Explore Problems
Showing 3,997 of 6,868 problems · matching your filters
Credit Bureau FCRA Violations Leave Inaccurate Data on Reports
Major credit bureaus like TransUnion routinely violate the Fair Credit Reporting Act by maintaining inaccurate data, failing to investigate disputes properly, and not correcting errors within statutory timelines. These violations directly impair consumers' access to credit, housing, and employment. Automated FCRA violation documentation and regulatory complaint filing tools could significantly improve consumers' enforcement leverage.
Insurance Company Reinstates Canceled Policy, Sends to Collections, and Ruins Consumer Credit
An insurer reinstated a canceled auto policy without authorization and sent the fraudulent balance to collections, damaging the consumer's credit score and causing loss of a home purchase. Despite 50+ hours of calls, documentation submissions, and promises, the error remains unresolved.
Bank misapplies billing-error dispute window to merchandise-not-received claims
A bank repeatedly denies a valid merchandise-not-received dispute by applying the wrong regulatory timeframe, instead of the longer window that applies when a merchant repeatedly delays delivery. Escalation through additional disputes and direct emails to executives goes unanswered.
Bank card declines despite available funds, with no real-time fix from support
Customers with sufficient account balances report repeated card declines that persist even after support confirms the issue is "resolved." The lack of a real-time fix causes acute hardship, including being unable to complete essential purchases in person.
Banking apps show transactions but provide no actionable spending intelligence
Most banking and personal finance apps display raw transaction lists without analyzing patterns, trends, or behavioral insights. Users cannot identify where their money actually goes without manual categorization in separate tools. The gap between data display and financial intelligence leaves the majority of banking customers without practical guidance.
Malicious VSCode Extensions Can Breach Thousands of GitHub Repositories
A single malicious VSCode extension compromised 3,800 GitHub repositories, exposing a critical gap in extension marketplace security vetting. The extension marketplace provides no meaningful safety signals, leaving developers unable to assess extension trustworthiness at install time.
Credit card fraud disputes go unresolved while late fees accrue
When credit card fraud triggers account cancellation and reissuance, the interim investigation period leaves consumers exposed to late fees on disputed charges they cannot pay. Banks fail to honor FCBA protections — promising no penalties while assessing them anyway. Consumers are left holding financial damage from fraud that the bank's own investigation caused.
Debt collectors pursue victims of identity theft for fraudulent debts
Consumers report being harassed by debt collectors over accounts opened fraudulently through identity theft. Collectors often ignore FDCPA validation requirements and continue aggressive collection despite disputes.
npm Ecosystem Silently Executes Malicious Code via Transitive Dependencies
Every npm install is an implicit trust decision across hundreds of packages, any of which can execute arbitrary code via postinstall hooks with no user confirmation. The Axios backdoor attack demonstrated this at 80M weekly download scale, with sophisticated obfuscation and self-cleanup. Existing tools like Snyk detect known vulnerabilities but do not prevent silent postinstall execution from newly compromised accounts.
Banks approve large in-person wire transfers without verifying legitimacy by phone
A long-tenured bank customer was defrauded via a sophisticated impersonation scam involving fake law-enforcement officials and forged court orders, leading to two $500,000 wire transfers. The bank processed the unusual, high-value transfers without a verification call, despite the customer having never previously requested a wire.
MCP Servers Inject Context Tokens on Every Message Even When Not Used
Every configured MCP server injects tokens into the context window on each message, regardless of whether that server is needed for the current task. As developers add more MCP servers, context window bloat becomes severe and reduces effective model capacity. No selective MCP loading mechanism exists to activate servers only when relevant.
Cloud AI Coding Agents Require Sharing Codebases; Local Models Lack Performance
Developers using cloud-based AI coding agents like Cursor, Codex, or Claude must expose their codebase to training pipelines. Switching to local models for privacy eliminates the performance needed for real coding tasks. No tool currently solves both privacy and performance simultaneously.
Indian Personal Finance Apps Mandate Bank Linking or SMS Scraping to Build Credit Profiles
Every major personal finance app in India forces users to link bank accounts via Account Aggregator or grant SMS access, then ships data to remote servers for credit profiling and loan marketing. Users who want privacy-respecting expense tracking have no viable alternative.
Salesforce Is Too Complex and Expensive for Small Business Users
Salesforce Sales Cloud is widely criticized for overwhelming complexity, long setup times, and high licensing costs that are prohibitive for small businesses. The interface feels cluttered and requires significant expertise to customize, creating a large gap between enterprise capability and usability. This drives persistent demand for simpler CRM alternatives.
Bootstrapped SaaS Founders Cannot Acquire First 100 Users Without Paid Channels
Early-stage SaaS founders lack a clear, repeatable path to acquiring their first 100 users without advertising budget, SEO authority, or an existing audience. Organic channels like LinkedIn and Reddit require sustained effort with unclear payoff timelines. This is a top-of-funnel survival problem that blocks product-market fit discovery for most bootstrapped products.
Air-Gapped Networks Have No Passive Threat Detection Without Active Scanning Risk
Security teams protecting air-gapped environments — defense, ICS, nuclear — cannot use conventional network detection tools that require active probes, which risk triggering false alerts or disrupting critical operations. Passive monitoring that can identify C2 beacons and DNS generation algorithm traffic without sending any packets is absent from the market. This leaves some of the highest-value targets with a fundamental detection blind spot.
Phone Theft Enables Immediate High-Value Zelle and Venmo Fraud Banks Refuse to Refund
Thieves who steal unlocked phones can immediately execute thousands of dollars in Zelle and Venmo transfers before the owner can react. Payment apps treat physical phone possession as sufficient authorization, creating a structural gap where theft of a device equals theft of funds. Banks and payment platforms systematically deny fraud refunds for these transactions because the device was used directly.
Zelle Transfers to Wrong Recipient Cannot Be Recalled by Banks
A single digit error when entering a Zelle recipient phone number sends funds to the wrong person with no recovery path — banks disclaim liability and Zelle has no recall mechanism for voluntary transactions. With hundreds of millions of Zelle transactions per year, the scale of accidental misdirection is enormous. Pre-send recipient identity confirmation and rapid escalation tools for same-day misdirection cases would address a structural gap.
Credit card dispute denied over a merchant return process that broke down
A cardholder followed a merchant's official return process within the allowed window, but the designated pickup carrier became unreachable, preventing the return from completing. The card issuer denied the dispute by blaming the customer for not following the return policy, ignoring documented proof of compliance.
Debt collectors pursue consumers without providing required debt validation
Consumers report receiving past-due notices for debts they do not recognize, with collection agencies failing to provide validation information within the legally required 30-day window despite repeated requests.