Repo for discovered vulnerabilities & corresponding CVEs
| CVE ID | Year | Severity | Description | Write-up |
|---|---|---|---|---|
| CVE-2021-43778 | 2021 | 🔴 Critical | GLPi Path Traversal Arbitrary File Read | Details |
| CVE-2021-43779 | 2021 | 🔴 Critical | GLPi Command Injection RCE | Details |
| CVE-2022-43014 | 2022 | OpenCats ATS Reflected XSS | Details | |
| CVE-2022-43015 | 2022 | OpenCats ATS Reflected XSS | Details | |
| CVE-2022-43016 | 2022 | OpenCats ATS Reflected XSS | Details | |
| CVE-2022-43017 | 2022 | OpenCats ATS Reflected XSS | Details | |
| CVE-2022-43018 | 2022 | OpenCats ATS Reflected XSS | Details | |
| CVE-2022-43019 | 2022 | 🔴 Critical | OpenCats ATS Insecure Deserialization RCE | Details |
| CVE-2022-43020 | 2022 | 🟠 HIGH | OpenCats ATS SQL injection | Details |
| CVE-2022-43021 | 2022 | 🟠 HIGH | OpenCats ATS SQL injection | Details |
| CVE-2022-43022 | 2022 | 🟠 HIGH | OpenCats ATS SQL injection | Details |
| CVE-2022-43023 | 2022 | 🟠 HIGH | OpenCats ATS SQL injection | Details |
| CVE-2023-35133 | 2023 | 🟠 HIGH | Moodle LMS Server-Side Request Forgery | Details |
| HTTP RFC Referrer-Policy | 2024 | N/A | Chromium Referrer-Policy override | Blog |
| Novel XSS techniques | 2024 | N/A | Novel event handler XSS techniques | Blog |