目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,222
关联 CVE
1,855
参与项目数
342
近 7 天新增
3
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Able to detect if a user is FetLife supporter although this user hides their support badge in fetlife.com/conversations/{id} JSON response
FetLife Information Disclosure (CWE-200)
Medium
2022-02-11
Information Exposure Through Directory Listing vulnerability
Nextcloud Information Exposure Through Directory Listing (CWE-548)
Medium
2022-02-11
[h1-2102] Information disclosure - ShopifyPlus add user displays existing Shopify ID fullname
Shopify Information Disclosure (CWE-200)
Medium
2022-02-10
Sending Arbitrary Requests through Jupyter Notebooks on gitlab.com and Self-Hosted GitLab Instances
GitLab Command Injection - Generic (CWE-77)
Medium
2022-02-10
Node.js Certificate Verification Bypass via String Injection
Node.js Improper Following of a Certificate's Chain of Trust (CWE-296)CVE-2021-44531CVE-2021-44532CVE-2021-44533
Medium
2022-02-10
Cross-site Scripting (XSS) - Stored | forum.acronis.com
Acronis Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2022-02-08
Stored Cross-site Scripting on devicelock.com/forum/
Acronis Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2022-02-08
Attacker Can Access to any Ticket Support on https://www.devicelock.com/support/
Acronis Improper Access Control - Generic (CWE-284)
Medium
2022-02-08
Information Disclosure via ZIP file on AWS Bucket [http://acronis.1.s3.amazonaws.com]
Acronis Information Disclosure (CWE-200)
Medium
2022-02-08
Leaking sensitive information through JSON file path.
Nextcloud Insecure Storage of Sensitive Information (CWE-922)
Medium
2022-02-07
Email/OTP verification bypass leads to Pre-Account Takeover.
S-Pankki Improper Authentication - Generic (CWE-287)
Medium
2022-02-07
Arbitrary file read in Rocket.Chat-Desktop
Rocket.Chat
Medium
2022-02-06
SQL injection at /admin.php?/cp/members/create
ExpressionEngine SQL Injection (CWE-89)CVE-2020-8242
Medium
2022-02-01
Reflected Xss On https://vk.com/search
VK.com Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2022-02-01
No character limit in password field
UPchieve Use of Hard-coded Password (CWE-259)
Medium
2022-01-30
XSS via X-Forwarded-Host header
Omise Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2022-01-29
Improper access control for users with expired password, giving the user full access through API and Git
GitLab Improper Access Control - Generic (CWE-284)
Medium
2022-01-27
subdomain takeover on fddkim.zomato.com
Eternal Privilege Escalation (CAPEC-233)
Medium
2022-01-27
Specific Payload makes a Users Posts unavailable
FetLife Uncontrolled Resource Consumption (CWE-400)
Medium
2022-01-26
No length on password
Imgur Weak Password Recovery Mechanism for Forgotten Password (CWE-640)
Medium
2022-01-24
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl440
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239