https://www.memcyber.com/2026-04-21T12:25:22.272Zweekly1.0https://www.memcyber.com/about2026-04-21T12:25:22.272Zmonthly0.6https://www.memcyber.com/ai-policy2026-04-21T12:25:22.272Zmonthly0.6https://www.memcyber.com/changelog2026-04-21T12:25:22.272Zmonthly0.6https://www.memcyber.com/clients2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/clients/african-fintech-neobank2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/clients/defi-lending-protocol2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/clients/european-sportsbook2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/clients/move-l1-protocol2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/clients/saas-compliance-platform2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/clients/sea-investment-app2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/contact2026-04-21T12:25:22.272Zmonthly0.9https://www.memcyber.com/disclosures2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/2fa-bypass-grants-full-dashboard-without-verification-step2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/2fa-token-brute-force-no-rate-limiting2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/3-admin-source-maps-publicly-accessible-17-9mb-source2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/5-aws-s3-buckets-including-cdn-user-photo2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/5x-redacted-database-instances-fully-accessible-critical-mega2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/8-internal-services-publicly-accessible-including-grafana-and-admin2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/16-guest-order-endpoints-with-zero-authentication2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/16-spring-boot-actuator-endpoints-exposed-on-8-domains2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/17-1mb-source-map-exposes-complete-admin-dashboard-source2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/18-production-backend-microservices-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/21-6-gb-public-debug-log-exposes-payment-credentials-and-server-paths2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/22-26-scopes-granted-with-empty-client-secret2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/23mb-source-map-application-code-exposure-2752-files2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/30-production-microservices-publicly-accessible2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/86-public-pusher-trade-channels-front-running2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/168-gaming-platform-credentials-exposed-via-public-endpoint2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/180-admin-api-endpoints-exposed-via-source-map2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/512-bit-rsa-key-for-login-encryption-redacted-ially-factorable2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/adl-safety-mechanism-neutralized-via-trivial-repayment-in-emode-group2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/admin-account-takeover-via-otp-brute-force2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/admin-authentication-bypass-via-telegram-parameter-13-endpoints2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/admin-backoffice-open-registration2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/admin-console-delete-users-id-missing-admin-role-check-user-deletion2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/admin-control-tower-source-map-exposure-123-files2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/admin-dashboard-publicly-accessible-with-full-route-exposure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/admin-graphql-updatetransaction-createmanualbatch-schema-exposure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/admin-js-leaks-120-api-endpoints-including-kyc-and-bybit-auto-sell2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/admin-login-approval-status-idor-unauthenticated-monitoring-high2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/admin-panel-30-admin-api-endpoints-fully-open2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/admin-panel-publicly-accessible-with-dev-tools-enabled-high2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/admin-panel-publicly-accessible-with-full-frontend-source2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/admin-panel-source-code-exposure-via-source-map2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/admin-panel-source-map-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/admin-panel-source-map-exposure-555-files2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/admin-panel-swagger-api-docs-kyc-microservice-exposure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/admin-panel-zero-server-side-authentication2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/admin-panels-publicly-accessible2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/admin-staging-panel-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/admin-user-hashes-exposed-via-getadmins2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/admin-viewdetail-accepts-leaked-twofatoken-as-auth2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/adminjs-database-admin-panel-publicly-reachable2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/adminswapcurrencies-bfla-financial-theft2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/advertisement-idor-reveals-170k-ads-without-auth2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/aes-decryption-key-hardcoded-in-admin-source-map2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/aes-encryption-secret-key-exposed-client-side-crypto-broken2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/african-fintech-mass-scan2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/airsign-microservice-unauth-registration-ed25519-key2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/airtable-api-key-with-create-permissions-on-7-bases2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/akamai-mpulse-origin-ip-bypass2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/alibaba-cloud-oss-bucket-public-read-confirmed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/amplitude-api-write-access-enables-event-injection2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/apexmetanew-firestore-storage-open2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/api-authorization-keys-hardcoded-in-javascript2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/api-cors-wildcard-mass-assignment-on-registration-critical2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/api-signature-without-server-secret-on-9-brand-apis2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/app-link-wrappers-with-nested-link-parameter-bypass-origin-control2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/apple-oauth-csrf-via-static-apple-state-parameter2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/arbitrary-file-write-via-fileoutputstream-deserialization2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/arbitrary-live-api-key-creation-without-password-confirmation2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/argocd-production-unauthenticated-settings-exposure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/argocd-v2-14-8-settings-leak-with-execenabled-true2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/asp-net-dev-api-stack-trace-source-code-path-disclosure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/ato-chain-verified2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/ato-via-otp-brute-force-no-rate-limit2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/auth-middleware-bypass-on-crypto-withdrawal-endpoint2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/auth0-open-registration-enables-unlimited-account-creation2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/authentication-bypass-on-consumer-financing-order-endpoints2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/aux00-internal-django-dashboard-login-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/avalanche-rpc-cors-wildcard-with-credentials2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/aws-elasticache-internal-ip-leaked-via-actuator2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/aws-s3-configuration-files-publicly-accessible2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/azure-ad-tenant-client-id-leak2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/b-lslb-api-unauthenticated-business-data-exposure-78-production-records2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/back-office-oauth-registration-bypass-2-33m-transaction-data-breach2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/backup-prioritas-admin-panel-full-source-code-exposure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/bani-payment-webhook-inverted-signature-verification2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/bcrypt-password-hash-leaked-in-registration-response-and-jwt-token2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/bfla-on-180-admin-mutations-via-user-jwt2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/billing-invoice-abuse-via-mark-as-paid-without-real-payment2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/blind-ssrf-internal-network-discovery-via-timing-oracle2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/blind-ssrf-into-internal-kubernetes-services2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/blind-xxe-via-altenar-xml-k8s-token-file-exfiltration2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/braze-sdk-api-key-and-multiple-third-party-credentials-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/bridge-fee-quoted-from-user-supplied-slippage-minimum2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/broken-access-control-on-all-content-apis2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/btc-wallet-abuse-payplus-apexmetanew-virtual-card-theft2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/bugsnag-and-datadog-client-tokens-in-source-map2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/bull-board-job-queue-metrics-unauthenticated2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/business-logic-flaw-cancelled-purchase-re-marked-as-paid2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/bvn-agents-backoffice-frontoffice-swagger-ui-publicly-accessible2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/c-pep-aml-service-openapi-spec-endpoint-disclosure-production2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cashfree-payment-gateway-secret-key-exposed-in-apk2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cf-pages-branch-deployments-publicly-accessible2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/change-password-idor-without-authorization-check2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/chatwoot-super-admin-panel-publicly-accessible2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cleartext-traffic-allowed-to-market-data-servers-in-apk2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/client-auth-otp-bypass-any-code-returns-verified2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/client-bank-account-details-manipulation-via-unprotected-update-api2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/client-registration-credentials-present-in-production-js2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/client-side-password-hashing-with-exposed-salt-pbkdf2-10002026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cloudflare-turnstile-server-side-validation-missing2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cloudflare-waf-bypass-via-direct-origin-ip-access2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cloudflare-waf-complete-bypass-via-origin-ip2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cloudflare-waf-complete-bypass-via-wageon-origin-ip2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cnps-production-api-client-auth-bypass2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/codeigniter-3-1-0-backend-exposed-with-user-guide-online2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/complete-admin-panel-api-architecture-exposed-65-endpoints2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/complete-api-authentication-bypass-all-66-endpoints2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/complete-apk-environment-configuration-files-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/complete-attack-chain-create-forge-validate-free-money2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/complete-environment-config-dump-20-api-keys2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/complete-internal-sdk-extracted-166-endpoints2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/coolify-paas-deployment-panel-publicly-accessible2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/coolify-paas-deployment-platform-publicly-accessible2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-http-downgrade-enables-0-click-crypto-theft-via-mitm2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-misconfiguration-access-control-allow-origin-with-sensitive-data2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-misconfiguration-arbitrary-origin-reflection-with-credentials-criti2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-misconfiguration-on-login-api-enables-credential-theft2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-origin-reflection-credentials-admin-takeover2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-origin-reflection-credentials-enables-full-ato2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-origin-reflection-credentials-full-ato-null-origin2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-origin-reflection-credentials-on-admin-dashboard-api2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-origin-reflection-credentials-on-server-management-panel-critical2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-origin-reflection-credentials-true-on-7-apis-ato-chain2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-origin-reflection-on-24-microservices-dev-production2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-origin-reflection-on-production-api-enables-ato2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-origin-reflection-with-credentials-account-takeover2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-origin-reflection-with-credentials-on-all-928-rest-api-routes2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-origin-reflection-with-credentials-on-backend-services2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-origin-reflection-with-credentials-on-payment-api2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-subdomain-wildcard-trust-with-credentials-on-all-services2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-wildcard-credentials-on-currency-api-vendor2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-wildcard-credentials-true-on-four-api-services2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-wildcard-localstorage-bearer-token-full-cross-origin-account-takeov2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-wildcard-on-23-authenticated-user-order-endpoints-with-delete-metho2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-wildcard-on-all-api-endpoints-enables-cross-origin-account-takeover2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-wildcard-on-api-backend2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-wildcard-on-buffbuff-gaming-gateway2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-wildcard-on-financial-checkout-endpoints-enables-cross-origin-purch2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-wildcard-on-gateway-laravel-auth-header-reflection2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-wildcard-on-v2-api2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-wildcard-with-credentials-on-admin-panel-and-api-critical2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-wildcard-with-credentials-on-production-financial-apis2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cors-wildcard-with-permissive-headers-on-api2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/critical-60-admin-api-endpoints-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/critical-367-endpoint-api-specification-exposure-4x-redacted-ui-public2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/critical-admin-panel-source-map-exposure-6-1-mb2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/critical-cors-origin-reflection-credentials-on-graphql-api2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/critical-cors-wildcard-credentials-true2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/critical-cors-wildcard-with-credentials-on-production-api2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/critical-full-stack-trace-disclosure-with-gocd-ci-cd-path-exposure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/critical-internal-api-documentation-leaks-production-partner-api-archite2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/critical-internal-support-app-full-source-code-exposure-12-8mb-500-files2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/critical-oidc-discovery-exposes-internal-architecture-admin-impersonatio2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/critical-oss-sts-finding2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/critical-supabase-admin-password-exposed-via-unauthenticated-database-ac2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/critical-supabase-hawkvibes-hr-platform-with-48-tables-employee-performa2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/critical-supabase-okr-database-unauthenticated-full-read-access-413-empl2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/critical-unauthenticated-order-status-idor-6-2m-sipariste-mass-enumerati2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/crm-17-unauthenticated-financial-admin-actions2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/crm-admin-panel-publicly-accessible2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/crm-auth-token-generation-formula-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/crm-sdk-client-id-client-secret-hardcoded-in-apk2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/crypto-deposit-webhook-inverted-checksum-verification2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/crypto-exchange-mass-scan2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/crypto-exchange-scan2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cryptowallets-idor-exposes-100k-wallet-addresses2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/csrf-protection-bypass-via-hardcoded-fallback-token2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/currency-api-vendor-cors-wildcard-with-credentials2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cvss-10-0-jwt-forge-tum-merchant-api-erisimi2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/cvss-10-0-prod-postgresql-direkt-erisim-12-veritaban2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/d-redacted-s-extracted-api-endpoints2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/dashboard-redacted-com-dashboard-source-map-exposure-high2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/debug-mode-enabled-on-production-api-endpoints2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/deep-exploitation2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/deep-scan-findings2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/defguard-vpn-panel-exposed-10-vulnerabilities-v1-3-12026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/demo-environment-open-signup-with-full-banking-access2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/deposit-address-hijack-via-addcryptowallet2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/dev-access-token-backdoor-in-source-code2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/dev-environment-public-with-k8s-horizon-endpoints2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/dev-payment-gateway-with-full-fund-transfer-api-publicly-reachable2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/develop-environment-react-app-secret-encryption-key-disclosed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/developerexceptionpage-enabled-in-production-redeem-cards-com2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/development-and-staging-environments-publicly-accessible2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/development-api-publicly-accessible-in-production2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/digitalocean-spaces-production-credentials-exposed-changera2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/digitalocean-spaces-production-credentials-hardcoded2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/direct-hls-stream-access-without-authentication2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/disable-wp-debug-in-production2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/disclosure-lar2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/disclosure-report2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/dispute-approval-admin-api-without-auth2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/django-admin-panel-exposed-on-production-api2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/django-debug-true-full-settings-dump-with-admin-token2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/django-debug-true-on-production2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/django-debug-true-on-stream-subdomain2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/dms-open-signup-via-google-oauth2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/docker-registry-unauthenticated-full-catalog-access2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/document-upload-and-payment-endpoints-accept-unauthenticated-requests2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/dojah-io-full-application-source-code-via-source-maps2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/druid-sql-monitor-public-on-13-endpoints-across-3-domains2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/eight-dangling-cname-subdomains-target-backend-apis2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/eight-payment-gateway-webhooks-forgeable2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/eleven-unauthenticated-payment-callbacks-pawapay-peach-encryptus-choiceb2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/ema-spot-price-divergence-excess-collateral-seizure-in-lending-liquidati2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/email-enumeration-via-password-reset2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/email-enumeration-via-registration-api2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/email-otp-bypass-via-api-token-enables-unauthorized-withdrawals2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/email-verification-token-brute-force-account-takeover2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/enterprise-api-tokens-exposed-in-public-postman-documentation2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/env-js-config-js-files-expose-internal-service-architecture2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/env-js-production-configuration-leak-high2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/eski-pin-sorulmadi-dogrudan-yeni-pin-set-ediliyor2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/event-registration-pii-mass-dump-659-records2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/evm-webhook-deposit-injection-production2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/exchange-application-full-source-code-via-source-maps2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/exchange-source-maps-reveal-1337-files-and-admin-jwt2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/expo-ota-staging-channel-publicly-accessible2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/exported-push-intent-enables-arbitrary-deep-link-and-webview-routing2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/facebook-apple-social-login-full-account-takeover-no-token-validation2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/fastjson-deserialization-60-dangerous-classes-reachable2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/feature-toggle-bypass-via-query-parameters2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/file-upload-extension-whitelist-bypass-potential2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/final-deep-results2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/firebase-configuration-exposed-with-full-project-details2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/firebase-mass-scan2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/firebase-realtime-database-open-read-write2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/firebase-realtime-database-public-read-access-critical2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/firebase-storage-full-r-w-d-247-303-customer-documents2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/firebase-storage-kyc-document-listing-7-kyc2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/firebase-storage-production-bucket-complete-kyc-data-exposure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/firebase-storage-public-listing-high2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/firebase-storage-public-read-write-delete-3277-files-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/firestore-database-74-676-records-with-pii-bvn-exposure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/firestore-unauthenticated-access2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/fixed-bcrypt-salt-makes-identical-passwords-hash-identically2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/flamberge-auth-less-gcs-bucket-read-write-across-11-buckets2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/flutterwave-secret-key-encryption-key-exposed-in-production-js2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/fonbnk-third-party-callback-forgery-aten-system2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/full-account-takeover-via-password-reset-brute-force-xff-bypass2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/full-admin-source-code-exposure-via-source-maps2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/full-application-source-code-exposure-via-public-source-maps2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/full-application-source-code-exposure-via-source-maps-bitmama2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/full-application-source-code-exposure-via-source-maps2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/full-react-source-code-exposure-via-source-maps-32-1mb-2675-files2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/full-redacted-api-documentation-publicly-exposed-critical2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/full-source-code-exposure-via-source-maps-670-files2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/full-source-code-exposure-via-source-maps-admin-customer2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/full-source-code-exposure-via-source-maps-admin-panel2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/full-source-code-exposure-via-source-maps2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/full-source-code-git-repository-exposure-on-static-site2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/full-source-map-exposure-48-6mb-production-build2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/full-stack-trace-disclosure-in-production-crypto-api2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/fund-theft-chain-via-total-override-mark-as-paid-on-payment-gateway2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/gambling-web3-scan2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/game-tools-api-mass-data-exfiltration-724-business-records-via-idor2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/gcs-bucket-cashiacdn-public-listing-of-14-121-objects2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/gcs-bucket-public-listing-exposes-admin-panel-backup-source-maps2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/generic-webview-fragments-trust-raw-argument-urls2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/genesys-chat-full-exploitation-chain-user-impersonation2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/getalltradelist-unauthenticated-3647-trades-120-plaintext-emails2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/gitlab-open-public-registration2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/gitlab-open-registration-pipeline-trigger-token2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/gke-kubernetes-api-server-publicly-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/google-2fa-totp-secret-exposed-in-plaintext-via-profile-api2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/google-oauth-client-id-exposed-admin-sso-loopholes2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/google-oauth-client-secret-exposed-in-html2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/google-oauth-client-secret-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/google-oauth-csrf-via-empty-state-parameter2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/google-oauth-hosted-domain-bypass-potential2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/google-recaptcha-secret-key-exposed-in-frontend2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/grafana-12-0-0-public-metrics-exposes-39-users-and-23-datasources2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/grafana-faro-apm-key-valid-telemetry-injection-verified2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/grafana-metrics-exposes-complete-infrastructure-telemetry2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/grafana-v12-3-0-public-strapi-cms-admin-public2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/graphql-customersearch-returns-pii-wallet-balances-unauth2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/graphql-introspection-cluster-finding2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/growthbook-base-url-override-redacted-code-gb-base-url2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/grpc-reflection-on-all-production-services-200-endpoints2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/guest-order-idor-credential-theft-chain2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/hardcoded-aes-cbc-initialization-vector-across-devices2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/hardcoded-aes-cbc-key-iv-in-mobile-app2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/hardcoded-aes-gcm-production-encryption-key-in-web-bundle2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/hardcoded-aes-key-derivation-salt-shared-across-all-devices2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/hardcoded-aes-key-smartapi2024-full-source-via-source-map2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/hardcoded-api-keys-and-secrets-in-client-side-javascript2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/hardcoded-oauth-client-credentials-in-production-javascript2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/hardcoded-x-privatekey-smartapi-zrzij3bn-used-across-api-calls2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/hashicorp-vault-leaks-internal-k8s-infrastructure-and-oidc2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/hashicorp-vault-staging-unsealed-and-publicly-accessible2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/hashicorp-vault-unsealed-and-publicly-accessible2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/hashicorp-vault-v1-12-1-production-secrets-manager-public2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/helius-mainnet-rpc-key-das-enhanced-api-key2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/hetzner-cloud-metadata-reachable-via-vault-misconfig2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/hidden-admin-dashboard-route-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/high-acl-email-enumeration-via-login-forgot-password-differential-respon2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/high-admin-dashboard-full-source-code-exposure-via-source-maps2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/high-agent-portal-source-maps-exposed-across-country-instances2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/high-auth-staging-source-map-exposure-5-7mb-348-files-full-auth-logic2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/high-cors-wildcard-on-all-4-imt-backend-apis-367-endpoints-affected2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/high-public-api-documentation-on-target2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/high-redacted-dsn-exposed-event-injection-verified2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/high-sub-merchant-pii-disclosure-via-listsubmerchantpf-vkn-tckn-address2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/high-unauthenticated-currency-data-exposure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/high-vpn-admin-brute-force-5-valid-employee-emails-zero-rate-limit2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/hmac-api-signing-secret-exposed-in-client-side-js2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/html-email-injection-via-purchase-receipts-enables-phishing2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/http-basic-auth-fallback-with-credentials-in-sessionstorage2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/hyperverge-kyc-sdk-production-credentials-in-apk2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/identityradar-full-source-code-exposure-via-source-map2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/idor-on-user-specific-endpoints-no-ownership-check2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/idor-unauthenticated-bank-account-data-access-via-x-user-id-header2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/infisical-secret-manager-open-registration2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/infura-api-key-exposed-on-minor-exchange2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/insufficient-rate-limiting-on-otp-verification2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/intercom-identity-verification-hmac-secret-exposed-bitmama2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/intercom-identity-verification-hmac-secret-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/internal-admin-api-publicly-accessible-with-44-grpc-methods2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/internal-admin-redirect-uri-leaked2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/internal-api-documentation-on-public-apidog2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/internal-azure-backend-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/internal-backend-exposed-on-eight-ports-with-no-firewall2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/internal-production-load-balancer-accessible-from-internet2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/internal-webhooks-accept-negative-amounts-and-race-conditions2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/java-trading-application-jar-publicly-downloadable2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/jenkins-admin-credentials-base64-build-trigger-token2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/jwt-cookie-security-completely-disabled2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/jwt-exploit-results2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/jwt-forgery-idor-full-account-takeover-wallet-access-poc2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/jwt-hs256-weak-secret-exposed-in-apk-cracks-to-plaintext2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/jwt-session-secret-leaked-enables-token-forge2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/jwt-stored-in-localstorage-exposed-to-xss-token-theft2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/jwt-twofatoken-contains-plaintext-admin-password2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/k-1-redacted-setup-token-exposed-critical2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/k-2-vite-development-server-exposed-in-production-critical2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/k-3-transaction-automation-api-with-broken-authentication-critical2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/kafdrop-unauth-full-kafka-access2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/kafka-ui-complete-unauthenticated-access2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/keycloak-25-public-configuration-exposure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/keycloak-admin-console-publicly-accessible2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/kubernetes-cluster-disclosure-via-unauth-health2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/kubernetes-internal-service-name-leak-via-envoy-headers2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/kubernetes-keda-http-add-on-metadata-exposure-via-headers2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/kyc-api-key-hardcoded-in-android-apk2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/kyc-db-scan2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/kyc-document-bucket-public-access-leaks-user-identity-documents2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/laravel-horizon-dashboard-unauthenticated-full-access2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/laravel-horizon-dashboard-unauthenticated-read-write2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/laravel-ignition-endpoints-active-cve-2021-3129-potential2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/laravel-nova-admin-panel-staging-exposes-65-resource-models2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/laravel-telescope-debug-dashboard-publicly-accessible-on-staging2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/ledger-service-kong-gateway-balance-api-unauthorized-access2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/legal-documents-bucket-public-listing-with-22-user-uuids2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/lenda-app-firestore-open-with-user-data2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/litespeed-webadmin-console-publicly-exposed-high2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/live-api-key-secret-exposed-in-plaintext-via-list-endpoint2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/live-payment-webhook-hijack-to-attacker-controlled-url2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/local-network-arp-audit2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/local-network-mdns-upnp-discovery2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/login-rate-limit-bypass-via-x-forwarded-for-header-spoofing2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/lokalise-api-full-access-translation-manipulation2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/mass-customer-idor-exposes-60-623-users-pii2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/mass-db-scan2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/mass-kyc-file-metadata-exposure-342-files2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/mass-scan-lethal2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/mass-scanner-prompt-v22026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/mass-user-enumeration-reveals-232-800-user-profiles2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/mass-user-pii-exposure-544-users-via-admin-search2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/mass-wallet-address-idor-exposing-600-users-crypto-addresses2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/massive-source-map-exposure-across-3-applications-high2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/me-tr-scan2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/merchant-integration-api-docs-fully-open2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/metabase-analytics-setup-token-exposed-full-internal-config-leak2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/metabase-google-oauth-without-domain-restriction2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/metabase-setup-token-exposed-bi-agrotoken2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/metabase-setup-token-exposed-bi-koywe2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/metabase-setup-token-exposed-bi-tiendacrypto2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/metabase-setup-token-exposed-config-dump2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/metabase-setup-token-exposed-unauth-admin-reprovisioning2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/metabase-setup-token-exposure-bi-vpay-africa2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/metabase-setup-token-exposure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/metabase-setup-token-leakage-via-api-session-properties2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/metabase-v0-57-3-public-google-oauth-config-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/metabase-v0-57-7-2-setup-token-api-docs-reset-oracle2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/mid-size-platform-targets2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/minio-bucket-enumeration-reveals-kyc-payments-users2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/minio-images-bucket-anonymous-write-supply-chain2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/minio-s3-bucket-public-listing-images-bucket-high2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/minio-s3-cors-wildcard-credentials-with-kyc-buckets-present2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/missing-hmac-signature-across-all-plugins2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/monad-rpc-debug-namespace-enabled-without-api-key2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/monnify-webhook-forgery-no-signature-validation2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/monnify-webhook-signature-bypass-enables-unauthenticated-deposit-injecti2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/mono-connect-live-keys-exposed-banking-data-access2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/moonbase-admin-panel-source-code-exposure-via-cf-access-bypass2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/move-pusher-authentication-to-server-side-only2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/multiple-payment-processors-hardcoded2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/multiple-secret-keys-exposed-in-production-js-bundle2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/n8n-workflow-automation-platform-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/n8n-workflow-automation-platform-publicly-accessible2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/new-admin-account-takeover-via-password-reset-chain-otp-brute-force2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/new-complete-admin-console-architecture-leak-via-javascript-source-maps2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/new-platforms-critical-findings2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/new-platforms-scan2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/nextauth-authentication-bypass-via-social-login-flow2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/ngrok-dev-url-leak-in-production-cors-wildcard2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/no-https-all-credentials-in-plaintext-over-http2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/no-rate-limiting-on-authentication-endpoints-enables-brute-force2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/no-rate-limiting-on-pin-verification-and-login2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/nosql-injection-on-login-admin-login-and-signup2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/nosql-injection-on-userdetails-leading-to-admin-account-compromise2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/nova-admin-source-maps-publicly-accessible-9-9mb-1574-files2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/oauth-endpoints-operating-over-http2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/oauth2-token-forge-grants-30-day-access-token-for-any-user2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/odata-metadata-internal-architecture-exposure-high2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/odoo-erp-public-signup-full-stack-trace-information-disclosure-critical2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/okta-dev-tenant-serving-production-authentication2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/open-merchant-registration-with-automatic-admin-privileges2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/opensearch-security-alerts-10-000-events-readable2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/openvpn-as-server-publicly-accessible2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/operation-admin-panel-publicly-reachable2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/orm-injection-deep-exploitation2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/otc-api-accepts-hardcoded-localhost-3003-as-cors-origin2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/otc-source-map-exposes-856-files-and-razorpay-key2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/otc-subdomain-cname-misconfiguration-bubble-io2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/otp-brute-force-account-takeover-no-rate-limit2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/otp-rate-limiting-set-to-zero2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/otp-token-injection-leads-to-mass-account-takeover2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/outdated-camera-firmware-with-multiple-known-cves-v3-4-87-modify2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/ownership-slot-mismatch-bricks-smart-wallet-after-claim-transition2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/partner-api-full-account-management-via-public-npm-package2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/partner-portal-source-map-exposure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/passbolt-full-config-gpg-key-exfiltration-via-ssrf2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/password-hash-exposure-on-registration2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/password-reset-otp-brute-force-leads-to-full-account-takeover2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/password-reset-pin-verify-returns-200-for-any-pin2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/password-reset-token-brute-force-no-rate-limit2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/password-reset-token-leakage-rate-limit-bypass-enables-ato2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/password-reset-token-leaked-in-response-body-full-ato2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/patient-medical-data-endpoints-discoverable2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/payborda-dashboard-source-maps-expose-1492-files2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/paymapi-payment-api-documentation-fully-open2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/payment-api-endpoints-accessible-without-authentication-high2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/payment-callback-without-webhook-signature-verification2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/payment-gateway-credentials-hardcoded-in-production-js2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/payment-otp-brute-force-zain-simpaisa-zero-rate-limit2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/payment-provider-toggle-enables-remote-dos2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/payment-webhook-signature-scheme-fully-disclosed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/payout-service-directory-listing-redbiller-webhook-data-exposure-critica2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/payplus-1dfdf-firestore-full-crud-plaintext-passwords-13-554-kyc2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/paystack-live-key-exposed-in-frontend2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/phase3-critical-findings2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/phone-verification-set-to-mock-mode-in-production2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/pim-admin-panel-wasm-dll-source-code-disclosure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/pin-overwrite-without-old-pin-verification-critical-cvss-8-82026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/postgresql-database-information-disclosure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/pre-auth-bypass-on-accounts-and-order-submit-apis2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/pre-auth-rce-via-fastjson-ref-chain2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/pre-auth-user-existence-oracle-via-v3-customers-id2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/predictable-apikey-via-exposed-encryptalgo-forge-any-user-token2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/predictive-audience-api-exposed-unauthenticated-idor-swagger-pipeline-ex2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/price-manipulation-via-negative-debt-parameter2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/private-channel-auth-bypass-via-otp-hmac2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/production-api-authentication-bypass-via-encryption-key-exposure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/production-api-key-client-id-leaked-in-merchant-panel-js2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/production-kyb-compliance-api-internet-reachable2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/production-mysql-user-created-via-stacked-query2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/production-otp-bypass-via-test-account-backdoor2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/production-pg2-jwt-issuer-validation-bypass-for-fund-transfer2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/production-rce-chain-via-wazuh-agent-group-configuration-injection2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/production-runtime-config-exposed-via-config-endpoints2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/production-secret-token-hardcoded-in-client-side-javascript2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/production-source-maps-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/production-widget-uses-dev-login-backdoor-commented-access-key2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/prometheus-metrics-14-754-lines-exposure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/public-gcs-buckets-6-of-17-anonymously-listable2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/public-postman-api-documentation-with-production-data-critical2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/push-notification-send-to-all-users-via-firebase2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/pusher-e2e-encryption-key-hardcoded-full-trade-surveillance2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/queue-manipulation-via-csrf-token-extraction-job-retry-batch-retry2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/rabbitmq-default-credentials-guest-guest2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/rabbitmq-management-console-exposed-to-internet2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/race-condition-in-financial-operations2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/race-condition-parallel-primer-tokens-no-mutex2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/rancher-dashboard-ui-publicly-accessible2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/rancher-kubernetes-management-api-publicly-accessible2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/rate-limiter-dos-via-cross-segment-outflow-reduction-ineffectiveness2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/rate-manipulation-via-patch-rate2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/rbac-structure-full-exposure-11-roles2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/real-time-kyc-data-leakage-via-kafka2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/realtime-xss-mass-scan2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/recaptcha-v3-secret-key-exposed-in-client-javascript2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/redacted-2012-55-cve-research2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/redacted-base-url-override-for-api-endpoint-hijacking2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/redacted-billing-findings-proven2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/redacted-billing-research2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/redacted-deep-dive-v22026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/redacted-final-exploit2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/redacted-full-report2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/redacted-my-default-creds-report2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/redacted-oauth-oidc-exploitation2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/redacted-rtsp-audit2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/redacted-security-assessment-report-20262026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/redacted-ssh-2012-55-multiple-critical-cves-14-years-old2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/redacted-ssrf-applepay2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/redacted-ssrf-azure-infrastructure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/redacted-staging-deep-security-assessment2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/redacted-wr841n-pentest2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/redis-commander-unauth-full-read-write-access2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/redis-full-control-via-ssrf-crlf-injection2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/registration-pin-verification-bypass-via-activate-account2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/rekyc-encryption-equals-no-encryption-fixed-static-key2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/reverse-authentication-logic-on-notification-escrowpayout-critical2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/risevest-admin-panel-with-kyc-management-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/roqqu-aes-256-ctr-encryption-key-exposed-full-api-traffic-decryption2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/roqqu-kyc-system-source-map-exposure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/roqqu-unsigned-cloudinary-upload-to-kyc-document-folder2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/round6-deep-exploitation2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/rsa-private-key-exposed-in-html-source2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/s3-bucket-coincola-user-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/s3-bucket-kyc-data-mass-exposure-1352-documents2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/s3-bucket-kyc-data-mass-exposure-with-versioning-recovery2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/s3-full-read-write-delete-via-unauthenticated-cognito-role2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/safehaven-payment-webhook-no-signature-verification2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/sandbox-horizon-dashboard-unauthenticated2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/sea-mena-turkey-scan2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/security-finding2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/segment-analytics-write-key-exposed-event-injection-verified2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/self-hosted-sentry-event-injection-exchange2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/self-hosted-sentry-event-injection-verified2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/sentry-dsn-event-injection-production-project2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/sentry-dsn-exposed-in-admin-panel-event-injection-verified2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/sentry-dsn-exposed-with-event-injection2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/sentry-dsn-exposure-event-injection-2-projects2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/sentry-dsn-exposure-event-injection-stored-xss-via-error-events2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/serversocket-port-binding-via-deserialization2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/session-key-architecture-disclosed-in-source2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/session-not-invalidated-after-password-change-on-payment-gateway2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/seven-internal-microservice-apis-exposed-on-public-internet2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/seven-unauthenticated-payment-webhook-endpoints-paypal-stripe-coinbase-s2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/shopify-payment-test-environment-api-key-exposure-critical2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/shopware6-plugin-webhook-no-token-validation2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/shopware6-webhook-csrf-protection-disabled2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/shyft-mainnet-rpc-api-key-hardcoded2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/signalr-chathub-unauthenticated-jwt-token-issuance2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/signed-ppm-investor-contracts-public-in-startups-bucket2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/signoz-enterprise-monitoring-platform-public-exposure-high2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/signup-response-leaks-2fa-secret-bcrypt-hash-and-otp2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/six-api-keys-secrets-hardcoded-in-production-javascript2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/smartapi-source-maps-exposed-6-2mb-full-frontend2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/soketi-self-hosted-pusher-key-exposed-real-time-message-interception2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/sonarqube-v10-6-0-exposed-with-cve-2024-470042026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/sonata-admin-panel-web-debug-toolbar-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/source-map-exposure-10-products-782-5-mb-748-maps2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/source-map-exposure-71mb-with-aws-keys-payment-keys2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/source-map-exposure-243-source-files-10-9mb-full-frontend2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/source-map-exposure-api-endpoints-and-bank-account-validation-logic-crit2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/source-map-exposure-full-application-source-code-high2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/source-map-exposure-on-3-staging-apps-944-source-files2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/splitpay-app-storage-open2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/spring-boot-actuator-actuator-health-exposes-infrastructure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/spring-boot-actuator-redacted-ui-exposure-bydatawelive-redacted-ng-high2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/spring-boot-admin-panel-publicly-reachable2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/sql-injection-full-database-compromise-14-8m-records2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/sql-injection-on-limit-clause-of-trade-endpoint2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/sql-injection-on-page-param-stored-procedure-discovery2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/sql-injection-via-table-name-3x-cloudflare-waf-bypass2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/ssl-certificate-pinning-keys-internal-config-exposed-via-public-api2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/ssrf-full-data-exfiltration-via-303-redirect-chain2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/ssrf-ip-format-bypass-no-ssrf-filter2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/ssrf-to-internal-gke-services2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/staging-do-spaces-credentials-admin-panel-source-code-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/staging-environment-dev-exposed-to-internet2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/staging-exchange-app-api-docs-public2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/stomp-broker-authentication-bypass2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/stomp-message-injection-into-topics2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/stomp-odds-injection-10-manipulation2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/stored-xss-via-bank-account-fields-high-cvss-7-62026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/stored-xss-via-feedback-form-high-cvss-7-32026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/strapi-api-token-leaked-in-client-side-javascript2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/strapi-cms-open-registration-with-jwt-issuance2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/strapi-cms-unauthenticated-blog-content-modification2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/strapi-cors-wildcard-origin-reflection-with-credentials2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/subdomain-information-disclosure-low2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/subdomain-takeover-img-vendor-dangling-wp-engine-cname2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/subdomain-takeover-on-bello-marketing-subdomain-railway-dangling2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/sumsub-kyc-webhook-forgery-no-hmac-validation2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/sumsub-webhook-forgery-kyc-bypass2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/sumsub-webhook-without-signature-verification2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/superadmin-id-hardcoded-totp-uri-pattern-leaked2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/svix-webhook-dashboard-token-leak-via-webhooklogin-query2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/swagger-api-docs-laravel-ignition-active-in-production2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/swagger-api-postman-collection-fully-open2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/swagger-ui-exposed-on-3-domains2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/swagger-ui-full-api-specification-public-on-3-subdomains-critical2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/swagger-ui-publicly-accessible-on-api-subdomain2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/swap-limit-order-no-otp-funds-locked-without-verification2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/tanda-webhook-bullmq-redis-infrastructure-leak-via-content-type2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/telefon-numarasi-ekrani2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/telegram-document-upload-abuse2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/temporal-ui-unauthenticated-production-payment-data-exposure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/tencent-cos-bucket-public-listing2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/the-tolgee-xliff-import-endpoint-does-not-disable-external-entity-proces2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/thirdparty-app-key-renewal-without-authentication-critical2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/tolgee-user-organization-data-exposure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/totp-2fa-secret-exposed-in-plaintext-via-profile-api2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/totp-otp-verify-endpoint-brute-force-with-minimal-rate-limiting2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/translation-write-cdn-publish-supply-chain-attack2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/twa-javascript-bridge-launches-arbitrary-urls-inside-auth-context2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/twitter-x-brand-account-takeover-119k-followers2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/two-aws-s3-buckets-unauthenticated-object-access2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/two-freshdesk-subdomain-takeover-targets2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/uat-trading-platform-exposed-on-direct-ec2-with-live-routes2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-admin-configuration-data-exposure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-admin-wallet-balance-per-customer-idor2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-admin-wallet-transaction-history2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-aion-banking-configuration-disclosure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-api-endpoints-expose-business-data-high2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-api-keys-endpoint-exposes-288-business-keys2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-cryptocurrency-withdrawal-endpoints2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-database-dump-via-admin-crm-test-php2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-database-dump-via-public-test-php2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-debug-endpoint-leaks-internal-service-configuration2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-discovery-config-exposes-287-keys-and-89-internal-hosts2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-file-write-webhook-forgery-chain-critical2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-gift-card-callback-forgery2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-idor-dumps-1-73m-investor-pii-and-kyc-photos2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-invoice-api-endpoints-request-void-cancel-mark-as-paid2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-invoice-creation-via-idor2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-kyc-data-access-mass-pii2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-kyc-verification-forgery-via-smileid-callback2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-laravel-log-viewer-exposes-db-backup-emails-and-admin-lo2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-mass-customer-pii-exposure-via-graphql2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-mass-otp-and-user-data-exposure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-mass-user-data-leak-via-chat-messages-endpoint2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-ml-anomaly-detection-engine-redacted-ui-on-production2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-otp-disclosure-via-trade-userdetails-enables-ato2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-otp-flooding-via-graphql-getloyaltyotp2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-otp-send-verify-chain-phone-takeover2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-payment-event-injection-via-partner-callback2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-payment-token-generation-endpoint2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-platform-settings-dump-36-anomaly-thresholds2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-private-trade-chat-access2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-refund-claim-via-uuid2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-sidekiq-dashboard2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-socket-io-real-time-stream2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-totp-otp-generation-enables-mass-user-enumeration2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-transaction-csv-download-via-downloadtransactions2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-user-deletion-endpoint2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-user-profile-modification-via-smileid-callback2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-username-enumeration-via-public-api2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-webhook-callback-deposit-forgery2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unauthenticated-xbox-order-creation-on-internal-api-redeem-cards-com2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/universal-cors-wildcard-on-392-api-endpoints2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unlimited-live-payout-creation-without-verification-on-payment-gateway2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unprotected-api-backend-without-waf-or-cdn2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unregistered-staging-domain-takeover-traderjoexyz-dev2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unrestricted-file-upload-with-php-short-tag-injection-high2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unrestricted-firebase-authentication-registration2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unrestricted-registration-otp-brute-force-chain2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unrestricted-stomp-topic-wildcard-subscription2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/unsigned-validity-window-metadata-in-erc-4337-wallet-signature2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/updated-source-map-full-exploitation-achieved2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/uploadcare-mono-coinbase-pay-api-keys-exposed2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/user-app-full-source-code-exposure-via-source-map-502-files2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/user-enumeration-via-password-reset-endpoint2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/vendor-30k-kullaniciya-toplu-erisim-dogrulanmis-vektor-analizi2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/vendor-admin-api-spring-boot-actuator-deep-dive-origin-bypass-chain2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/vendor-api-authentication-authorization-findings2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/vendor-firebase-veritabani-tam-erisim-okuma-yazma2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/vendor-full-account-takeover-chain-end-to-end-proof2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/vendor-hashcash-consultants-infrastructure-vulnerability-assessment2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/vendor-kyc-document-access-testing-evidence2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/vendor-multi-tenant-isolation-assessment2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/vendor-p2p-partner-race-condition-financial-endpoint-security-test-repor2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/vendor-s3-bucket-full-compromise-deep-exfiltration-proof2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/vercel-deployment-credentials-internal-infra-leak2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/vip-wallet-access-control-bypass-non-vip-vip2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/vip-wallet-access-control-bypass2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/virtual-card-callback-without-webhook-signature-verification2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/vite-dev-server-in-production-source-disclosure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/vite-dev-server-production-full-source-code-exposure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/vite-dev-server-source-code-exposure-on-integrator-dashboard2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/vite-manifest-source-map-exposure-299-vue-components2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/vpn-redacted-com-admin-panel-source-map-hardcoded-secret-high2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/vpn-superuser-account-compromise-via-weak-credentials-critical2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/wazuh-siem-api-default-credentials-full-infrastructure-compromise2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/wazuh-siem-dashboard-public2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/webauthn-passkey-credential-id-mass-leakage2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/webhook-trigger-forgery-on-any-verification2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/whitelabel-partner-data-and-mongodb-objectids-exposed-critical2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/widget-bundle-source-map-exposure2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/wildcard-cors-on-exchange-api-with-credentials2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/wildcard-cors-policy-on-financial-api2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/wildcard-dns-btmops-xyz-exposes-complete-infrastructure-topology2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/wildcard-dns-cors-reflection-enhances-phishing-to-ato2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/withdrawotp-stored-plaintext-leaked-via-admin-viewdetail2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/woocommerce-plugin-callback-missing-signature-verification-ssl-off2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/wordpress-directory-listing-exposes-3-567-upload-files-high2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/wordpress-rest-api-cors-origin-reflection-credentials-true2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/wordpress-xmlrpc-brute-force-amplification2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/wso2-api-manager-publisher-console-devportal-public-access-high2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/wsorder-bitbns-com-cors-origin-reflection-on-trade-engine2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/zendesk-admin-api-token-active-full-user-data-access2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/zero-amount-preauthorization-combined-with-mark-as-paid2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/zero-click-ato-via-unthrottled-reset-otp-oracle2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/zero-click-exploit2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/zero-otp-rate-limiting-enables-5-minute-account-brute-force2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/zero-price-primer-production-payment-tokens2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/zero-rate-limiting-on-all-authentication-endpoints2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/disclosures/zoho-oauth-client-secret-exposed-with-full-api-scope2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/engagement2026-04-21T12:25:22.272Zmonthly0.9https://www.memcyber.com/faq2026-04-21T12:25:22.272Zmonthly0.6https://www.memcyber.com/industries2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/methodology2026-04-21T12:25:22.272Zmonthly0.9https://www.memcyber.com/press2026-04-21T12:25:22.272Zmonthly0.6https://www.memcyber.com/privacy2026-04-21T12:25:22.272Zyearly0.2https://www.memcyber.com/research2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/research/idor-chaining-fintech2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/research/move-capability-model-pitfalls2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/research/webhook-forgery-signature-validation2026-04-21T12:25:22.272Zweekly0.8https://www.memcyber.com/security2026-04-21T12:25:22.272Zmonthly0.6https://www.memcyber.com/services2026-04-21T12:25:22.272Zmonthly0.9https://www.memcyber.com/terms2026-04-21T12:25:22.272Zyearly0.2https://www.memcyber.com/toolkit2026-04-21T12:25:22.272Zweekly0.8