-
π Manipulating LinkedIn's Search Algorithm and Poisoning SERP Results
1000 rvfet
Affected Company:LinkedInHow I discovered a validation and logic flaw in LinkedIn's Search Algorithm that allowed me to manipulate search results and poison the search experience for users.
-
π Zero-Click Phishing & Email DoS via Google's Identity Toolkit
1000 rvfet Affected Company:GoogleHow I discovered a logic flaw in Google's Identity Toolkit that allowed unauthenticated attackers to send unlimited official security notifications with content injection for high-fidelity phishing and DoS.
-
P2/S2 Unauthenticated Redirect Loop Leading to DoS In Google Image Proxy
1000 rvfet
Affected Company:GoogleHow I discovered a logic flaw in Google's internal proxy service that led to unauthenticated, attribution-free DDoS amplification and infrastructure resource exhaustion.
-
CVSS 6.5 Persistent State Corruption in Linear.app
1000 rvfet
Affected Company:Linear.appHow I discovered a logic flaw in Linear.app's optimistic UI architecture that allowed authenticated users to permanently 'brick' other accounts via ID collision, resulting in a persistent Denial of Service (DoS) with no recovery path.
-
CVSS 9.6 Account Takeover in Azerbaijan's Most Visited Platforms
1000 rvfet
Affected Companies:tap.az ,turbo.azHow I discovered a critical Open Redirect to Account Takeover (ATO) vulnerability in Azerbaijan's largest online marketplaces, tap.az and turbo.az
-
P2/S2 Unauthenticated Redirect Loop Leading to DoS In Google Image Proxy
1000 rvfet Affected Company:GoogleHow I discovered a logic flaw in Google's internal proxy service that led to unauthenticated, attribution-free DDoS amplification and infrastructure resource exhaustion.
-
CVSS 6.5 Persistent State Corruption in Linear.app
1000 rvfet Affected Company:Linear.appHow I discovered a logic flaw in Linear.app's optimistic UI architecture that allowed authenticated users to permanently 'brick' other accounts via ID collision, resulting in a persistent Denial of Service (DoS) with no recovery path.
-
CVSS 9.6 Account Takeover in Azerbaijan's Most Visited Platforms
1000 rvfet Affected Companies:tap.az ,turbo.azHow I discovered a critical Open Redirect to Account Takeover (ATO) vulnerability in Azerbaijan's largest online marketplaces, tap.az and turbo.az
-
π Manipulating LinkedIn's Search Algorithm and Poisoning SERP Results
1000 rvfet Affected Company:LinkedInHow I discovered a validation and logic flaw in LinkedIn's Search Algorithm that allowed me to manipulate search results and poison the search experience for users.
-
π Zero-Click Phishing & Email DoS via Google's Identity Toolkit
1000 rvfet Affected Company:GoogleHow I discovered a logic flaw in Google's Identity Toolkit that allowed unauthenticated attackers to send unlimited official security notifications with content injection for high-fidelity phishing and DoS.