| How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System |
|
|
|
| Capturing Exposed AWS Keys During Dynamic Web Application Tests |
|
|
|
| Traeger Grill D2 Wi-Fi Controller, Version 2.02.04 |
|
|
|
| Securing our home labs: Frigate code review |
|
|
|
| Writing Burp Bambda Filters Like a Boss |
|
|
|
| 38TB of data accidentally exposed by Microsoft AI researchers |
|
|
|
| Apache Superset Part II: RCE, Credential Harvesting and More |
|
|
|
| A $1,000,000 bounty? The KuCoin User Information Leak |
|
|
|
| How Material Security Uncovered a Vulnerability in the Gmail API |
|
|
|
| The Time I Hacked Google’s Manual Actions Database |
|
|
|
| Exposing Users Table From a Leaky GraphQL Query |
|
|
|
| Exploiting Parameter Pollution in Golang Web Apps |
|
|
|
| Meta Quest: Attacker could make any Oculus user to follow (subscribe) him without any approval |
|
|
|
| Better Make Sure Your Password Manager Is Secure |
|
|
|
| Pre-Auth RCE with CodeQL in Under 20 Minutes |
|
|
|
| Invitation Hijacking |
|
|
|
| Support supports a Hacker |
|
|
|
| Reverse Engineering the Apple Multipeer Connectivity Framework |
|
|
|
| Vulnerabilities in Tenda's W15Ev2 AC1200 Router |
|
|
|
| Insecure Comments |
|
|
|
| AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes |
|
|
|
| Privilege Escalation Leads to making authenticated actions (payment processing, creating invoices.. etc) |
|
|
|
| Cloning internal Google repos for fun and… info? |
|
|
|
| Attackers Can Bypass GitHub Required Reviewers to Submit Malicious Code |
|
|
|
| Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrl |
|
|
|
writeups.xyz
/
Broken Authorization