Deadlock SSRF to IP disclosure
Deadlock SSRF TL;DR - A message sent in Deadlock containing image tags would trigger every client viewing the message to make an HTTP request to the URL within the image tags, giving you their real...
Deadlock SSRF TL;DR - A message sent in Deadlock containing image tags would trigger every client viewing the message to make an HTTP request to the URL within the image tags, giving you their real...
Adguard Home Arbitrary File Read TL;DR - Adguard Home deployments using versions 0.107.52 or lower are vulnerable to Arbitrary File Read which allowed a local authenticated user to target privilege...
Jellyfin XSS TL;DR - Jellyfin deployments using versions 10.9.9 or lower are vulnerable to stored XSS which allowed privilege escalation to a platform administrator and ultimately to arbitrary cod...
OpenObserve vulnerability chain TL;DR - OpenObserve deployments using version 0.9.1 or lower are vulnerable to the following privilege escalation chain: A malicious user submits logs via a serv...
Emby Media Server XSS TL;DR - Whilst playing with Emby Media Server 4.8.3.0, we found stored XSS and, due to other security configurations in the platform, we were able to craft a payload that res...