目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1110 CNY

100%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,248
关联 CVE
1,864
参与项目数
343
近 7 天新增
16
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Creation of bounties through Customer API leads to private email disclosure
HackerOne Information Disclosure (CWE-200)
Critical
2024-03-26
███ leaking PII of tour visitors (names, email addresses, phone numbers) via misconfigured record permissions
U.S. Dept Of Defense Cleartext Storage of Sensitive Information (CWE-312)
Critical
2024-03-22
Improper Authentication (Login without Registration with any user) at ████
U.S. Dept Of Defense Improper Authentication - Generic (CWE-287)
High
2024-03-22
Xss - ███
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-03-22
Xss Parameter: /<s>/[*]/<s>.css ████████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-03-22
Attacker can Add itself as admin user and can also change privileges of Existing Users [█████████]
U.S. Dept Of Defense Improper Authentication - Generic (CWE-287)
Critical
2024-03-22
Parâmetro XSS: Nome de usuário - █████████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-03-22
Resource Injection - [████████]
U.S. Dept Of Defense Resource Injection (CWE-99)
Medium
2024-03-22
Full Access to sonarQube and Docker
U.S. Dept Of Defense Information Disclosure (CWE-200)
Critical
2024-03-22
Reflective Cross Site Scripting (XSS) on ███████/Pages
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2017-0255
Medium
2024-03-22
DBMS information getting exposed publicly on -- [ ██████████ ]
U.S. Dept Of Defense Insecure Storage of Sensitive Information (CWE-922)
High
2024-03-22
Authentication Bypass with usage of PreSignedURL
ownCloud Improper Access Control - Generic (CWE-284)
High
2024-03-22
Open Redirect via Non-Latin Subdomain in vcc-*.8x8.com/AGUI/█.php
8x8 Open Redirect (CWE-601)
Low
2024-03-20
PATCH method manipulation allowing the users to escalate their functionalities and edit (upgrade/downgrade) API Keys settings which is not allowed
Frontegg Improper Access Control - Generic (CWE-284)
Low
2024-03-20
Bypassing the block of Security Domain Restriction and normally invite blocked domains with special characters “İ”
Frontegg Business Logic Errors (CWE-840)
Medium
2024-03-20
XSS in new.loading.page.html
GoCD Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2024-28866
Low
2024-03-17
Being able to disclose IBB bounty table of any public program
HackerOne Information Disclosure (CWE-200)
Medium
2024-03-17
Denial of Service by resource exhaustion in fetch() brotli decoding
Node.js Uncontrolled Resource Consumption (CWE-400)CVE-2024-22025
Medium
2024-03-16
setuid() does not drop all privileges due to io_uring
Node.js Privilege Escalation (CAPEC-233)CVE-2024-22017
High
2024-03-16
Bypassing Collaborator Restrictions: Retaining Admin Access Post-Repository Transfer
GitHub Improper Access Control - Generic (CWE-284)CVE-2023-6803
Medium
2024-03-15
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239