目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,250
关联 CVE
1,864
参与项目数
343
近 7 天新增
6
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Weak Password Policy
Yelp Violation of Secure Design Principles (CWE-657)
Low
2017-11-09
Possible content spoofing due to missing error page
Yelp Violation of Secure Design Principles (CWE-657)
Low
2017-11-09
Clickjacking @ Main Domain[www.yelp.com]
Yelp UI Redressing (Clickjacking) (CAPEC-103)
Low
2017-11-09
User can be fooled to Bookmark any restaurant by clickjacking
Yelp UI Redressing (Clickjacking) (CAPEC-103)
Low
2017-11-09
ClickJacking in editing business name
Yelp UI Redressing (Clickjacking) (CAPEC-103)
Low
2017-11-09
Email Spoofing
Aspen Violation of Secure Design Principles (CWE-657)
Low
2017-11-09
A10 – Unvalidated Redirects and Forwards
Infogram Open Redirect (CWE-601)
Low
2017-11-09
Self-XSS in WordPress Editor Link Modal
WordPress Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-11-08
Internal Ports Scanning via Blind SSRF (URL Redirection to beat filter)
Infogram Server-Side Request Forgery (SSRF) (CWE-918)
Low
2017-11-08
OS username disclosure
Brave Software Privacy Violation (CWE-359)
Low
2017-11-07
[marketplace.informatica.com] User email disclosure
Informatica Privacy Violation (CWE-359)
Low
2017-11-07
Tabnabbing via window.opener
Infogram Violation of Secure Design Principles (CWE-657)
Low
2017-11-06
Weak Password Policy on Signup
Infogram Violation of Secure Design Principles (CWE-657)
Low
2017-11-06
SPF Misconfiguration
Infogram Violation of Secure Design Principles (CWE-657)
Low
2017-11-06
DOM-based XSS in store.starbucks.co.uk on IE 11
Starbucks Cross-site Scripting (XSS) - DOM (CWE-79)
Low
2017-11-03
[BuddyPress 2.9.1] Open Redirect via "wp_http_referer" parameter on "bp-profile-edit" endpoint
WordPress Open Redirect (CWE-601)
Low
2017-11-02
Stored XSS vulnerability in additional URLs in 'Location' dialog [Sitemap]
Concrete CMS Cross-site Scripting (XSS) - Stored (CWE-79)
Low
2017-11-02
Missing SSL can leak job token
WordPress Cleartext Transmission of Sensitive Information (CWE-319)
Low
2017-11-01
Incorrect Functionality of Password reset links
Infogram Violation of Secure Design Principles (CWE-657)
Low
2017-10-30
Using an outdated version of OpenSSH on db01.wakatime.com
WakaTime Information Disclosure (CWE-200)
Low
2017-10-29
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl459
Node.js third-party modules307
GitLab258
X / xAI250 $7,000
Uber239