+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2026-01-20 (/Thread-HackerOne-Disclosed-Reports-2026-01-20)
HackerOne disclosed reports - 2026-01-20 - hashXploiter - 01-21-2026
Critical
resolved
resolved
[Critical] Unauthorized Cross-Tenant Data Access in Stripo AI Hub Campaign via Deleted Project.
Bug reported by No Code was disclosed at January 20, 2026, 4:01 pm | Improper Access Control - Generic
An unauthorized cross-tenant data access vulnerability was discovered in the Stripo AI Hub Campaign. The vulnerability allowed access to data from a deleted project. The issue was resolved.
High
resolved
resolved
Internal logs/info leaked via endpoint {https://203.137.128.240/server-status}
Bug reported by Oday Alhalabi was disclosed at January 20, 2026, 12:07 am | Information Disclosure
The server-status endpoint was accessible, allowing access to internal logs and information.