Several slightly weird issues this week, a reentrancy attack abusing a read-only function, SSRF and XSS through a statically generated website and others.
Kicking off the week with a look at Apple's new security blog and the kalloc_type introduced into XNU, then a mix of issues including an overflow in SQLite.
Several simple bugs with significant impacts, XSS to being able to install apps, CSRFing via a Captcha, and a Google IDOR.
A few issues this week, including an overflow in SHA-3, yet another io_uring bug, and multiple (questionably exploitable) corruptions in Edge.
Several fun issues this week, from a Cobalt Strike RCE, a couple auth bypasses, and stanza smuggling in Jabber.
We've got a few interesting vulns, a blind format string attack, Windows kernel int overflow, and a browser exploit (unchecked bounds after lowering).
This week we look at a insecure deserialization (GitLab), argument injection (Packagist), and insecure string interpolation (Apache Commons Text)
Just a couple issues this week and a discussion about why you should look at old vulnerabilities and the pace exploit development advanced at.
No actual bounties this week, but we start off with a discussion on semgrep vs codeql, then get into some cool issues that you can start testing for.
Starting off with some discussion about XOM and CFI on the PS5 and how it impacts exploitation. Then into a uClibC issue, and hacking wireless scoreboards.