目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,240
关联 CVE
1,863
参与项目数
342
近 7 天新增
20
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 657 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
No rate limiting - Create Plug-ins
Stripo Inc Business Logic Errors (CWE-840)
Medium
2021-01-05
Read-only application can publish/delete fleets
X / xAI Privilege Escalation (CAPEC-233)
Medium
2021-01-04
████.
Omise Improper Access Control - Generic (CWE-284)
Medium
2021-01-02
CORS bypass on TikTok Ads Endpoint
TikTok Misconfiguration (CWE-16)
Medium
2020-12-31
Cross Site Scripting using Email parameter in Ads endpoint 2
TikTok Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-12-30
Possible (we need to wait for some time) takeover of subdomain badootech.badoo.com which is pointing to Medium servers
Bumble Business Logic Errors (CWE-840)
Medium
2020-12-30
Cross Site Scripting using Email parameter in Ads endpoint 1
TikTok Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-12-29
Internal API endpoint is accesible for everyone
WHO COVID-19 Mobile App Improper Access Control - Generic (CWE-284)
Medium
2020-12-28
CSRF in changing users donation_settings [https://streamlabs.com/api/v6/viewer-portal/viewer-settings/donation_settings]
Logitech Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2020-12-26
XSS in Email Input [intensedebate.com]
Automattic Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2020-12-26
Identify unique user ID of all the profiles
Bumble Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2020-12-25
Stored XSS at "Conditions " through "My Custom Rule" Field at [https://my.stripo.email/cabinet/#/template-editor/] in Template Editor.
Stripo Inc Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2020-12-24
Stored XSS at Template Editor in "Section Name" Field of Block element 'Accordion'.
Stripo Inc Cross-site Scripting (XSS) - Stored (CWE-79)
Medium
2020-12-24
CSRF for deleting videos
TikTok Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2020-12-23
DMARC and SPF records
WHO COVID-19 Mobile App
Medium
2020-12-22
Multiple Cross-Site Scripting vulnerability via the language parameter
TikTok Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-12-21
CreatorID leaked from public content posted to SnapMaps
Snapchat Server-Side Request Forgery (SSRF) (CWE-918)
Medium
2020-12-18
Bypass Tracking Blocker Protection Using Slashes Without Protocol On The Image Source.
Basecamp
Medium
2020-12-17
DOMPurify bypass
Internet Bug Bounty Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2020-12-17
XSS reflected on [https://www.pixiv.net]
pixiv Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2020-12-17
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609 $1,500
Nextcloud583
Shopify464
curl455
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239