Dark C0d3rs

Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2026-05-08
Full Version: HackerOne Disclosed Reports - 2026-05-08
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

hashXploiter

4 hours ago
Logo
Low
resolved

Private circle can be added to another circle via API despite visibility restriction


Bug reported by Dang Hung Vi was disclosed at May 8, 2026, 12:55 pm   |   Insecure Direct Object Reference (IDOR)

A vulnerability was discovered where private circles could be added to other circles via the API, despite visibility restrictions.


Logo
Low
resolved

Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner


Bug reported by 0x0.eth was disclosed at May 8, 2026, 11:08 am   |   Insecure Direct Object Reference (IDOR)

Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner.


Logo
Low
resolved

View-only guests could see deleted Collectives pages in the trashbin


Bug reported by _dha was disclosed at May 8, 2026, 8:35 am   |   Improper Access Control - Generic

A vulnerability was discovered where view-only guests could see deleted Collectives pages in the trashbin.


Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2026-05-08