pixiv: Disclose Hidden Comments on Media Section of hub.vroid.com

A vulnerability was discovered in the Media section of the website where hidden comments could be disclosed. By intercepting a request to like a specific comment, the attacker was able to retrieve the content of the hidden comment, which should have only been visible to the original poster...

Vimeo: Watch any Password Video without password

Hello Jeremy and Vimeo Security Team, There is a vulnerability in Vimeo which allows any user to watch password video without the password. A user can like a passworded video without password, then the user can watch the video on Couchmode without the password. POC link :...