目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
10
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:curl
Directory listing vulnerability is disclosing names and emails, widespread (thousands of records, publicly accessible without auth)
curl Information Exposure Through Directory Listing (CWE-548)
Critical
2026-01-14
Gopher Protocol Command Injection (SSRF Smuggling)
curl Server-Side Request Forgery (SSRF) (CWE-918)
High
2026-01-14
Use-After-Free in curl_easy_nextheader when reusing header handle across requests
curl Use After Free (CWE-416)
Unknown
2026-01-14
MQTT: unsigned integer underflow bypasses MAX_MQTT_MESSAGE_SIZE check
curl
Unknown
2026-01-13
integer Overflow in MQTT Protocol Handling Allows Bypassing Message Size Limit
curl Integer Overflow (CWE-190)
High
2026-01-13
Heap Out-of-Bounds Read in lib/http2.c via Malformed PUSH_PROMISE Headers
curl Out-of-bounds Read (CWE-125)
High
2026-01-10
CRLF Injection in HTTP header values allows arbitrary header injection
curl CRLF Injection (CWE-93)
None
2026-01-10
State Isolation Failure in Multiplexed Connections (Shared Auth Context)
curl Exposure of Data Element to Wrong Session (CWE-488)
Critical
2026-01-08
Stack Buffer Overflow in mprintf.c formatting function (fallback path)
curl Classic Buffer Overflow (CWE-120)
High
2026-01-08
inconsistently Rejection Logic in file:// URLs with Authority
curl Path Traversal (CWE-22)
Low
2026-01-08
CVE-2025-14524: bearer token leak on cross-protocol redirect
curl Insufficiently Protected Credentials (CWE-522)CVE-2025-14524
Low
2026-01-07
CVE-2025-15079: libssh global knownhost override
curl Improper Validation of Certificate with Host Mismatch (CWE-297)CVE-2025-15079
Low
2026-01-07
CVE-2025-15224: libssh key passphrase bypass without agent set
curl CVE-2025-15224
Low
2026-01-07
MQTT: Missing upper bound on incoming Remaining Length allows server-controlled long wait
curl Uncontrolled Resource Consumption (CWE-400)
Low
2026-01-06
Path Traversal in curl file:// Protocol Handler Allows Unauthorized File Access
curl Path Traversal (CWE-22)CVE-2021-22901
High
2026-01-04
Alt-Svc bypasses credential leak protection (CVE-2018-1000007)
curl Information Exposure Through Sent Data (CWE-201)CVE-2018-1000007
High
2026-01-04
PROTOCOL-LEVEL: Persistent UDP Amplification and Cache Poisoning via Alt-Svc Logic Flaw
curl Business Logic Errors (CWE-840)
High
2026-01-02
HTTP Request Smuggling and SSRF via CRLF Injection in Curl_add_custom_headers
curl HTTP Request Smuggling (CWE-444)
High
2026-01-02
CRLF Injection in Gopher Protocol (`lib/gopher.c`)
curl CRLF Injection (CWE-93)
Medium
2026-01-02
MQTT Protocol Violation & Integer Overflow in libcurl
curl Integer Overflow (CWE-190)
High
2026-01-01
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895