hqli-me (SekaiCTF 2025)
turning HQL injection into code execution
turning HQL injection into code execution
novel prototype pollution gadget in node.js 24 gives rce in vite preview server
race condition in starlette FileResponse allows reading procfs files
how to use monotonic aggregates in CodeQL
path confusion between com.sun.net.httpserver.HttpServer and nginx, exploit JNDI injection in high level jdk usign new commons-scxml gadget
dangling markup injection via log poisoning to bypass strict CSP and leak a session token
exploiting a 32-bit ELF with full RELRO, stack canary, and NX via a format string vulnerability
HTB machine involving Tomcat RCE, RMI path traversal, and a custom Java deserialization chain