HITCON ZeroDay

Vulnerability List

漏洞列表

用戶所提交的漏洞列表。

通報漏洞

全部

某單位 IIS 伺服器 .svc API metadata 洩漏並可以直接對伺服器發 SOAP action
- HZD Code:ZD-2026-00819
- Risk:高
- Status:審核完成
- Date:2026/06/07
- Reported by:hw49
某單位 IIS 伺服器 .svc API metadata 洩漏與可以直接對伺服器發 SOAP action
- HZD Code:ZD-2026-00818
- Risk:高
- Status:審核完成
- Date:2026/06/07
- Reported by:hw49
某單位 CVE-2024-4577 RCE
- HZD Code:ZD-2026-00817
- Risk:嚴重
- Status:審核完成
- Date:2026/06/06
- Reported by:阿文
某單位登入API Stack Trace資訊洩漏
- HZD Code:ZD-2026-00816
- Risk:低
- Status:審核中
- Date:2026/06/06
- Reported by:日子總匯三明治
某單位白箱測試 - SQL Injection Bypass login + 後台存在弱密碼
- HZD Code:ZD-2026-00815
- Risk:高
- Status:審核完成
- Date:2026/06/06
- Reported by:阿文
某單位 CVE-2024-4577 RCE
- HZD Code:ZD-2026-00814
- Risk:嚴重
- Status:審核完成
- Date:2026/06/06
- Reported by:阿文
某單位 Bitmarkd 使用 float64 比對 difficulty，允許同值但較寬鬆的 compact target 通過 PoW 驗證
- HZD Code:ZD-2026-00813
- Risk:高
- Status:審核中
- Date:2026/06/04
- Reported by:老狼
某單位 rce
- HZD Code:ZD-2026-00812
- Risk:嚴重
- Status:審核完成
- Date:2026/06/04
- Reported by:5yu4n
某單位 tickets event routes authorize query eventId but read/update path id
- HZD Code:ZD-2026-00811
- Risk:中
- Status:審核中
- Date:2026/06/03
- Reported by:老狼
某單位 tickets reorder authorizes query.eventId but reorders another event tickets
- HZD Code:ZD-2026-00810
- Risk:中
- Status:審核中
- Date:2026/06/03
- Reported by:老狼

+10