bug-bounty372
xss309
google233
microsoft197
facebook190
apple133
exploit101
rce92
csrf79
account-takeover64
bragging-post62
authentication-bypass59
malware56
writeup55
browser50
access-control49
defi48
smart-contract47
ethereum44
open-source42
privilege-escalation39
sql-injection38
ssrf38
cve37
web337
ai-agents35
docker34
smart-contract-vulnerability33
dos32
aws31
supply-chain30
api-security29
information-disclosure29
react29
idor29
denial-of-service28
burp-suite26
clickjacking25
phishing25
solidity25
oauth24
race-condition23
web-security23
wordpress23
sqli23
node22
remote-code-execution22
vulnerability-disclosure22
automation21
cloudflare21
0
3/10
Lloyds Banking Group's banking apps (Lloyds, Halifax, Bank of Scotland) exposed other customers' transaction data and sensitive information including National Insurance numbers to random users due to a data display glitch on March 12, 2026. The vulnerability allowed authenticated users to view full transaction histories, payment details, and personal identifiers belonging to other accounts for approximately 2 hours before being resolved.
information-disclosure
data-exposure
banking-app
mobile-app-vulnerability
session-management
authentication-bypass
cross-user-data-leak
pii-exposure
outage
lloyds-banking-group
Lloyds Bank
Halifax
Bank of Scotland
Lloyds Banking Group
Information Commissioner's Office (ICO)
Financial Conduct Authority (FCA)
Department of Work and Pensions (DWP)
Downdetector