resolved
IDOR to make someone attend or leave an event
Bug reported by was disclosed at March 6, 2026, 2:55 am | Insecure Direct Object Reference (IDOR)
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in LinkedIn's event attendance functionality. The vulnerability allowed an attacker to manipulate event attendance by modifying the fsd_profile parameter in POST requests to the voyagerScheduledcontentDashViewerStates API endpoint. This issue has been fixed.
resolved
Blocking a company page admin prevents him from delete paid media admin or edit his roles
Bug reported by RiadCyber was disclosed at March 5, 2026, 11:37 pm | Improper Access Control - Generic
A company page admin was prevented from managing (deleting or editing roles of) a paid media admin when the paid media admin blocked the company page admin. This created an access control vulnerability where administrative privileges were circumvented through the platform's social blocking feature.
resolved
Missing Access Control in MigrationFile allows attacker to upload files to any Migration
Bug reported by ahacker1 was disclosed at March 5, 2026, 2:23 am | Insecure Direct Object Reference (IDOR)
A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized content to be uploaded to a user's repository migration export due to a missing authorization check in the repository migration upload endpoint. The vulnerability could be exploited by supplying the migration identifier to overwrite or replace a victim's migration archive.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
