+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2026-06-29 (/Thread-HackerOne-Disclosed-Reports-2026-06-29)
HackerOne disclosed reports - 2026-06-29 - hashXploiter - 06-30-2026
resolved
Denial of Service (DoS) Vulnerability in Drafts Creation Endpoint
Bug reported by dpaysm was disclosed at June 30, 2026, 2:28 am | Uncontrolled Resource Consumption
A Denial of Service (DoS) vulnerability was identified in the /drafts.json endpoint on the Discourse forum. Large payloads (around 800,000 characters or more) submitted to create drafts caused the server to process the request, return a 502 Bad Gateway error, but still save the draft. Submitting multiple such large drafts led to significant server delays, with response times exceeding 32 seconds, indicating resource exhaustion.
resolved
Remote node DOS
Bug reported by xnbya was disclosed at June 29, 2026, 5:06 pm | Uncontrolled Resource Consumption
A vulnerability was discovered in monerod, the Monero daemon. The vulnerability allowed an attacker to repeatedly request enough objects to fill the outgoing send queue for each peer-to-peer connection, causing the connection threads to sleep for approximately 6 seconds and then terminate the connections. This could result in a denial of service against the targeted node.