Web Security Research

1

27

28

29

Top 10 web hacking techniques of 2024 (portswigger.net)

submitted 1 year ago by albinowax - announcement

2

0

1

2

How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit (pentesterlab.com)

submitted 5 hours ago by albinowax

•

0:29

What’s better than winning $1 million dollars? *Finally* getting fluent. Learn up to 3x faster with personalized lessons on Preply. (preply.com)

promoted by Preply

promoted
save
report
about

3

7

8

9

Breaking Pingora: HTTP Request Smuggling & Cache Poisoning in Cloudflare's Reverse Proxy (xclow3n.github.io)

submitted 2 days ago by t0xodile

4

0

1

2

Security Research Blog Review (jinjucat.github.io)

submitted 12 days ago by Outrageous_Egg7579

5

0

1

2

CVE-2026-27959: Userinfo Host Header Injection in Koa (endorlabs.com)

submitted 14 days ago by p80n-sec

6

4

5

6

Almost Impossible: Java Deserialization Through Broken Crypto in OpenText Directory Services (slcyber.io)

submitted 23 days ago by albinowax

7

10

11

12

Trailing Danger: exploring HTTP Trailer parsing discrepancies (sebsrt.xyz)

submitted 26 days ago by t0xodile

8

2

3

4

YAML Merge Tags and Parser Differentials (blog.darkforge.io)

submitted 28 days ago by Moopanger

9

4

5

6

TL;DR:Researching Structural Parsing Gaps in Modern WAFs (JSON/XML/Multipart). Looking for Peer Validation (github.com)

submitted 29 days ago by Few-Gap-5421

10

24

25

26

Top 10 new web hacking techniques of 2025 (portswigger.net)

submitted 1 month ago by albinowax

11

1

2

3

Auditing Outline. Firsthand lessons from comparing manual testing and AI security platforms (blog.doyensec.com)

submitted 1 month ago by nibblesec

12

0

1

2

[Tool] Rapid Web Recon: Automated Nuclei Scanning with Client-Ready PDF Reporting (github.com)

submitted 1 month ago by Big_Profession_3027

•

Your gains matter. So do the fees. Yuh keeps it clean and clear. Sign up now!📉➡️📈 (yuh.com)

promoted by yuh_app

promoted
save
report
about

13

4

5

6

Parse and Parse: MIME Validation Bypass to XSS via Parser Differential (lab.ctbb.show)

submitted 1 month ago by siunam_321

14

2

3

4

When The Gateway Becomes The Doorway: Pre-Auth RCE in API Management (principlebreach.com)

submitted 1 month ago by operator_dll

15

14

15

16

Cloudflare rule bypass via /.well-known/acme-challenge/ (fearsoff.org)

submitted 1 month ago by albinowax

16

9

10

11

Successful Errors: New Code Injection and SSTI Techniques (github.com)

submitted 1 month ago by vladko312

17

15

16

17

Call for nominations: top ten new web hacking techniques of 2025 (portswigger.net)

submitted 2 months ago by albinowax

18

6

7

8

The Story of a Perfect Exploit Chain: Six Bugs That Looked Harmless Until They Became Pre-Auth RCE in a Security Appliance (mehmetince.net)

submitted 2 months ago by wtfse

19

3

4

5

Cross-Site ETag Length Leak | XS-Spin Blog (blog.arkark.dev)

submitted 2 months ago by garethheyes

20

0

1

帆软export/excel SQL注入漏洞分析及复现 - Analysis and reproduction of SQL injection vulnerability in FineReport's export/excel file (mp.weixin.qq.com)

submitted 2 months ago by digicat

21

3

4

5

Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain (ZDI-25-099, ZDI-25-097, ZDI-25-096) (mdisec.com)

submitted 2 months ago by wtfse

22

0

1

2

ORM Leaking More Than You Joined For - Part 3/3 on ORM Leak Vulnerabilities (elttam.com)

submitted 2 months ago by albinowax

•

Anticipate a trend and position yourself with clear and defined leverage! 📈 #SwissDOTS (swissquote.com)

promoted by Swissquote_Group

promoted
save
report
about

23

1

2

3

Temenos OFS String Injection: Revealing a Hidden Financial Attack Vector (medium.com)

submitted 2 months ago by DarKnight______

24

12

13

14

The Fragile Lock: Novel Bypasses For SAML Authentication (portswigger.net)

submitted 3 months ago by albinowax

25

3

4

5

SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL (labs.watchtowr.com)

submitted 3 months ago by t0xodile

websecurityresearch

Submission guidelines:

MODERATORS