Stripe: Promotion code can be used more than redemption limit.

A race condition vulnerability existed in the promotion code creation process, allowing users to use the same code more times than the specified redemption limit. This could result in unauthorized discounts or other unintended consequences...

Uber: Possibility to brute force invite codes in riders.uber.com

When adding new promotion codes for free rides, one could brute force invitation codes since there is no protection against brute force attacks. When going to payment page, it's possible to apply promotion code. If we intercept this request, we can brute force codes, since there is no captcha or...