resolved
URL Path Manipulation Enables Cache Poisoning of Amazon Affiliate Products in Shopify Linkpop
Bug reported by was disclosed at August 14, 2025, 3:14 pm | Cache Poisoning
The Shopify Linkpop service was found vulnerable to a cache poisoning issue that allowed attackers to manipulate the display of Amazon affiliate products. By crafting malicious URLs, attackers could trick victims into linking to the attacker's products instead of the intended ones. This vulnerability was not fixed, as the Linkpop service was scheduled for decommissioning.
resolved
█.8x8.vc/index.js: Exposed Google Maps API Key Allowing Potential Abuse of Paid Services
Bug reported by abdallasamir12 was disclosed at August 14, 2025, 1:30 am | Information Disclosure
The Google Maps API key was inadvertently exposed in client-side code, allowing potential unauthorized access to some Google Maps services. The issue was promptly addressed by implementing appropriate API key restrictions where feasible.