Bykea Program Statistics

View program

11 total issues disclosed

$0 total paid publicly

Most disclosed (5 disclosures) — Insecure Direct Object Reference (IDOR)

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
Lack of minimum value bid wheel verification on customer_bid in Rental Trips Business Logic Errors sameer_ali Low 2025-11-20
Customer can cancel a individual booking in a batch, causing locking of partner. Business Logic Errors sameer_ali Medium 2025-11-20
Critical Information Disclosure via /talos/api/v1/files/upload Inclusion of Sensitive Information in an Include File sameer_ali Critical 2025-09-17
MongoDB Query Logs & Schema Leak via Unauthenticated Endpoint LLM06: Sensitive Information Disclosure sameer_ali Low 2025-09-17
Improper Access Control Allows Trip Hijacking and Passenger/Driver PII Disclosure Insecure Direct Object Reference (IDOR) grassye Medium 2025-06-26
Exposed trip_no in WebSocket Responses Leading to Excessive information Disclosure Improper Access Control - Generic mrrhacker Medium 2025-06-26
IDOR on in-app hardcoded zombie endpoint Insecure Direct Object Reference (IDOR) bugbountywithmarco Medium 2025-06-13
Bypassing Bronze Partner Wallet Restriction to Accept Trips with Negative Balance Business Logic Errors bugbountywithmarco Medium 2025-06-13
Ability to increase any customer offered fare (BAC) Insecure Direct Object Reference (IDOR) grassye Medium 2025-06-13
Broken Access Control (IDOR) in Booking Detail and Bids Could Leads to Sensitive Information Disclosure Insecure Direct Object Reference (IDOR) back2arie High 2025-06-13
Lack of Feedback Validation Permits Arbitrary Driver Ratings Insecure Direct Object Reference (IDOR) bugbountywithmarco Medium 2025-06-12