Tags

Browse all documents by tag. Click a tag to filter.

access-control

• IDOR

agent

• AI Security

ai

• AI Security

authentication

• Host Header Attacks

cache-poisoning

• Host Header Attacks
• Self-XSS Escalation

chain

• Self-XSS Escalation

clickjacking

• Self-XSS Escalation

client-side

• Bypasses
• CSRF
• Clickjacking
• Client-Side Vulnerabilities
• DOM Clobbering
• Escalation
• Exploitation
• Finding
• JavaScript Analysis
• Open Redirect
• Prototype Pollution
• Tab Nabbing
• WebSocket
• XSS - Cross-Site Scripting
• postMessage

critical

• API Attacks
• Bypasses
• Bypasses
• Cache to XSS
• Command Injection
• Escalation
• Escalation
• Exploit Chains
• Exploitation
• Exploitation
• File Upload
• Finding
• Finding
• GraphQL
• IDOR to ATO
• Injection Vulnerabilities
• NoSQL
• OAuth to ATO
• Path Traversal
• Prototype Pollution to RCE
• SQL Injection (SQLi)
• SQLi to RCE
• SSRF - Server-Side Request Forgery
• SSRF to RCE
• SSTI
• XSS to ATO
• XXE
• XXE to SSRF
• gRPC

csrf

• Self-XSS Escalation

high

• 2FA Bypass
• AI Security
• Agent Hijacking
• Authentication Vulnerabilities
• Bypasses
• Bypasses
• Cache Poisoning
• Captcha Bypass
• Data Poisoning
• Drupal
• Escalation
• Escalation
• Exploitation
• Exploitation
• Finding
• Finding
• IDOR
• IDOR - Insecure Direct Object Reference
• Infrastructure Vulnerabilities
• JWT
• LLM/AI
• Logic Vulnerabilities
• Misconfigurations
• OAuth
• Open Redirect
• Passkeys/FIDO2
• Password Reset
• Payment Bypass
• Prompt Injection
• Race Conditions
• Race to Bypass
• Rate Limiting
• Request Smuggling
• SAML
• Self-XSS Escalation
• Session Attacks
• Subdomain Takeover
• Symfony
• WAF Bypass
• WordPress
• XSS - Cross-Site Scripting

http

• CRLF Injection

infra

• Cache Poisoning
• Infrastructure Vulnerabilities
• Misconfigurations
• Request Smuggling
• Subdomain Takeover
• WAF Bypass

injection

• CRLF Injection

llm

• AI Security

logic

• 2FA Bypass
• AI Security
• Agent Hijacking
• Authentication Vulnerabilities
• Bypasses
• Captcha Bypass
• Data Poisoning
• Escalation
• Exploitation
• Finding
• IDOR
• IDOR - Insecure Direct Object Reference
• JWT
• LLM/AI
• Logic Vulnerabilities
• OAuth
• Open Redirect
• Passkeys/FIDO2
• Password Reset
• Payment Bypass
• Prompt Injection
• Race Conditions
• Rate Limiting
• SAML
• Session Attacks

medium

• CSRF
• Clickjacking
• DOM Clobbering
• Open Redirect
• Prototype Pollution
• Tab Nabbing
• WebSocket
• postMessage

methodology

• Recon Methodology

prompt-injection

• AI Security

quick-ref

• Recon Methodology

rag

• AI Security

recon

• JavaScript Analysis
• Recon Methodology

response-splitting

• CRLF Injection

secrets

• JavaScript Analysis

server-side

• API Attacks
• Bypasses
• Bypasses
• Command Injection
• Drupal
• Escalation
• Escalation
• Exploitation
• Exploitation
• File Upload
• Finding
• Finding
• GraphQL
• Host Header Attacks
• Injection Vulnerabilities
• NoSQL
• Path Traversal
• SQL Injection (SQLi)
• SSRF - Server-Side Request Forgery
• SSTI
• Server-Side Vulnerabilities
• Symfony
• WordPress
• XXE
• gRPC

ssrf

• Host Header Attacks

supply-chain

• AI Security

web

• CRLF Injection
• Host Header Attacks

xss

• JavaScript Analysis
• Self-XSS Escalation