Why ORMs and Prepared Statements Can't (Always) Win

Exploiting authorization by nonce in WordPress plugins

Getting code execution on Veeam through CVE-2023-27532

Spip Preauth RCE 2024: Part 2, A Big Upload

Breaking Down Barriers: Exploiting Pre-Auth SQL Injection In WhatsUp Gold - CVE-2024-6670

Back To School - Exploiting A Remote Code Execution Vulnerability In Moodle