Vend by Lightspeed


Program Statistics


2 total issues disclosed

$0 total paid publicly

Most disclosed (1 disclosures) — Insecure Direct Object Reference (IDOR)



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Race Condition : Exploiting the loyalty claim https://xxx.vendhq.com/loyalty/claim/email/xxxxx url and gain x amount of loyalty bonus/cash Violation of Secure Design Principles stok Medium 2018-06-07
Improper access control on adding a Register to an Outlet Insecure Direct Object Reference (IDOR) al88nsk Medium 2018-05-02