Missing, or maybe insufficient authentication checks on the `/users/create_admin` endpoint allowed any user (even one not logged in) to create a new administrative account and gain full admin privileged within the Stocky app.
It was possible to forge JWT tokens due to an unchecked constraint when processing the JWT before verifying. In one function the token would be "processed" as in it would pull out the relative information, passing it into `Util:verify_token(token, secret, acceptedIssuers)`
Prototype pollution through a Mermaid diagram embedded in markdown leading to stored XSS.
Heap based overflow in the Windows Kernel (ntfs.sys). This was originally found in the wild by Kaspersky, though Alex Plaskett here digs much more into the vulnerability and exploitation, and takes it in bit of a new direction removing the need for a separate info-leak.
Race UAF in the Linux kernel.The issue is the `SO_PEERCRED` and `SO_PEERGROUPS` socket options don't maintain ownership / lock when copying `sk->sk_peer_cred` to userspace...
A use-after-free in `AddIceCandidate()` for adding Interactive Connection Establishment candidates when starting a WebRTC session.The problem is, it's possible to setup a `Promise` that can call `setLocalDescription()`, which will mark part of the local description memory for collection by the garbage collector...
Three vulnerabilities in Qualcomm's Neural Processing Unit (NPU) driver. Specifically the article focuses on Samsung devices, as, for whatever reason, the NPU device is accessible to untrusted users where it isn't on most other devices.
Weak randomness leading to a predictable filename enabling code execution...
Root issue is that WebKit violates the specification for Content-Security-Policy (CSP) violation reports, leaking the destination of a violating redirect rather than the origin in the `documentURI` field of the report.
Multiple bugs within the Microsoft RDP Client (Server being the attacker) found through fuzzing. None covered at this time are very impactful but there is some background in Virtual Channels within RDP and experieince getting a fuzzing envrionment setup that might be of value.