Web
2026
GraphQL Thread Metadata Disclosure - Airbnb
Authorization inconsistency in ViaductGetThreadAndDataQuery endpoint leaks
partial thread metadata of other users via manipulated globalThreadId parameter.
Web
2026
Exposing 350 Enterprise Customers via BuddyBoss REST API - WordPress VIP
BuddyBoss REST API endpoint leaks PII of 350 WordPress VIP enterprise
customers to any authenticated low-privilege user.