06 Jan 2026

XS Leaks, arithmetic bugs & CVE deep dives.

💧 Cross-Site ETag Length Leak
0

An amazing CTF write-up on XS Leaks. Make sure you also read the unintended solution linked at the bottom of the page Cross-Site ETag Length Leak.

🛠️ Detect Go's silent arithmetic bugs with go-panikint
0

A new tool from the team at Trail of Bits to detect arithmetic bugs in Go Detect Go's silent arithmetic bugs with go-panikint.

💎 Ruby Array Pack Bleed
0

Luke Jahnke is back with the first bug in Ruby 4 Ruby Array Pack Bleed.

🛒 CVE-2025-61922: Zero-Click Account Takeover on PrestaShop
0

A great CVE analysis on CVE-2025-61922. Funnily enough, I quickly discussed this bug in a recent talk on how to learn from CVE analysis CVE-2025-61922: Zero-Click Account Takeover on PrestaShop.

💉 The return to blogging and a blind SQL injection
0

Another CVE analysis, inspired by my blog post The return to blogging and a blind SQL injection.

📬 Never Miss Quality Security Research

Get these curated picks delivered to your inbox every week:

  • Hand-picked vulnerability research
  • Practical security insights
  • CVE deep-dives worth your time
  • No fluff, just signal
Subscribe for Free →
Photo of PentesterLab
PentesterLab
The platform to learn web hacking and security code review
X LinkedIn
Related Posts