What is Rate Limit ?

The WP-JSON implementation on some wordpress.com websites I've tested is vulnerable to denial of service where by an attacker can provide an arbitrary `Origin` header in the request, which is then...

HTTP parameter discovery suite. Contribute to edduu/Arjun development by creating an account on GitHub.

A collection of custom security tools for quick needs. - gwen001/pentest-tools

Posted by Gal Beniamini, Project Zero It’s a well understood fact that platform security is an integral part of the security of comple...

### Summary
The `UploadsRewriter` does not validate the file name, allowing arbitrary files to be copied via directory traversal when moving an issue to a new project.

The pattern used to look for...

We are going to show you four ways hackers trick WAFs, sneaking XXE issues past their defenses❗️

## Vulnerability Type:
-----------
Subdomain Takeover

## Denoscription:
-----------
Due to unclaimed or expired Hubspot instance an attacker is able to claim and serve content from...

johnstone discovered An arbitrary file upload via the resume functionality at https://ecjobs.starbucks.com.cn which led to arbitrary code execution by uploading a webshell.
@johnstone — thank for...

**Summary:**

Due to an Insecure Direct Object Reference (IDOR) in adding recipients to a shared package on ██████████, an unauthenticated attacker can access all files uploaded to ████. As...

Hello team!

I've found a Race Condition vulnerability which allows to redeem gift cards multiple times. This how a s/he can easily buy stuff just bying one gift card and redeem it over and over...