-
π On-site and Off-site Search Algorithm Manipulation on LinkedIn
1000 rvfet
Affected Company:LinkedInHow I discovered and responsibly reported an on-site and off-site search poisoning vulnerability that leads to indistinguishable user deception attacks on LinkedIn.
-
π Unauthenticated Infrastructure Abuse in Google Image Proxy
1000 rvfet Affected Company:GoogleHow a logic flaw in Google's internal proxy service allowed for unauthenticated, attribution-free DDoS amplification and infrastructure resource exhaustion.
-
CVSS 6.5 Persistent State Corruption in Linear.app
1000 rvfet
Affected Company:Linear.appAnalyzing a logic vulnerability in Linear's optimistic UI architecture that allowed authenticated users to permanently 'brick' other accounts via ID collision.
-
CVSS 9.6 Account Takeover in Azerbaijan's Most Visited Platforms
1000 rvfet
Affected Companies:tap.az ,turbo.azHow an OAuth token leakage through Open Redirect enabled complete account takeover on tap.az and turbo.az. A case study on critical vulnerabilities and exemplary vendor response by Digital Classifieds MMC.
-
CVSS 6.5 Persistent State Corruption in Linear.app
1000 rvfet Affected Company:Linear.appAnalyzing a logic vulnerability in Linear's optimistic UI architecture that allowed authenticated users to permanently 'brick' other accounts via ID collision.
-
CVSS 9.6 Account Takeover in Azerbaijan's Most Visited Platforms
1000 rvfet Affected Companies:tap.az ,turbo.azHow an OAuth token leakage through Open Redirect enabled complete account takeover on tap.az and turbo.az. A case study on critical vulnerabilities and exemplary vendor response by Digital Classifieds MMC.
-
π On-site and Off-site Search Algorithm Manipulation on LinkedIn
1000 rvfet Affected Company:LinkedInHow I discovered and responsibly reported an on-site and off-site search poisoning vulnerability that leads to indistinguishable user deception attacks on LinkedIn.
-
π Unauthenticated Infrastructure Abuse in Google Image Proxy
1000 rvfet Affected Company:GoogleHow a logic flaw in Google's internal proxy service allowed for unauthenticated, attribution-free DDoS amplification and infrastructure resource exhaustion.