I wrote up finding some of these issues entirely independently: https://mjg59.dreamwidth.org/70061.html

So the question is -- how many others knew about this and were exploiting it without discussing it? :(

Great question that would ideally be asked of the people who have logs

I didn't exactly know of it but I had enough glitches on that terrible app when I was using it that it was obvious there was info being sent that it didn't mean to and some atrocious performance issues that made it feel like it was crudely thrown together

Pretty sure I flagged something or another as a security issue but can't recall what it was

https://github.com/juliocesarfort/public-pentesting-reports is a substantial collection of public reports

Off the top of my head, DoyenSec has some good reports in there targeting web apps

For pentesting, often the company hires people to test under an NDA, and keep everything secret because they dont want to be embarassed.

There are sone public pentests out there. For example https://www.opentech.fund/impact/security-safety-audits/

If you want to read some really hard core security vuln hunting, see https://googleprojectzero.blogspot.com/