显示行数:
共计条目: 14617
厂商 (program) 标题 (title) 链接 (link) 点赞数 (upvotes) 奖金 (bounty) 漏洞类型 (vuln_type)
Shopifymruby-engine: UAF in MRubyEngine#initialize enables local RCE3$0.0
Node.jsIncomplete fix for CVE-2026-21637: loadSNI() in _tls_wrap.js lacks try/catch leading to Remote DoS18$0.0
Rocket.ChatRBAC bypass on App log endpoints via `permissionRequired` typo — any authenticated user reads admin-only Enterprise App logs21$0.0Improper Access Control - Generic
Rocket.ChatComplete authentication bypass to admin permissions46$0.0SQL Injection
NextcloudSVG filter primitives bypass remote image blocking, enabling email tracking without consent.42$0.0Privacy Violation
Nextcloudposition: fixed !important bypasses CSS sanitizer's fixed-position mitigation, enabling full-viewport phishing overlays.37$0.0Resource Injection
NextcloudUnquoted body background attribute enables CSS injection that bypasses remote image blocking29$0.0Resource Injection
NextcloudSMIL values and by attributes bypass remote image blocking via unvalidated resource-loading animations, enabling email tracking without consent23$0.0Remote File Inclusion
curllibcurl omits IPv6 zoneid from host identity and leaks credentials/cookies across scoped link-local realms25$0.0Information Disclosure
curlDigest Auth State Leak on Cross-Origin Redirect via Netrc - Username and Password Hash Sent to Wrong Host12$0.0Insufficiently Protected Credentials
NextcloudStored XSS in attachment-display exploitable through SameSite32$0.0Cross-site Scripting (XSS) - Stored
curllibcurl reuses a learned RTSP Session header across different hosts on the same easy handle, enabling cross-host session leak and replay12$0.0Exposure of Data Element to Wrong Session
Ruby on RailsRails::HTML::Sanitizer.allowed_uri? returns true for entity-encoded control-character-split javascript: URLs20$0.0
curllibcurl stale CURLOPT_AUTOREFERER leaks a previous request URL to a different origin on a reused easy handle21$0.0Information Exposure Through Sent Data
HackerOneResidual Malicious Payloads on HackerOne after Vulnerability Fixes56$0.0Improper Input Validation