Report vulnerabilities in cyfare.net and get recognized in our Hall of Fame!
Please report issues responsibly to: security@cyfare.net
Disclosed: 2025-06-07
An attacker was able to inject malformed characters in JSON to escape outside defined parameters and create custom JSON objects with custom data, resulting in Denial of Service across the site while rendering.
Reported By: Buvaneshvaran K.
Disclosed: 2025-01-31
Inadequate HSTS implementation, allowing potential unencrypted connections. Missing secure flag for sensitive HTTP cookies.
Reported By: Abdul Rauf Memon
Disclosed: 2024-12-04
An attacker was able to perform reflected cross site scripting by providing javascript in the chat window, causing the page to render the javascript in user context.
Reported By: Prithivik SL
Disclosed: 2024-11-03
An attacker was able to inject malformed characters in JSON to escape outside defined parameters and create custom JSON objects with custom data, resulting in Denial of Service across the site while rendering.
Reported By: 4nonimus