The "NVWA Project" is a reward project for the 0day vulnerability and utilization technology research, mainly for mainstream PC, mobile operating systems, popular servers, client software applications, network equipments, virtual system escape, etc. We provide generous bonuses that the highest reward for a single vulnerability could up to ¥20,000,000!

Target Directory

Including but not limited to the following ranges, the target directory will be updated regularly

New Tablenew

Target Version Type Require Date Effective date(d) TopPrice(¥)

Long-term Table

Target Version Type Require Date Effective date(d) TopPrice(¥)
3CX - RCE Zero-Click 2020-09-04 150,000
ABB - RCE Zero-Click 2020-09-04 150,000
ABB Ability - RCE Zero-Click 2020-09-04 150,000
Acme - RCE Zero-Click 2020-09-04 150,000
ActiveMQnew - RCE Zero-Click 2021-01-05 50,000
ADCnew - RCE Zero-Click 2021-01-05 20,000
Adobe - RCE 1-Click 2020-09-04 800,000
Adobe-PDF - RCE 1-Click 2019-11-08 800,000
advantech - RCE Zero-Click 2020-09-04 150,000
Airos - RCE Zero-Click 2020-09-04 350,000
Android - FCWP Zero-Click 2019-11-08 20,000,000
Anydesk - RCE Zero-Click 2020-09-04 150,000
anymacro安宁邮箱new - RCE/AUL Zero-Click 2021-01-05 500,000
Apache - RCE Zero-Click 2020-09-04 500,000
Apache Shironew - RCE Zero-Click 2021-01-05 100,000
Apache Sparknew - RCE Zero-Click 2021-01-05 20,000
Apache Struts2new - RCE Zero-Click 2021-01-05 500,000
Apereo CASnew - RCE/AUL Zero-Click 2021-01-05 100,000
ArcSight - RCE Zero-Click 2020-08-07 350,000
ASUS - RCE Zero-Click 2020-09-04 200,000
Atlassian - RCE Zero-Click 2020-09-04 400,000
Atlassian Jiranew - RCE Zero-Click 2021-01-05 300,000
AudioCodes - RCE Zero-Click 2020-09-04 150,000
Avaya - RCE Zero-Click 2020-09-04 150,000
Barracuda - RCE Zero-Click 2020-09-04 200,000
beyondtrust - RCE Zero-Click 2020-09-04 200,000
BlueCoat - RCE Zero-Click 2020-09-04 200,000
Bluecoat-ProxySG - RCE Zero-Click 2019-11-08 800,000
BroadForward - RCE Zero-Click 2020-09-04 200,000
Cacti - RCE Zero-Click 2020-09-04 150,000
CheckPoint - RCE Zero-Click 2020-09-04 350,000
Chrome - RCE+LPE Zero-Click 2019-11-08 3,000,000
Cisco - RCE Zero-Click 2019-11-08 5,000,000
CISCO firewallnew - RCE Zero-Click 2021-01-05 500,000
CISCO SSL VPNnew - RCE/AUL Zero-Click 2021-01-05 500,000
Citrix - RCE Zero-Click 2020-09-04 350,000
ClearScada - RCE Zero-Click 2020-09-04 150,000
Confluencenew - RCE/AUL Zero-Click 2021-01-05 300,000
Coremailnew - RCE/AUL Zero-Click 2021-01-05 500,000
CourierMail Server - RCE Zero-Click 2020-09-04 150,000
Cpanel - RCE Zero-Click 2020-08-07 350,000
Cyberoam - RCE Zero-Click 2020-09-04 200,000
Dedecmsnew - RCE Zero-Click 2021-01-05 50,000
Defense Software - RCE Zero-Click 2019-11-08 500,000
Diameteriq - RCE Zero-Click 2020-09-04 150,000
Discuznew - RCE Zero-Click 2021-01-05 50,000
dlinknew - RCE Zero-Click 2021-01-05 50,000
Docker - SBX Zero-Click 2020-09-04 500,000
Dovecot - RCE Zero-Click 2020-09-04 150,000
Drupal - RCE Zero-Click 2020-09-04 150,000
easysitenew - RCE Zero-Click 2021-01-05 30,000
ECShopnew - RCE Zero-Click 2021-01-05 20,000
Emerson - RCE Zero-Click 2020-09-04 150,000
EmpireCMSnew - RCE Zero-Click 2021-01-05 20,000
Ericsson HSS - RCE Zero-Click 2020-09-04 150,000
eScan - RCE Zero-Click 2020-09-04 150,000
Exchange - RCE Zero-Click 2020-08-07 800,000
EXIM - RCE Zero-Click 2020-09-04 350,000
expressnew - RCE Zero-Click 2021-01-05 50,000
F5 - RCE Zero-Click 2020-09-04 500,000
F5 BIG-IPnew - RCE Zero-Click 2021-01-05 500,000
Fastjsonnew - RCE Zero-Click 2021-01-05 500,000
Firefox - RCE+LPE Zero-Click 2019-11-01 800,000
FortiGate - RCE Zero-Click 2020-08-07 350,000
Fortigate-Firewall - RCE Zero-Click 2019-11-08 800,000
FortiNet - RCE Zero-Click 2020-09-04 350,000
Fortinet(飞塔) Firewallnew - RCE Zero-Click 2021-01-05 50,000
Foxit - RCE+LPE 1-Click 2020-09-04 500,000
FreeBSD - LPE Zero-Click 2020-08-07 500,000
FusionAccessnew - RCE Zero-Click 2021-01-05 50,000
Giteanew - RCE Zero-Click 2021-01-05 50,000
Gitlabnew - RCE Zero-Click 2021-01-05 50,000
Grandstream - RCE Zero-Click 2020-09-04 150,000
H3C - RCE Zero-Click 2020-08-07 500,000
Hadoopnew - RCE Zero-Click 2021-01-05 50,000
HanSight Enterprisenew - RCE Zero-Click 2021-01-05 50,000
Harbornew - RCE Zero-Click 2021-01-05 20,000
HttpFileServer - RCE Zero-Click 2020-09-04 150,000
IBM - RCE Zero-Click 2020-09-04 350,000
IE - RCE 1-Click 2020-09-04 800,000
Ignition - RCE Zero-Click 2020-09-04 150,000
IIS - RCE Zero-Click 2020-09-04 3,000,000
iOS - FCWP Zero-Click 2019-11-08 15,000,000
jacksonnew - RCE Zero-Click 2021-01-05 500,000
Jboss - RCE Zero-Click 2020-09-04 500,000
jeecmsnew - RCE Zero-Click 2021-01-05 20,000
JeeSitenew - RCE Zero-Click 2021-01-05 10,000
Jenkinsnew - RCE Zero-Click 2021-01-05 50,000
jettynew - RCE Zero-Click 2021-01-05 300,000
JFinalnew - RCE Zero-Click 2021-01-05 20,000
jumpservernew - RCE/AUL Zero-Click 2021-01-05 50,000
juniper - RCE Zero-Click 2019-11-08 2,000,000
Kaspersky - RCE Zero-Click 2020-09-04 150,000
kxmailnew - RCE/AUL Zero-Click 2021-01-05 50,000
Laravelnew - RCE Zero-Click 2021-01-05 20,000
Liferay - RCE Zero-Click 2020-09-04 150,000
Linksys - RCE Zero-Click 2020-09-04 150,000
Linux - LPE Zero-Click 2019-11-08 500,000
MAC - RCE Zero-Click 2020-09-04 3,000,000
Mailman - RCE Zero-Click 2020-09-04 150,000
McAfee - RCE Zero-Click 2020-09-04 200,000
MetInfonew - RCE Zero-Click 2021-01-05 10,000
Microsoft - RCE Zero-Click 2020-09-04 1,000,000
Microsoft SharePointnew - RCE Zero-Click 2021-01-05 200,000
Mikrotik - RCE Zero-Click 2020-09-04 150,000
ModSecuritynew - RCE Zero-Click 2021-01-05 20,000
MOXA - RCE Zero-Click 2020-09-04 150,000
MS-Office - RCE Zero-Click 2019-11-08 1,500,000
NAGIOS - RCE Zero-Click 2020-09-04 200,000
Netflow - RCE Zero-Click 2020-09-04 150,000
NetScreen - RCE Zero-Click 2020-09-04 150,000
Nexusnew - RCE Zero-Click 2021-01-05 20,000
Onlyoffice - RCE Zero-Click 2020-09-04 150,000
OpenFind - RCE Zero-Click 2020-09-04 150,000
OSPF Routing Protocol - RCE Zero-Click 2020-09-04 150,000
Other Office - RCE Zero-Click 2019-11-08 500,000
Outlook - RCE Zero-Click 2020-09-04 1,500,000
Paloalto - RCE Zero-Click 2020-09-04 150,000
Peplink - RCE Zero-Click 2020-09-04 150,000
PFsense - RCE Zero-Click 2020-09-04 350,000
phabricator - RCE Zero-Click 2020-09-04 150,000
PHP - RCE Zero-Click 2020-09-04 1,500,000
Phpcmsnew - RCE Zero-Click 2021-01-05 50,000
Phpmyadminnew - RCE Zero-Click 2021-01-05 100,000
phpStudynew - RCE Zero-Click 2021-01-05 20,000
PLESK - RCE Zero-Click 2020-09-04 800,000
Profibus protocol - RCE Zero-Click 2020-09-04 150,000
Pulse Secure - RCE Zero-Click 2020-09-04 350,000
Pulse Secure VPNnew - RCE/AUL Zero-Click 2021-01-05 500,000
QEMU - VME Zero-Click 2020-08-07 800,000
Qnap - RCE Zero-Click 2020-09-04 150,000
Redmine - RCE Zero-Click 2020-09-04 150,000
resinnew - RCE Zero-Click 2021-01-05 100,000
Ribbon - RCE Zero-Click 2020-09-04 150,000
richmail(thinkmail)new - RCE/AUL Zero-Click 2021-01-05 100,000
RoundCube - RCE Zero-Click 2020-09-04 150,000
SaltStacknew - RCE Zero-Click 2021-01-05 20,000
Sangoma - RCE Zero-Click 2020-09-04 150,000
Schneider - RCE Zero-Click 2020-08-07 350,000
SE Inno CMS - RCE Zero-Click 2020-09-04 150,000
SendMail - RCE Zero-Click 2020-09-04 1,000,000
SharePoint - RCE Zero-Click 2020-09-04 200,000
Siemens - RCE Zero-Click 2020-09-04 200,000
SIMATIC - RCE Zero-Click 2020-09-04 200,000
SiteServernew - RCE Zero-Click 2021-01-05 20,000
SNMP - RCE Zero-Click 2020-09-04 500,000
Solaris - LPE Zero-Click 2019-11-08 500,000
Solarwinds - RCE Zero-Click 2020-09-04 150,000
Sonus - RCE Zero-Click 2020-09-04 150,000
Sophos - RCE Zero-Click 2020-09-04 200,000
Splunk - RCE Zero-Click 2020-09-04 150,000
Spring Bootnew - RCE Zero-Click 2021-01-05 500,000
Spring Security Oauthnew - RCE Zero-Click 2021-01-05 50,000
StormShield - RCE Zero-Click 2020-09-04 200,000
Struts2 - RCE Zero-Click 2020-09-04 350,000
SWIFTNet - RCE Zero-Click 2020-09-04 150,000
Symantec - RCE Zero-Click 2020-09-04 150,000
Synology - RCE Zero-Click 2020-09-04 150,000
TACACS - RCE Zero-Click 2020-09-04 150,000
TeamViewernew - RCE Zero-Click 2021-01-05 50,000
Telegram - RCE+LPE Zero-Click 2019-11-08 5,000,000
Thinkphp - RCE Zero-Click 2020-09-04 500,000
TPlinknew - RCE Zero-Click 2021-01-05 50,000
Trend Micro - RCE Zero-Click 2020-09-04 200,000
turbomailnew - RCE/AUL Zero-Click 2021-01-05 20,000
Unify - RCE Zero-Click 2020-09-04 150,000
Virtual Box - VME Zero-Click 2020-09-04 500,000
Vmware - VME Zero-Click 2020-09-04 800,000
VMware ESXi - VME Zero-Click 2019-11-08 1,500,000
VMware vCenternew - RCE Zero-Click 2021-01-05 100,000
VMware Workstation - VME Zero-Click 2019-11-08 600,000
Vnc Viewer Server - FCWP Zero-Click 2020-05-29 500,000
VxWorks - VME Zero-Click 2020-09-04 800,000
WatchGuard - RCE Zero-Click 2020-09-04 150,000
WebEOC - RCE Zero-Click 2020-09-04 150,000
Weblogic - RCE Zero-Click 2020-09-04 350,000
Webminnew - RCE Zero-Click 2021-01-05 50,000
webspherenew - RCE Zero-Click 2021-01-05 300,000
WhatsApp - RCE+LPE Zero-Click 2019-11-08 10,000,000
Whatsup Gold - RCE Zero-Click 2020-09-04 150,000
Windows - RCE Zero-Click 2019-11-01 10,000,000
winmailnew - RCE/AUL Zero-Click 2021-01-05 350,000
Winrar - RCE 1-Click 2020-09-04 500,000
Wordpress - RCE Zero-Click 2020-09-04 500,000
XAMPPnew - RCE Zero-Click 2021-01-05 20,000
Yeastar - RCE Zero-Click 2020-09-04 150,000
Zabbix - RCE Zero-Click 2020-08-07 500,000
Zimbra - RCE Zero-Click 2020-09-04 350,000
Zoho - RCE Zero-Click 2020-09-04 150,000
万户ezofficenew - RCE Zero-Click 2021-01-05 20,000
亿邮new - RCE/AUL Zero-Click 2021-01-05 50,000
向日葵new - ALL Zero-Click 2021-01-05 50,000
堡垒机new - RCE/AUL Zero-Click 2021-01-05 50,000
大汉cmsnew - RCE Zero-Click 2021-01-05 20,000
宝塔new - RCE Zero-Click 2021-01-05 20,000
帕拉迪堡垒机new - RCE/AUL Zero-Click 2021-01-05 50,000
常用安防类产品(防火墙、VPN、IDS、IPS、主机安全、终端安全等)new - RCE Zero-Click 2021-01-06 50,000
微擎new - RCE Zero-Click 2021-01-05 10,000
拓尔思 TRSWASnew - RCE Zero-Click 2021-01-05 20,000
日志易new - RCE Zero-Click 2021-01-05 50,000
时代亿信邮箱new - RCE/AUL Zero-Click 2021-01-05 200,000
泛微new - RCE/AUL Zero-Click 2021-01-05 50,000
爱快流控路由new - RCE Zero-Click 2021-01-05 50,000
用友new - RCE/AUL Zero-Click 2021-01-05 50,000
禅知new - RCE Zero-Click 2021-01-05 20,000
禅道/zentaonew - RCE Zero-Click 2021-01-05 50,000
税友new - RCE Zero-Click 2021-01-05 50,000
致远oanew - RCE/AUL Zero-Click 2021-01-05 50,000
蓝凌oanew - RCE/AUL Zero-Click 2021-01-05 50,000
通达oanew - RCE/AUL Zero-Click 2021-01-05 20,000
金蝶new - RCE Zero-Click 2021-01-05 50,000
锐捷new - RCE Zero-Click 2021-01-05 50,000
齐治堡垒机new - RCE/AUL Zero-Click 2021-01-05 100,000

ALL:RCE + LPE;RCE(Remote Code Execution):远程代码执行;LPE(Local Privilege Escalation):本地权限提升;SBX(Sandbox Escape Bypass):沙盒逃逸绕过;VME(Virtual Machine Escape):虚拟机逃逸;FCWP(Full Chain (Zero-Click) with Persistence):完整的利用链;AUL:Arbitrary user login vulnerability

Vulnerability Submission

Q&A

1.Email
Please use your Email address and we will contact you by Email during the vulnerability confirmation.
2. What is the scope of the vulnerability?
Our focus is on the related 0day vulnerabilities within the target range given by the 'NVWA Project'. The target scope will be updated regularly, please keep an eye on it.
If your vulnerability is outside the scope of our target and the impact is large and serious, it may also become our receiving target. You can submit it and we will contact you after we evaluate.
3. How many vulnerability rewards can I get?
When you submit the vulnerability profile, you’re supposed to submit the vulnerability self-evaluation. Based on that we will evaluate and contact you for bargaining, only after the bargaining price has been approved by both side will the process proceed to the next step.
After receiving the details of the vulnerability sample, if we find that it does not match your previous description, we will conduct a second bargain.
4. What kind of vulnerability profile do I need to submit?
At the beginning of the process, please refer to the 'Vulnerability Submission' form. After the vulnerability negotiation is completed, you can submit the vulnerability details and a complete exploit.
5. When can I get rewards after submitting a vulnerability?
After submitting the full vulnerability description and exploit, we will confirm and issue a bonus based on the final bargaining result. The bonus will be paid in installments within 3 months.
The 50% bonus will be paid within 1 week after the vulnerability is confirmed, and the remaining 50% will be paid in 3 months.
The information related to the vulnerability you submitted should be kept confidential, if there is a leak due to the vulnerability submitter, we will deduct or cancel the reward according to the specific circumstances.
6. What does "Require" (such as "Zero-click") mean?
The interaction related requirement refers to any interaction action other than the attack scenario.
Opening the Office, opening a document, or using browser to open a link, and an application such as a mobile IM to open a link is considered an "attack scenario" and is not within the scope of "interaction requirements."
7. What should I do if I need to send sensitive information during the communication process?
During the communication process, if you are concerned that the information you send involves sensitive information, please use our public PGP key encryption.
              Our PGP public key is as follows:
public-key-service@nvwa.org
8.What if I have a question and want to consult?
If you have any questions, please send an email to root#nvwa.org. It is worth noting that this email will not communicate any information related to the actual vulnerability. After you submit the form, please contact your email address for further communication.