resolved
Public GitHub repositories for multiple HackerOne managed triage team profiles contain private HackerOne reports information
Bug reported by Max was disclosed at May 31, 2025, 10:11 am | Information Disclosure
Publicly available GitHub repositories for HackerOne-managed triage team profiles were found to contain private HackerOne vulnerability reports. Several repositories were identified that reproduced exploits for private bug bounty programs. The disclosed information included details such as access tokens, server URLs, and secret leaks for various organizations' tools and services.
resolved
Information Disclosure of metrics fax.wavecell.com/metrics
Bug reported by kaue navarro was disclosed at May 30, 2025, 6:53 am | Information Disclosure
The fax.wavecell.com/metrics endpoint was found to disclose sensitive information. The information disclosure vulnerability was discovered and reported on the HackerOne platform.
resolved
Facebook Username Takeover via Broken Link in Footer
Bug reported by Try_the_hack was disclosed at May 30, 2025, 5:22 am | Improper Access Control - Generic
The Facebook username "Opnglobal" was available for takeover due to a broken link in the footer of the target URL. The vulnerability allowed an attacker to create a fake Facebook page that could mislead users and negatively impact the organization's social media presence.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
