目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1110 CNY

100%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,247
关联 CVE
1,864
参与项目数
343
近 7 天新增
23
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
[hackerone.com] Program's old handles are not blacklisted like usernames and allows reclaim over past handles for potential abuse
HackerOne Violation of Secure Design Principles (CWE-657)
Medium
2024-05-30
ID4me feature of OpenID connect app available even when disabled
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2024-37312
Medium
2024-05-30
Proxy-Authorization header not cleared on cross-origin redirect in undici.request
Internet Bug Bounty Information Disclosure (CWE-200)CVE-2024-30260
Low
2024-05-29
Path traversal by monkey-patching Buffer internals
Internet Bug Bounty Path Traversal (CWE-22)CVE-2024-21896
High
2024-05-29
Improper handling of wildcards in --allow-fs-read and --allow-fs-write
Internet Bug Bounty Improper Access Control - Generic (CWE-284)CVE-2024-21890
Medium
2024-05-29
Non-authenticated path traversal leading to arbitrary file read
ExpressionEngine Path Traversal (CWE-22)CVE-2021-44534
High
2024-05-28
Import/Convert user file exposure leading to logins/passwords/PII leak.
ExpressionEngine Insecure Storage of Sensitive Information (CWE-922)
Low
2024-05-28
Arbitrary comment content change with GET CSRF.
ExpressionEngine Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2024-05-28
Arbitrary forum topic close with GET CSRF.
ExpressionEngine Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2024-05-28
Comment/channel unsubscribe GET CSRF
ExpressionEngine Cross-Site Request Forgery (CSRF) (CWE-352)
Low
2024-05-28
Stored XSS filter bypass on discussion forum. "URL" tag.
ExpressionEngine Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2024-05-28
Stored XSS filter bypass on discussion forum.
ExpressionEngine Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2024-05-28
Authenticated RCE via page title
ExpressionEngine Code Injection (CWE-94)
Medium
2024-05-28
PHP Code Injection through "Translate::save()" method
ExpressionEngine Code Injection (CWE-94)
Medium
2024-05-28
Low privileges (auth) Remote Command Execution - PHP file upload bypass.
ExpressionEngine Code Injection (CWE-94)CVE-2020-13443
High
2024-05-28
LLM03: Training Data Poisoning via ASCII decoding
HackerOne LLM01: Prompt Injection
None
2024-05-28
Stored-XSS injected in Wiki page via Banzai pipeline
GitLab Cross-site Scripting (XSS) - Stored (CWE-79)
High
2024-05-28
Lynxview JS interfaces Takeover via deeplink traversal
TikTok Cross-site Scripting (XSS) - DOM (CWE-79)
High
2024-05-24
[CVE-2024-26146] Header Parsing leads to Possible Denial of Service Vulnerability
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2024-26146
Low
2024-05-24
Inadequate redaction exposes sensitive information via the “ShareReportViaEmail" GraphQL endpoint
HackerOne
Medium
2024-05-24
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239