+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2026-03-06 (/Thread-HackerOne-Disclosed-Reports-2026-03-06)
HackerOne disclosed reports - 2026-03-06 - hashXploiter - 03-07-2026
resolved
Injection in path parameter of Ingress-nginx
Bug reported by Maxime Escourbiac was disclosed at March 7, 2026, 5:10 am | Code Injection
A vulnerability was discovered in the Ingress-nginx controller where an attacker could inject arbitrary content into the path parameter of an Ingress. This allowed the attacker to upload a malicious nginx configuration file to the ingress controller's file system and then include that file in a subsequent Ingress. The attacker could then execute arbitrary code on the ingress controller.
resolved
IDOR to make someone attend or leave an event
Bug reported by was disclosed at March 6, 2026, 2:55 am | Insecure Direct Object Reference (IDOR)
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in LinkedIn's event attendance functionality. The vulnerability allowed an attacker to manipulate event attendance by modifying the fsd_profile parameter in POST requests to the voyagerScheduledcontentDashViewerStates API endpoint. This issue has been fixed.