An IDOR vulnerability in Facebook Analytics allows users with analyst roles to access private dashboard charts by manipulating the chartID parameter in GraphQL requests, disclosing chart names and data intended only for the dashboard owner. The vulnerability exploits insufficient access control on a sub-option (chart info) within the main dashboard feature.
A vulnerability allowing disclosure of privately shared gaming clips from any user on a gaming platform. The article details a privacy bypass that enables unauthorized access to user-generated video content intended to be private.
A researcher discovered a Server-Side Request Forgery (SSRF) vulnerability in Google Sites' Caja server that allowed fetching arbitrary resources from Google's internal Borg cluster management network, exposing sensitive information about internal infrastructure including job details, system users, and resource allocation. The vulnerability was reported to Google's VRP and patched within 48 hours.
An RCE vulnerability was discovered via Rack's ShowExceptions middleware being enabled in production, which leaked the Rails secret token used to sign cookies. The attacker used this token to forge authenticated cookies and execute arbitrary commands on the server.
A race condition vulnerability in Facebook chat groups allows an attacker to become invisible in group conversations while maintaining full read/write access and the ability to add/remove users without triggering read receipts. By rapidly adding and removing a target user from a group conversation, an attacker can exploit timing flaws to spy on private group messages undetected.
CVE-2023-4966 (Citrix Bleed) is a memory disclosure vulnerability in Citrix NetScaler that leaks sensitive session data and credentials through improper memory handling, allowing attackers to extract corporate secrets without authentication.
Monthly security patch review covering March 2026 releases from Adobe (80 CVEs across 8 bulletins) and Microsoft (94 CVEs total including third-party updates), with detailed analysis of critical vulnerabilities including Office RCE via Preview Pane, Windows Print Spooler RCE, Excel XSS enabling Copilot data exfiltration, and Windows Graphics elevation-of-privilege bugs.