bug-bounty372
xss309
google232
microsoft193
facebook190
apple132
exploit100
rce90
csrf79
account-takeover64
bragging-post62
authentication-bypass59
writeup55
access-control49
malware49
browser49
defi48
smart-contract47
ethereum44
open-source42
privilege-escalation39
ssrf38
sql-injection38
web337
cve35
ai-agents35
docker34
smart-contract-vulnerability33
aws31
dos31
react29
idor29
information-disclosure29
supply-chain29
api-security29
denial-of-service28
burp-suite26
clickjacking25
solidity25
phishing24
oauth24
web-security23
race-condition23
sqli23
wordpress23
node22
remote-code-execution22
vulnerability-disclosure22
automation21
responsible-disclosure21
0
3/10
Lloyds Banking Group's banking apps (Lloyds, Halifax, Bank of Scotland) exposed other customers' transaction data and sensitive information including National Insurance numbers to random users due to a data display glitch on March 12, 2026. The vulnerability allowed authenticated users to view full transaction histories, payment details, and personal identifiers belonging to other accounts for approximately 2 hours before being resolved.
information-disclosure
data-exposure
banking-app
mobile-app-vulnerability
session-management
authentication-bypass
cross-user-data-leak
pii-exposure
outage
lloyds-banking-group
Lloyds Bank
Halifax
Bank of Scotland
Lloyds Banking Group
Information Commissioner's Office (ICO)
Financial Conduct Authority (FCA)
Department of Work and Pensions (DWP)
Downdetector