目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
10
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:deptofdefense
[HTAF4-213] [Pre-submission] XSS via arbitrary cookie name at the https://www2.██████/nssi/core/dot_stu_reg/Registration.aspx
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-06-18
CVE-2021-39226 Discovered on endpoint https://██████/api/snapshots
U.S. Dept Of Defense Improper Access Control - Generic (CWE-284)CVE-2021-39226
High
2024-06-18
Reflected XSS via Keycloak on ███ [CVE-2021-20323]
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2021-20323
Medium
2024-05-03
reflected xss [CVE-2020-3580]
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2020-3580
Medium
2024-05-03
Reflected Cross-site Scripting via search query on ██████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-05-03
Reflected XSS on error message on Login Page
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-05-03
Reflected XSS via Moodle on ███ [CVE-2022-35653]
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2022-35653
Medium
2024-05-03
SQL injection on ██████████ via 'where' parameter
U.S. Dept Of Defense SQL Injection (CWE-89)
Medium
2024-05-03
███ leaking PII of tour visitors (names, email addresses, phone numbers) via misconfigured record permissions
U.S. Dept Of Defense Cleartext Storage of Sensitive Information (CWE-312)
Critical
2024-03-22
Improper Authentication (Login without Registration with any user) at ████
U.S. Dept Of Defense Improper Authentication - Generic (CWE-287)
High
2024-03-22
Xss - ███
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-03-22
Xss Parameter: /<s>/[*]/<s>.css ████████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-03-22
Attacker can Add itself as admin user and can also change privileges of Existing Users [█████████]
U.S. Dept Of Defense Improper Authentication - Generic (CWE-287)
Critical
2024-03-22
Parâmetro XSS: Nome de usuário - █████████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2024-03-22
Resource Injection - [████████]
U.S. Dept Of Defense Resource Injection (CWE-99)
Medium
2024-03-22
Full Access to sonarQube and Docker
U.S. Dept Of Defense Information Disclosure (CWE-200)
Critical
2024-03-22
Reflective Cross Site Scripting (XSS) on ███████/Pages
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2017-0255
Medium
2024-03-22
DBMS information getting exposed publicly on -- [ ██████████ ]
U.S. Dept Of Defense Insecure Storage of Sensitive Information (CWE-922)
High
2024-03-22
Time based SQL injection at████████
U.S. Dept Of Defense SQL Injection (CWE-89)
High
2024-01-26
Unauthenticated Jenkins instance exposed information related to █████
U.S. Dept Of Defense Improper Authentication - Generic (CWE-287)
High
2024-01-26
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895