Header spoofing via a hidden parameter in Facebook Batch GraphQL APIs

Authorization bypass due to cache misconfiguration

The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover

Exploiting Broken Authentication Control In GraphQL