目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
10
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:valve
https://srcds.valve.net/find/ is leaking server config / API keys
Valve Information Disclosure (CWE-200)
High
2024-08-06
Add any depot to your app and access its contents without decryption key; via /apps/setcommonredists
Valve Improper Access Control - Generic (CWE-284)
High
2024-07-30
/applications/dpc_(get|post) provide full access to api.steampowered.com with the Dota2 API key
Valve Server-Side Request Forgery (SSRF) (CWE-918)
High
2024-07-30
Steam Deck Single Click Root Remote Code Execution
Valve
High
2023-08-01
Big Picture web browser leaks login cookies and discloses sensitive information (may lead to account takeover)
Valve Information Disclosure (CWE-200)
High
2021-09-21
[CS:GO] Unchecked texture file name with TEXTUREFLAGS_DEPTHRENDERTARGET can lead to Remote Code Execution
Valve Stack Overflow (CWE-121)
High
2021-05-06
[Source Engine] Material path truncation leads to Remote Code Execution
Valve Improper Input Validation (CWE-20)
High
2021-05-06
[Half-Life 1] Malformed map name leads to memory corruption and code execution
Valve Classic Buffer Overflow (CWE-120)
High
2020-09-22
Unauthorized updates to extended_info properties in /store/ajaxpackagesave
Valve Improper Access Control - Generic (CWE-284)
High
2020-09-09
Add apps to packages 0, 61, 62 with /store/ajaxpackagemerge
Valve Improper Access Control - Generic (CWE-284)
High
2020-09-09
[GoldSrc] RCE via 'spk' Console Command
Valve Classic Buffer Overflow (CWE-120)
High
2020-08-19
[GoldSrc] RCE via malformed BSP file
Valve Classic Buffer Overflow (CWE-120)
High
2020-08-19
Buffer overflow In hl.exe's launch -game argument allows an attacker to execute arbitrary code locally or from browser
Valve Stack Overflow (CWE-121)
High
2020-08-19
Malformed BSP in GoldSrc Engine may cause shellcode injection
Valve Classic Buffer Overflow (CWE-120)
High
2020-03-25
Vulnerability in GoldSource Engine allows to upload and run an arbitrary DLL on client
Valve Malware (CAPEC-549)
High
2020-03-25
Malformed .BMP file in Counter-Strike 1.6 may cause shellcode injection
Valve Classic Buffer Overflow (CWE-120)
High
2020-02-27
Malformed save files (.sav) allow to write files with arbitrary extensions and content in GoldSrc-based games.
Valve Malware (CAPEC-549)
High
2020-02-24
Arbitrary File Write as SYSTEM from unprivileged user
Valve Privilege Escalation (CAPEC-233)
High
2020-01-15
Malformed .MDL triggers an Access Violation on GoldSRC (hl.exe)
Valve Memory Corruption - Generic (CWE-119)
High
2019-10-09
Malformed playlist.txt in GoldSrc games leads to Access Violation & arbitrary code execution
Valve Stack Overflow (CWE-121)
High
2019-09-17
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895