目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,232
关联 CVE
1,859
参与项目数
342
近 7 天新增
12
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 657 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Potential DDoS when posting long data into workflow validation rules
Nextcloud Uncontrolled Resource Consumption (CWE-400)CVE-2020-8293
Medium
2021-01-21
Manipulating response leads to free access to Streamlabs Prime
Logitech Business Logic Errors (CWE-840)
Medium
2021-01-21
Sensitive information disclosure to shared access user via streamlabs platform api
Logitech Information Disclosure (CWE-200)
Medium
2021-01-20
Moderator user has access to owner's support portal and tickets
Logitech Improper Access Control - Generic (CWE-284)
Medium
2021-01-20
Information Disclosure of Advertiser Account on TikTok Ads Portal
TikTok Information Disclosure (CWE-200)
Medium
2021-01-20
Unrestricted Upload of File with Dangerous Type
Enjin Business Logic Errors (CWE-840)
Medium
2021-01-20
[nextcloud.com] Control character allowed in Submit Question
Nextcloud Improper Access Control - Generic (CWE-284)
Medium
2021-01-20
loing in to marketplace panel on enablement.informatica.com
Informatica Improper Authentication - Generic (CWE-287)
Medium
2021-01-20
Open redirect in ck.php and lg.php
Revive Adserver Open Redirect (CWE-601)CVE-2021-22873
Medium
2021-01-20
Async search stores authorization headers in clear text
Elastic Cleartext Storage of Sensitive Information (CWE-312)
Medium
2021-01-19
Reflected XSS on /www/delivery/afr.php (bypass of report #775693)
Revive Adserver Cross-site Scripting (XSS) - Reflected (CWE-79)CVE-2021-22872
Medium
2021-01-19
2FA Session not expires after the password reset
Nextcloud Session Fixation (CWE-384)CVE-2019-15612
Medium
2021-01-18
Session Hijack via Self-XSS
Rocket.Chat Cross-site Scripting (XSS) - DOM (CWE-79)CVE-2020-8292
Medium
2021-01-17
[dy-server2] - stored Cross-Site Scripting
Node.js third-party modules Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2021-01-14
Bypass of #1047119: Missing Rate Limit while creating Plug-Ins at https://my.stripo.email/cabinet/plugins/
Stripo Inc Business Logic Errors (CWE-840)
Medium
2021-01-13
PII Information Leak at https://████████.mil/
U.S. Dept Of Defense Information Disclosure (CWE-200)
Medium
2021-01-12
System Error Reveals Sensitive SQL Call Data
U.S. Dept Of Defense Information Exposure Through Debug Information (CWE-215)
Medium
2021-01-12
Sensitive data exposure via https://███████/secure/QueryComponent!Default.jspa - CVE-2020-14179
U.S. Dept Of Defense Information Disclosure (CWE-200)CVE-2020-14179
Medium
2021-01-12
Sensitive data exposure via https://███/secure/QueryComponent!Default.jspa - CVE-2020-14179
U.S. Dept Of Defense Information Disclosure (CWE-200)CVE-2020-14179
Medium
2021-01-12
POST based RXSS on https://█████ via frm_email parameter
U.S. Dept Of Defense Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2021-01-12
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609 $1,500
Nextcloud583
Shopify464
curl447
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239