It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject...

Brave Treated every local file as same-origin ('file://') giving local HTML files read access to other local files

```
<html>
<body>
<div id='div1'>
</div>
<noscript>
current_href =...

1. Open file xxe.xlsx like zip-archive
2. Read file xxe.xlsx\xl\worksheets\sheet1.xml

In file I wrote XXE payload:
<!DOCTYPE foo [ <!ELEMENT foo ANY ><!ENTITY xxe PUBLIC "lol"...

Kensington Security Slot is present on various portable devices like laptops, gaming consoles, hard drives, monitors, etc. It can be connected to an anchor in order to prevent the device from theft.

Write-up: https://blog.innerht.ml/overflow-trilogy/