search
2024-12-08

DOMPurify 3.2.1 Bypass (Non-Default Config)

/ xss / dompurify / mxss /

2024-11-04

Sanitize Client-Side: Why Server-Side HTML Sanitization is Doomed to Fail

/ xss / php / mxss / bypass / html /

2024-09-02

Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities

/ rce / xss / csrf /

2024-05-26

mXSS: The Vulnerability Hiding in Your Code

/ xss / mxss / bypass / html /

2024-03-31

Apache Dubbo Consumer Risks: The Road Not Taken

/ deserialization / java / apache / rpc / rce / disputed /

2024-03-10

Reply to calc: The Attack Chain to Compromise Mailspring

/ rce / mxss / electron / csp / sop / sandbox /

2024-01-23

Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins

/ java / rce / arbitrary file read / jenkins /

2023-11-04

Apache httpd Stored XSS by design

/ apache / content-type / xss /

2023-08-28

Playing Dominos with Moodle's Security (2/2)

/ moodle / ato / account take over / oauth /

2023-08-21

Playing Dominos with Moodle's Security (1/2)

/ rce / moodle / unauthenticated / unauth /

2023-05-15

Pimcore: One click, two security vulnerabilities

/ rce / php / sqli / path traversal /

2022-06-26

Spring Function Cloud DoS (CVE-2022-22979) and Unintended Function Invocation

/ java / dos / denial of service / code execution /

2021-12-27

CVE-2021-44832: Apache Log4j 2.17.0 Arbitrary Code Execution via JDBCAppender DataSource Element

/ deserialization / java / log4j / log4j2 /

2021-06-13

CVE-2021-33420: NPM Replicator Remote Code Execution Deserialization

/ deserialization / rce / npm /

2020-07-07

Mutation Cross-Site Scripting (mXSS) Vulnerabilities Discovered in Mozilla-Bleach

/ xss / mxss / bypass / python / mozilla /