feed
bugs.xdavidhu.me
2022
Nov 21
[#0017] Header spoofing via a hidden parameter in Facebook Batch GraphQL APIs
Nov 10
[#0016] Complete Lock Screen Bypass on Google Pixel devices
Sep 02
[#0015] Viewing Instagram live streams anonymously without notifying the host
Apr 05
[#0014] CloudKit Share Records leak the title of private iCloud files
Feb 06
[#0013] Google Assistant allows leaking personal data via Bluetooth headphones
Feb 06
[#0012] Specific Google Assistant queries allow leaking Location History from a locked phone
2021
Oct 10
[#0011] Malicious webpage can execute Google Assistant commands without any permissions
Jul 13
[#0010] Unencrypted HTTP Links to Scholar results in Google Search allows MITM
Jul 08
[#0009] IDOR in Google Identity platform allows leaking limited OAuth client data
Jun 23
[#0008] SSRF via URL whitelist bypass in a Google Cloud owned App Engine service
May 26
[#0007] Bypassing restricted port protection in WebKit
May 18
[#0006] Path Traversal in MobileSafari
May 17
[#0005] Clickjacking in Google Fast Pair Vendor Dashboard
May 16
[#0004] Complete takeover of any Google Fast Pair headphones vendor settings & secrets
Apr 29
[#0003] De-anonymising Anonymous Animals in Google Docs products
Apr 20
[#0002] Moving the cursor and acting as other people in Google Docs products
Apr 05
[#0001] CSRF in YouTube Leanback API