Werewolf Online Android App Information Leakage Vulnerability

Werewolf Online is a "werewolf" game for Android. Werewolf Online Android 0.8.8 suffers from an information leakage vulnerability, which can be exploited by an attacker to discover Firebase tokens via logcat output...

Instacart: Authorization Bypass in Delivery Chat Logs

An authorization issue in the mobile app API allows any Instacart user to gain access to other users' order delivery chat logs. The /api/v2/orderdeliveries/:orderdeliveryid/orderchangelogs endpoint does not sufficiently check if the user has permissions to access that particular order's chat logs...