+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2026-06-16 (/Thread-HackerOne-Disclosed-Reports-2026-06-16)
HackerOne disclosed reports - 2026-06-16 - hashXploiter - 06-17-2026
High
resolved
resolved
Unauthenticated file deletion via deleteFileMessage DDP method allows permanent destruction of any uploaded file
Bug reported by eldudarino was disclosed at June 16, 2026, 9:47 am | Improper Authentication - Generic
Low
resolved
resolved
Malicious Conflux Endpoint Can Leave Stale Global OOO Queue Accounting After Teardown
Bug reported by was disclosed at June 16, 2026, 7:16 am | Uncontrolled Resource Consumption
A vulnerability was discovered in Tor's Conflux OOO queue accounting. The vulnerability could cause the global OOO queue byte counter to remain inflated after a Conflux set was torn down, even though the memory had already been freed. This was due to a lack of accounting updates during the teardown process. No sensitive information was included in the report.