+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2026-06-07 (/Thread-HackerOne-Disclosed-Reports-2026-06-07)
HackerOne disclosed reports - 2026-06-07 - hashXploiter - 06-08-2026
resolved
Valid share tokens allow to access tempory upload files of share owner
Bug reported by Pirikara was disclosed at June 7, 2026, 9:31 am | Improper Access Control - Generic
A vulnerability was discovered that allowed access to temporary upload files of a share owner using valid share tokens.
resolved
Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDC
Bug reported by priyanka chandrakar was disclosed at June 7, 2026, 9:16 am | Improper Authentication - Generic
An authentication bypass vulnerability was discovered in the ID4me handling in the OIDC implementation. The vulnerability was caused by missing JWT signature verification for user authentication.
resolved
PIN bypass in PassCodeActivity via back button
Bug reported by Alper Öztürk was disclosed at June 7, 2026, 8:14 am | Improper Authentication - Generic
A vulnerability was discovered in the PassCodeActivity of a certain application. The vulnerability allowed bypassing the PIN code by pressing the back button.