2025

• 21 Jul SQLI
• 16 Apr Stealing OAuth access tokens via an open redirect
• 15 Apr OAuth account hijacking via redirect_uri
• 15 Apr Forced OAuth profile linking
• 13 Apr SSRF via OpenID dynamic client registration
• 13 Apr Authentication bypass via OAuth implicit flow
• 06 Apr CORS vulnerability with trusted insecure protocols
• 06 Apr CORS vulnerability with trusted null origin
• 05 Apr CORS vulnerability with basic origin reflection
• 01 Apr Multistep clickjacking
• 01 Apr Exploiting clickjacking vulnerability to trigger DOM-based XSS
• 28 Mar Clickjacking with a frame buster script
• 26 Mar Clickjacking with form input data prefilled from a URL parameter
• 26 Mar Basic clickjacking with CSRF token protection
• 25 Mar Exploiting time-sensitive vulnerabilities
• 25 Mar Single-endpoint race conditions
• 24 Mar Multi-endpoint race conditions
• 22 Mar Bypassing rate limits via race conditions
• 21 Mar Limit overrun race conditions
• 20 Mar Performing CSRF exploits over GraphQL
• 17 Mar CSRF with broken Referer validation
• 16 Mar CSRF where Referer validation depends on header being present
• 16 Mar SameSite Lax bypass via cookie refresh
• 13 Mar SameSite Strict bypass via sibling domain
• 12 Mar SameSite Strict bypass via client-side redirect
• 12 Mar SameSite Lax bypass via method override
• 09 Mar CSRF where token is duplicated in cookie
• 09 Mar CSRF where token is tied to non-session cookie
• 07 Mar CSRF where token is not tied to user session
• 07 Mar CSRF where token validation depends on token being present
• 07 Mar CSRF where token validation depends on request method
• 07 Mar CSRF vulnerability with no defenses
• 04 Mar Exploiting NoSQL operator injection to extract unknown fields
• 03 Mar Exploiting NoSQL injection to extract data
• 02 Mar Exploiting NoSQL operator injection to bypass authentication
• 01 Mar Detecting NoSQL injection
• 28 Feb Bypassing GraphQL brute force protections
• 27 Feb Finding a hidden GraphQL endpoint
• 26 Feb Accidental exposure of private GraphQL fields
• 26 Feb Accessing private GraphQL posts
• 24 Feb Authentication bypass via encryption oracle
• 22 Feb Infinite money logic flaw
• 22 Feb Authentication bypass via flawed state machine
• 20 Feb Insufficient workflow validation
• 20 Feb Weak isolation on dual-use endpoint
• 20 Feb Inconsistent handling of exceptional input
• 20 Feb Low-level logic flaw
• 19 Feb Manipulating the WebSocket handshake to exploit vulnerabilities
• 19 Feb Cross-site WebSocket hijacking
• 19 Feb Manipulating WebSocket messages to exploit vulnerabilities
• 18 Feb Indirect prompt injection
• 17 Feb Exploiting vulnerabilities in LLM APIs
• 17 Feb Exploiting LLM APIs with excessive agency
• 17 Feb Exploiting a mass assignment vulnerability
• 16 Feb Finding and exploiting an unused API endpoint
• 16 Feb Exploiting server-side parameter pollution in a query string
• 16 Feb Exploiting an API endpoint using documentation
• 12 Feb SQL injection with filter bypass via XML encoding
• 12 Feb Blind SQL injection with out-of-band data exfiltration
• 11 Feb Blind SQL injection with out-of-band interaction
• 10 Feb Blind SQL injection with time delays and information retrieval
• 10 Feb Blind SQL injection with time delays
• 09 Feb Visible error-based SQL injection
• 09 Feb Blind SQL injection with conditional errors
• 01 Feb Password brute-force via password change
• 01 Feb Password reset poisoning via middleware
• 29 Jan Offline password cracking
• 29 Jan Brute-forcing a stay-logged-in cookie
• 28 Jan 2FA broken logic
• 27 Jan Username enumeration via account lock
• 27 Jan Broken brute-force protection, IP block
• 27 Jan Username enumeration via response timing
• 23 Jan Username enumeration via subtly different responses
• 22 Jan Password reset broken logic
• 22 Jan 2FA simple bypass
• 22 Jan Username enumeration via different responses
• 21 Jan DOM-based cookie manipulation
• 21 Jan DOM-based open redirection
• 19 Jan DOM XSS using web messages and JSON.parse
• 19 Jan DOM XSS using web messages and a JavaScript URL
• 19 Jan DOM XSS using web messages
• 18 Jan Exploiting XSS to bypass CSRF defenses
• 18 Jan Exploiting cross-site scripting to capture passwords
• 18 Jan Exploiting cross-site scripting to steal cookies
• 17 Jan Reflected XSS into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped
• 17 Jan Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped
• 10 Jan Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped
• 10 Jan Reflected XSS into a JavaScript string with single quote and backslash escaped
• 10 Jan Reflected XSS in canonical link tag
• 10 Jan Reflected XSS with some SVG markup allowed
• 10 Jan Reflected XSS into HTML context with all tags blocked except custom ones
• 09 Jan Reflected XSS into HTML context with most tags and attributes blocked
• 09 Jan Stored DOM XSS
• 08 Jan Reflected DOM XSS
• 08 Jan DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded
• 07 Jan DOM XSS in document.write sink using source location.search inside a select element
• 06 Jan Reflected XSS into a JavaScript string with angle brackets HTML encoded
• 06 Jan Stored XSS into anchor href attribute with double quotes HTML-encoded
• 06 Jan Reflected XSS into attribute with angle brackets HTML-encoded
• 06 Jan DOM XSS in jQuery selector sink using a hashchange event
• 05 Jan DOM XSS in jQuery anchor href attribute sink using location.search source
• 03 Jan DOM XSS in innerHTML sink using source location.search
• 03 Jan DOM XSS in document.write sink using source location.search
• 02 Jan Stored XSS into HTML context with nothing encoded
• 02 Jan Reflected XSS into HTML context with nothing encoded
• 02 Jan Exploiting Ruby deserialization using a documented gadget chain
• 02 Jan Exploiting PHP deserialization with a pre-built gadget chain

2024

• 31 Dec Exploiting Java deserialization with Apache Commons
• 31 Dec Arbitrary object injection in PHP
• 29 Dec Using application functionality to exploit insecure deserialization
• 29 Dec Modifying serialized objects
• 29 Dec Modifying serialized objects
• 08 Dec JWT authentication bypass via kid header path traversal
• 08 Dec JWT authentication bypass via jku header injection
• 08 Dec Scanning non-standard data structures
• 08 Dec Discovering vulnerabilities quickly with targeted scanning
• 08 Dec Flawed enforcement of business rules
• 08 Dec Inconsistent security controls
• 08 Dec High-level logic vulnerability
• 08 Dec Excessive trust in client-side controls
• 06 Dec JWT authentication bypass via jwk header injection
• 06 Dec JWT authentication bypass via weak signing key
• 06 Dec JWT authentication bypass via flawed signature verification
• 06 Dec JWT authentication bypass via unverified signature
• 05 Dec Referer-based access control
• 05 Dec Multi-step process with no access control on one step
• 05 Dec Method-based access control can be circumvented
• 05 Dec URL-based access control can be circumvented
• 04 Dec Insecure direct object references
• 04 Dec User ID controlled by request parameter with password disclosure
• 04 Dec User ID controlled by request parameter with data leakage in redirect
• 04 Dec User ID controlled by request parameter, with unpredictable user IDs
• 04 Dec User ID controlled by request parameter
• 04 Dec User role can be modified in user profile
• 04 Dec User role controlled by request parameter
• 04 Dec Unprotected admin functionality with unpredictable URL
• 04 Dec Unprotected admin functionality
• 03 Dec Information disclosure in version control history
• 03 Dec Authentication bypass via information disclosure
• 03 Dec Source code disclosure via backup files
• 03 Dec Information disclosure on debug page
• 03 Dec Information disclosure in error messages
• 01 Dec Blind OS command injection with out-of-band data exfiltration
• 01 Dec Blind OS command injection with out-of-band interaction
• 01 Dec Blind OS command injection with output redirection
• 01 Dec Blind OS command injection with time delays
• 01 Dec OS command injection, simple case
• 29 Nov SSRF with filter bypass via open redirection vulnerability
• 29 Nov Blind SSRF with out-of-band detection
• 29 Nov Blind SSRF with out-of-band detection
• 29 Nov Basic SSRF against another back-end system
• 29 Nov Basic SSRF against the local server
• 27 Nov Exploiting XXE via image file upload
• 27 Nov Exploiting XInclude to retrieve files
• 27 Nov Exploiting blind XXE to retrieve data via error messages
• 27 Nov Exploiting blind XXE to exfiltrate data using a malicious external DTD
• 27 Nov Blind XXE with out-of-band interaction via XML parameter entities
• 27 Nov Blind XXE with out-of-band interaction
• 27 Nov Exploiting XXE to perform SSRF attacks
• 27 Nov Exploiting XXE using external entities to retrieve files
• 25 Nov Remote code execution via polyglot web shell upload
• 25 Nov Web shell upload via obfuscated file extension
• 25 Nov Web shell upload via extension blacklist bypass
• 25 Nov Web shell upload via path traversal
• 24 Nov File path traversal, validation of file extension with null byte bypass
• 24 Nov File path traversal, validation of start of path
• 24 Nov File path traversal, traversal sequences stripped with superfluous URL-decode
• 24 Nov File path traversal, traversal sequences stripped non-recursively
• 24 Nov File path traversal, traversal sequences blocked with absolute path bypass
• 24 Nov File path traversal, simple case
• 24 Nov Web shell upload via Content-Type restriction bypass
• 24 Nov Remote code execution via web shell upload
• 23 Nov Server-side template injection with information disclosure via user-supplied objects
• 23 Nov Server-side template injection in an unknown language with a documented exploit
• 23 Nov Server-side template injection using documentation
• 22 Nov Basic server-side template injection (code context)
• 22 Nov Basic server-side template injection
• 16 Nov Blind SQL injection with conditional responses
• 15 Nov SQL injection UNION attack, retrieving multiple values in a single column
• 15 Nov SQL injection UNION attack, retrieving data from other tables
• 15 Nov SQL injection UNION attack, finding a column containing text
• 15 Nov SQL injection UNION attack, determining the number of columns returned by the query
• 15 Nov SQL injection attack, listing the database contents on Oracle
• 15 Nov SQL injection attack, listing the database contents on non-Oracle databases
• 13 Nov SQL injection attack, querying the database type and version on MySQL and Microsoft
• 13 Nov SQL injection attack, querying the database type and version on Oracle
• 13 Nov SQL injection vulnerability allowing login bypass
• 12 Nov SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
• 24 Oct CustomDebianKde
• 10 Oct Busqueda
• 09 Oct Chaos
• 08 Oct Intelligence
• 07 Oct Soccer
• 06 Oct Manager
• 05 Oct Broker
• 04 Oct BoardLight
• 03 Oct Blackfield
• 02 Oct Authority
• 01 Oct Aero
• 30 Sep Sau
• 25 Aug Hospital
• 24 Aug Querier
• 23 Aug Monteverde
• 22 Aug Delivery
• 21 Aug Support
• 20 Aug Nodeblog
• 16 Aug Forest
• 15 Aug Sauna
• 14 Aug Timelapse
• 13 Aug Active
• 12 Aug Schooled
• 11 Aug Resolute
• 10 Aug Tabby
• 09 Aug ScriptKiddie
• 08 Aug Blue
• 06 Aug Remote
• 06 Aug GoodGames
• 05 Aug Arctic
• 04 Aug Posion
• 03 Aug Apocalyst
• 02 Aug SolidState
• 01 Aug Heist
• 31 Jul Waldo
• 30 Jul Antique
• 29 Jul Toolbox
• 28 Jul Devel
• 27 Jul Driver
• 25 Jul Netmon
• 24 Jul Optimum
• 23 Jul Jerry
• 23 Jul Legacy
• 22 Jul Grandpa
• 20 Jul Granny
• 19 Jul Bounty
• 18 Jul Jeeves
• 17 Jul Devzat
• 16 Jul Love
• 15 Jul Return
• 14 Jul Tenten
• 13 Jul Blocky
• 12 Jul Shocker
• 12 Jul Keeper
• 10 Jul Union
• 08 Jul Bolt
• 07 Jul Knife
• 06 Jul Stratosphere
• 06 Jul Nibbles
• 04 Jul Lame
• 01 Jul Validation
• 01 Jul NunChucks
• 30 Jun Horizontall
• 27 Jun Secret
• 22 Jun TwoMillion