search
2025-08-06

Securing Go Applications With SonarQube: Real-World Examples

/ xss / arbitrary file write /

2025-07-07

Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (3/3)

/ Fortinet / chain / lpe / macos / osx /

2025-07-07

Apache httpd XSS Using Multiple Extensions

/ apache / content-type / xss /

2025-06-29

Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (2/3)

/ apache / xss / Fortinet / chain / httpd /

2025-06-25

Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (1/3)

/ Fortinet / chain / v8 / electron /

2025-01-26

The Tainted Voyage: Uncovering Voyager's Vulnerabilities

/ rce / xss / polyglot / file-upload /

2025-01-11

MacOS Binary Debugging

/ macos / lldb / ghidra / debugging /

2024-12-08

DOMPurify 3.2.1 Bypass (Non-Default Config)

/ xss / dompurify / mxss /

2024-11-04

Sanitize Client-Side: Why Server-Side HTML Sanitization is Doomed to Fail

/ xss / php / mxss / bypass / html /

2024-09-02

Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities

/ rce / xss / csrf /

2024-05-26

mXSS: The Vulnerability Hiding in Your Code

/ xss / mxss / bypass / html /

2024-03-31

Apache Dubbo Consumer Risks: The Road Not Taken

/ deserialization / java / apache / rpc / rce / disputed /

2024-03-10

Reply to calc: The Attack Chain to Compromise Mailspring

/ rce / electron / mxss / csp / sop / sandbox /

2024-01-23

Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins

/ java / rce / arbitrary file read / jenkins /

2023-11-04

Apache httpd Stored XSS by design

/ apache / content-type / xss /

2023-08-28

Playing Dominos with Moodle's Security (2/2)

/ moodle / ato / account take over / oauth /

2023-08-21

Playing Dominos with Moodle's Security (1/2)

/ rce / moodle / unauthenticated / unauth /

2023-05-15

Pimcore: One click, two security vulnerabilities

/ rce / php / sqli / path traversal /

2022-06-26

Spring Function Cloud DoS (CVE-2022-22979) and Unintended Function Invocation

/ java / dos / denial of service / code execution /

2021-12-27

CVE-2021-44832: Apache Log4j 2.17.0 Arbitrary Code Execution via JDBCAppender DataSource Element

/ deserialization / java / log4j / log4j2 /

2021-06-13

CVE-2021-33420: NPM Replicator Remote Code Execution Deserialization

/ deserialization / rce / npm /

2020-07-07

Mutation Cross-Site Scripting (mXSS) Vulnerabilities Discovered in Mozilla-Bleach

/ xss / mxss / bypass / python / mozilla /