bug-bounty507
xss286
rce144
bragging-post119
account-takeover104
google101
exploit94
open-source93
csrf85
authentication-bypass80
facebook75
microsoft75
stored-xss74
cve73
privilege-escalation72
access-control67
ai-agents64
web-security63
reflected-xss63
writeup58
ssrf52
input-validation52
malware51
sql-injection49
smart-contract48
defi48
cross-site-scripting47
tool46
ethereum45
privacy44
information-disclosure44
api-security41
phishing40
web-application38
lfi37
apple37
llm37
opinion36
burp-suite36
automation35
cloudflare34
idor33
infrastructure33
web333
vulnerability-disclosure33
oauth33
smart-contract-vulnerability33
responsible-disclosure33
html-injection33
machine-learning32
0
6/10
An enterprise chatbot exposed an unauthenticated legacy WebSocket endpoint that accepted full bidirectional messages using only a conversation UUID, allowing attackers to hijack sessions, impersonate users, and exfiltrate sensitive chat data with minimal effort.
websocket
authentication-bypass
unauthenticated-access
session-hijacking
insecure-direct-object-reference
idor
chatbot
enterprise-security
data-exfiltration
api-security
un1tycyb3r