目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,226
关联 CVE
1,856
参与项目数
342
近 7 天新增
7
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 657 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Add new development stores without permission
Shopify Improper Access Control - Generic (CWE-284)
Medium
2021-06-04
Insufficient Session Expiration on Adobe Connect | https://█████████
U.S. Dept Of Defense Insufficient Session Expiration (CWE-613)
Medium
2021-06-03
CVE-2019-3403 on https://████/rest/api/2/user/picker?query=
U.S. Dept Of Defense Information Disclosure (CWE-200)CVE-2019-3403
Medium
2021-06-03
Blind SQL iNJECTION
U.S. Dept Of Defense SQL Injection (CWE-89)
Medium
2021-06-03
Reflected XSS
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-06-03
Reflected XSS at www.███████ at /██████████ via the ████████ parameter
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2017-14651
Medium
2021-06-03
Reflected XSS through clickjacking at https://████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-06-03
Reflected XSS on https://██████
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-06-03
XSS STORED AT socialclub.rockstargames.com (add friend request from profile attacker)
Rockstar Games Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-06-03
Reflected XSS on /admin/stats.php
Revive Adserver Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2021-22948
Medium
2021-06-03
SSL certificate not validated when registering with a provider
Nextcloud Cryptographic Issues - Generic (CWE-310)CVE-2021-22895
Medium
2021-06-02
Take over a mail account due missing validation of account id
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2021-32652
Medium
2021-06-01
Create alias does not validate account id
Nextcloud Improper Access Control - Generic (CWE-284)CVE-2021-22896
Medium
2021-06-01
Subdomain takeover of www2.growasyouplan.com
Palo Alto Software Externally Controlled Reference to a Resource in Another Sphere (CWE-610)
Medium
2021-05-29
Blocked user can see live video
TikTok Privacy Violation (CWE-359)
Medium
2021-05-28
IDOR leads to See analytics of Loyalty Program in any restaurant.
Uber Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2021-05-28
Bypass apiserver proxy filter
Kubernetes Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)CVE-2020-8562
Medium
2021-05-27
Git Config
MariaDB
Medium
2021-05-27
SMAP bypass
PlayStation CVE-2021-29628
Medium
2021-05-27
CSRF on TikTok Ads Portal
TikTok Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2021-05-26
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud583
Shopify464
curl442
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239