1. ninthinning.email Email Enumeration Vulnerability Sparks User Disclosure Debate
A now-patched Supabase configuration flaw left the user database of baseball platform ninthinning.email exposed to public email enumeration for an extended period before production access was revoked on April 30, 2026. Pull request #80 resolved the vulnerability, which resided in the `public.mlb_users` view—a Postgres ...