1. SECURITY CRITICAL: API Exposes IDOR Flaw, Allowing Any User to Hijack Others' Favorites
A critical security vulnerability in a web application's API allows any authenticated user to impersonate any other user, granting unauthorized access to create, delete, and query personal favorites. The flaw, a classic Broken Object Level Authorization (BOLA/IDOR) issue, stems from a fundamental authentication bypass ...