+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2026-05-08 (/Thread-HackerOne-Disclosed-Reports-2026-05-08)
HackerOne disclosed reports - 2026-05-08 - hashXploiter - 05-09-2026
Low
resolved
resolved
Private circle can be added to another circle via API despite visibility restriction
Bug reported by Dang Hung Vi was disclosed at May 8, 2026, 12:55 pm | Insecure Direct Object Reference (IDOR)
A vulnerability was discovered where private circles could be added to other circles via the API, despite visibility restrictions.
Low
resolved
resolved
Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner
Bug reported by 0x0.eth was disclosed at May 8, 2026, 11:08 am | Insecure Direct Object Reference (IDOR)
Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner.
Low
resolved
resolved
View-only guests could see deleted Collectives pages in the trashbin
Bug reported by _dha was disclosed at May 8, 2026, 8:35 am | Improper Access Control - Generic
A vulnerability was discovered where view-only guests could see deleted Collectives pages in the trashbin.