Kinda of a cool race condition and sort of differential attack deep inside XNU's virtual memory system that allows for bypassing "copy on write" and writing to the underlying page without making a copy.
A post on exploiting a bug that Jann Horn discovered in the linux kernel's memory management (MM) subsystem.The bug isn't detailed in this post and is fairly complex (there is a project zero bug report but it's difficult to understand without deep knowledge of MM internals), though they state it will be written up in a future blogpost...
A number of bugs in Tailscale leading to an RCE chain.
Its the description that caught my eye on this one, a race condition leading to authentication bypass.
Bit of a race condition leading to a lock screen bypass on Pixel devices.
A long chain of issues going from blind SSRF to new-line injection to a blind Livestatus Query Language (LQL) injection to arbitrary file deletion and finally a race condition leading to authentication bypass.