URL Path Manipulation Enables Cache Poisoning of Amazon Affiliate Products in Shopify Linkpop

Bug reported by was disclosed at August 14, 2025, 3:14 pm   |   Cache Poisoning

The Shopify Linkpop service was found vulnerable to a cache poisoning issue that allowed attackers to manipulate the display of Amazon affiliate products. By crafting malicious URLs, attackers could trick victims into linking to the attacker's products instead of the intended ones. This vulnerability was not fixed, as the Linkpop service was scheduled for decommissioning.

█.8x8.vc/index.js: Exposed Google Maps API Key Allowing Potential Abuse of Paid Services

Bug reported by abdallasamir12 was disclosed at August 14, 2025, 1:30 am   |   Information Disclosure

The Google Maps API key was inadvertently exposed in client-side code, allowing potential unauthorized access to some Google Maps services. The issue was promptly addressed by implementing appropriate API key restrictions where feasible.