Whats interesting here is more the inclusion of methodology for finding the pollution points and the script gadgets that could abuse the pollution rather than the specific vulnerabilities.
Vulnerabilities tagged 'research'
Thirteen distinct vulnerabilities in Apache Dubbo related to insecure deserialization, and an excellent look at using CodeQL to assist manual vulnerability research and attack surface discovery. A lot of the interesting points in this post are more about the discovery of new attack surface rather than in the vulnerabilities themselves.
Stack Clashing is a bit of an uncommonly seen vulnerability class, but the idea is simple, its a vulnerability resulting in the stack pointer pointing outside of the stack.
tl;dr Some research examining how an attacker could abuse Azure Logical Apps access to to escalate their privileges.