Smule


4 total issues disclosed

$0 total paid publicly


Most disclosed (1 disclosures) — Improper Authentication - Generic

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
[com.smule.autorap.*] Cloud Messaging/Push Notification service takeover due to clear-text usage of Legacy FCM Server keys in the client app Use of Hard-coded Credentials absshax Critical 2020-08-24
No Rate Limiting On Phone Number Login Leads to Login Bypass Improper Authentication - Generic done11 Medium 2020-07-24
Error Page Content Spoofing or Text Injection Violation of Secure Design Principles ajayshrimali Low 2020-06-03
Open redirect bypass & SSRF Security Vulnerability Server-Side Request Forgery (SSRF) snwlol None 2020-01-17