Medium
resolved
resolved
Information disclouser from URL parameter "access" lead to Account Takeover
Bug reported by Jovan was disclosed at April 7, 2025, 10:32 am | Information Disclosure
The vulnerability allowed disclosure of sensitive information, such as JWT tokens, from URL parameters. These tokens could be used to gain unauthorized access to user accounts.
Low
resolved
resolved
Disclosure of git metadata and springboot actuator information
Bug reported by Juan Felipe Osorio Z was disclosed at April 7, 2025, 8:38 am | Information Disclosure
The vulnerability involved the disclosure of git metadata and Springboot actuator information, which was responsibly disclosed and addressed through collaboration with the hacker.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
