IDOR to make someone attend or leave an event

Bug reported by was disclosed at March 6, 2026, 2:55 am   |   Insecure Direct Object Reference (IDOR)

An Insecure Direct Object Reference (IDOR) vulnerability was discovered in LinkedIn's event attendance functionality. The vulnerability allowed an attacker to manipulate event attendance by modifying the fsd_profile parameter in POST requests to the voyagerScheduledcontentDashViewerStates API endpoint. This issue has been fixed.

Blocking a company page admin prevents him from delete paid media admin or edit his roles

Bug reported by RiadCyber was disclosed at March 5, 2026, 11:37 pm   |   Improper Access Control - Generic

A company page admin was prevented from managing (deleting or editing roles of) a paid media admin when the paid media admin blocked the company page admin. This created an access control vulnerability where administrative privileges were circumvented through the platform's social blocking feature.

Missing Access Control in MigrationFile allows attacker to upload files to any Migration

Bug reported by ahacker1 was disclosed at March 5, 2026, 2:23 am   |   Insecure Direct Object Reference (IDOR)

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized content to be uploaded to a user's repository migration export due to a missing authorization check in the repository migration upload endpoint. The vulnerability could be exploited by supplying the migration identifier to overwrite or replace a victim's migration archive.