Linux local electron application script-src: self bypass

Evernote RCE: From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge Remote-Code Execution

Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN

From MLOps to MLOops: Exposing the Attack Surface of Machine Learning Platforms

Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!

Studying 0days: How we hacked Anki, the world's most popular flashcard app