|
Stored XSS Filter Bypass in the Skills section
|
XSS |
Krishna Kumar |
2023-08-16
|
2025-04-08 |
|
Blind SSRF - The Tray
|
Blind SSRF |
p4n7h3rx |
2023-07-29
|
2025-04-08 |
|
Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel
|
ATO, 2FA Bypass, PII, RCE |
Sam Curry |
2025-01-23
|
2025-04-09 |
|
Hacking Kia: Remotely Controlling Cars With Just a License Plate
|
PII, RCE |
Sam Curry |
2024-09-20
|
2025-04-09 |
|
Request Smuggling Exposes JWT — Enables 0-Click ATO!
|
Request Smuggling, ATO |
Omar Alzughaibi |
2024-04-09
|
2025-04-09 |
|
Client-side RCE via symlink following in Google Web Designer for macOS/Linux: CVE-2025-1079
|
RCE |
Bálint Magyar |
2024-04-02
|
2025-04-09 |
|
Let's Talk About Encryption And IDORs (Yes, IDORs Again)
|
IDOR |
bombon (@bxmbn) |
2025-02-23
|
2025-04-10 |
|
Hijacking Sessions with IDOR and XSS
|
XSS, ATO |
bombon (@bxmbn) |
2025-02-23
|
2025-04-10 |
|
A successful prototype pollution chained to a DOM XSS
|
XSS, Prototype Pollution |
Rachid.A (@zhero___) |
2023-04-10
|
2025-04-10 |
|
$175 Prototype Pollution Vulnerability – Public program
|
Prototype Pollution |
1day |
2024-10-02
|
2025-04-10 |
|
What is prototype poisoning? Prototype bugs explained!
|
Prototype Poisoning |
Christoffer Jerkeby |
2022-09-14
|
2025-04-10 |
|
Remote code execution (RCE) 101
|
RCE, AEM |
DK999 |
2025-03-26
|
2025-04-11 |
|
Cache Deception on my new site!
|
Cache Deception |
Jorian (@J0R1AN) |
2025-03-29
|
2025-04-12 |
|
Bypassing WAFs to Exploit CSPT Using Encoding Levels
|
CSPT, WAF |
Matan Berson (@MtnBer) |
2024-05-10
|
2025-04-12 |
|
Bidding Like a Billionaire - Stealing NFTs With 4-Char CSTIs
|
CSTI |
Matan Berson (@MtnBer) |
2024-07-11
|
2025-04-12 |
|
Privilege Escalation via Manipulation of Account Attributes
|
Privilege Escalation |
0xBen |
2025-04-12
|
2025-04-14 |
|
2 Idors allowed me to upload , modify and see victim’s Data
|
IDOR |
0xBen |
2025-02-02
|
2025-04-14 |
|
How I Found RCE (Remote Code Execution) via File Upload
|
RCE, File Upload |
Akash A |
2024-09-08
|
2025-04-14 |
|
How We Hacked a Software Supply Chain for $50K
|
Supply Chain |
Roni Carta, Lupin |
2025-02-15
|
2025-04-15 |
|
I Studied 100+ SSRF Reports, and Here’s What I Learned
|
SSRF |
Aditya Sawant |
2024-10-06
|
2025-04-16 |
|
Digging for SSRF in NextJS apps
|
SSRF |
Adam Kues, Shubham Shah |
2024-05-09
|
2025-04-16 |
|
SSRF (Server Side Request Forgery) worth $4,913 | My Highest Bounty Ever !
|
SSRF |
Sayaan Alam |
2020-11-10
|
2025-04-16 |
|
blind-ssrf-chains
|
SSRF |
Assetnote |
2021-01-14
|
2025-04-16 |
|
A recap of the Q&A session on Twitter
|
SSRF |
Agarri |
2021-04-23
|
2025-04-16 |
|
Unveiling Hidden Treasures: How Analyzing JavaScript Files Led Me to Tokens and Secret Keys
|
Credential Dislosure |
0xBen |
2025-04-12
|
2025-04-16 |
|
HTTP header hacks: basic and advanced exploit techniques explored
|
HTTP Header Attacks |
YesWeHack |
2025-04-15
|
2025-04-17 |
|
CPDoS
|
CPDoS |
Luigi Lo Iacono, Hoai Viet Nguyen |
2019-11-14
|
2025-04-17 |
|
0-Click Mass Account Takeover via Password Reset Functionality
|
Password Reset, ATO |
0d_samii |
2024-09-08
|
2025-04-19 |
|
Easy P1: Unlocking Pro & Enterprise Features via Developer Tools (Inspect) due to insufficient server-side validation
|
Broken Access |
0d_samii |
2024-10-17
|
2025-04-19 |
|
Authentication - shared-secret-key
|
Authentication |
Osb0rn3 |
2024-09-17
|
2025-04-19 |
|
Authentication - oauth-scope
|
Authentication |
Osb0rn3 |
2024-09-20
|
2025-04-19 |
|
Common OAuth Vulnerabilities
|
OAuth |
doyensec |
2025-01-30
|
2025-04-20 |
|
Traveling with OAuth — Account Takeover on Booking.com
|
OAuth |
Aviad Carmel |
2023-03-02
|
2025-04-20 |
|
Cross-Site WebSocket Hijacking Exploitation in 2025
|
WebSocket |
Laurence Tennant |
2025-04-17
|
2025-04-22 |
|
Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery - Introducing CSPT2CSRF
|
CSPT |
doyensec |
2024-07-02
|
2025-04-23 |
|
How I made $64k from deleted files — a bug bounty story
|
Information Disclosure |
Sharon Brizinov |
2025-04-23
|
2025-04-24 |
|
The power of Client-Side Path Traversal: How I found and escalated 2 bugs through “../”
|
CSPT, XSS |
Alvaro Balada |
2024-01-01
|
2025-04-29 |
|
XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT
|
XSS |
Ron Masas |
2024-02-19
|
2025-04-29 |
|
Hacking Microsoft and Wix with Keyboard Shortcuts
|
XSS |
Ron Masas |
2024-02-15
|
2025-04-29 |
|
Breaking OTPs in the Real World: How Design Flaws Led to Full Account Takeover
|
OTP Bypass |
Huntsman |
2025-05-02
|
2025-05-03 |
|
Google Cloud Account Takeover via URL Parsing Confusion
|
OAuth |
Mohamed Benchikh |
2025-04-29
|
2025-05-03 |
|
Exploiting XSS with 20 characters limitation
|
XSS |
marektoth |
2020-08-23
|
2025-05-03 |
|
Why XSS Persists in This Frameworks Era?
|
XSS |
canalun (@i_am_canalun) |
2025-07-08
|
2025-07-16 |
|
GMSGadget
|
Gadget |
kevin-mizu (@kevin_mizu) |
2025-07-21
|
2025-07-26 |
|
ChatGPT Account Takeover - Wildcard Web Cache Deception
|
Cache Deception |
harel (@h4r3l) |
2024-02-04
|
2025-07-26 |
|
Netflix Vulnerability: Dependency Confusion in Action
|
Dependency Confusion |
Roni Carta & Lupin |
2025-06-10
|
2025-07-26 |
|
How XBOW turned a JavaScript hint into a working file inclusion
|
LFI |
Nico Waisman |
2025-07-21
|
2025-07-26 |
|
The campaign is not available in your country: XBOW discovered an SQLi while attempting to bypass geolocation restrictions.
|
SQLi |
Nico Waisman |
2025-07-31
|
2025-08-01 |
|
Wiz Research Uncovers Critical Vulnerability in AI Vibe Coding platform Base44 Allowing Unauthorized Access to Private Applications
|
Authorization |
Gal Nagli |
2025-07-29
|
2025-08-01 |