Dark C0d3rs

Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2026-01-20
Full Version: HackerOne Disclosed Reports - 2026-01-20
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

hashXploiter

01-21-2026, 12:30 PM
Logo
Critical
resolved

[Critical] Unauthorized Cross-Tenant Data Access in Stripo AI Hub Campaign via Deleted Project.


Bug reported by No Code was disclosed at January 20, 2026, 4:01 pm   |   Improper Access Control - Generic

An unauthorized cross-tenant data access vulnerability was discovered in the Stripo AI Hub Campaign. The vulnerability allowed access to data from a deleted project. The issue was resolved.


Logo
High
resolved

Internal logs/info leaked via endpoint {https://203.137.128.240/server-status}


Bug reported by Oday Alhalabi was disclosed at January 20, 2026, 12:07 am   |   Information Disclosure

The server-status endpoint was accessible, allowing access to internal logs and information.


Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2026-01-20