Medium
2023-09-09
Permissions not respected when copying entire group folders
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2023-39952
Medium
2023-09-09
CVE-2023-24488 xss on https://██████/
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2023-24488
Medium
2023-09-08
stored cross site scripting in https://████████.edu
U.S. Dept Of Defense Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2023-09-08
XSS Reflected
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2023-09-08
SqlInject at ██████
U.S. Dept Of Defense SQL Injection (CWE-89)
Medium
2023-09-08
CVE-2023-40195: Apache Airflow Spark Provider Deserialization Vulnerability RCE
Internet Bug Bounty Deserialization of Untrusted Data (CWE-502)CVE-2023-40195
Medium
2023-09-08
yelp.com and biz.yelp.com ATO via XSS + Cookie Bridge
Yelp Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2023-09-08
[CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements
Internet Bug Bounty Cross-site Scripting (XSS) - DOM (CWE-79)CVE-2023-23913
Medium
2023-09-07
Triager/Team members can edit hacker's report and hacker is not even notified
HackerOne
Medium
2023-08-31
CSRF to delete a pet
Mars Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2023-08-30
Stored XSS + CSRF in "apellido" value
Mars Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2023-08-30
Response Manipulation lead to bypass verification code while making appointment at `█████████`
Mars Business Logic Errors (CWE-840)
Medium
2023-08-30
Html injection
Mars Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)
Medium
2023-08-30
HTTP Request Smuggling via Empty headers separated by CR
Internet Bug Bounty HTTP Request Smuggling (CWE-444)CVE-2023-30589
Medium
2023-08-28
Stored XSS on promo.indrive.com
inDrive Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2023-08-28
Staff and Triage can modify the initial post of a report, including of already disclosed reports
HackerOne Improper Access Control - Generic (CWE-284)
Medium
2023-08-28
odbc apache airflow provider code execution vulnerability
Internet Bug Bounty Privilege Escalation (CAPEC-233)
Medium
2023-08-26
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl440
Node.js third-party modules307
GitLab258 $13,950
X / xAI250 $2,500
Uber239