Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
JWT: Signature Leak
This exercise covers exploiting a JWT signature leak to forge authentication tokens.
|
< 1 Hr. |  |
53 | PRO |
|
CVE-2026-24895: FrankenPHP Path Confusion RCE using Unicode | < 1 Hr. |  |
20 | PRO |
|
|
JWT: Invalid Algorithm
This exercise covers exploiting JWT algorithm validation flaws to bypass signature verification.
|
< 1 Hr. | |
52 | PRO |
|
CVE-2026-XX050
This challenge covers the review of a CVE in a typescript codebase and its patch
|
-- | |
74 | PRO |
|
|
CVE-2026-XX888
This challenge covers the review of a CVE in a typescript codebase and its patch
|
-- | |
86 | PRO |
|
|
CVE-2025-XX864
This challenge covers the review of a CVE in a typescript codebase and its patch
|
< 1 Hr. | |
87 | PRO |
|
|
CVE-2021-X27X0
This challenge covers the review of a CVE in a JavaScript codebase and its patch
|
-- | |
94 | PRO |
|
|
CVE-2021-437XX
This challenge covers the review of a CVE in a JavaScript codebase and its patch
|
-- | |
106 | PRO |
|
|
CVE-2020-XX079
This challenge covers the review of a CVE in a javascript codebase and its patch
|
< 1 Hr. | |
125 | PRO |
|
|
CVE-2025-XXX57
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
81 | PRO |
|
|
CVE-2026-XXX50
This challenge covers the review of a CVE in a python codebase and its patch
|
-- | |
77 | PRO |
|
|
CVE-2024-XX3X9
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
62 | PRO |
|
|
CVE-2024-X68X
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
109 | PRO |
|
|
CVE-2025-6X5X7
This challenge covers the review of a CVE in a python codebase and its patch
|
-- | |
95 | PRO |
|
|
CVE-2025-0X6X
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
118 | PRO |
|
|
CVE-202X-15X7
This challenge covers the review of a CVE in a golang codebase and its patch
|
-- | |
65 | PRO |
|
|
CVE-2023-2758X
This challenge covers the review of a CVE in a golang codebase and its patch
|
< 1 Hr. | |
74 | PRO |
|
|
CVE-2017-1XX74
This challenge covers the review of a CVE in a golang codebase and its patch
|
-- | |
94 | PRO |
|
|
CVE-2025-NOID
This challenge covers the review of a CVE in a java codebase and its patch
|
< 1 Hr. | |
93 | PRO |
|
|
CVE-2022-2X457
This challenge covers the review of a CVE in a java codebase and its patch
|
< 1 Hr. | |
105 | PRO |
|
|
CVE-2025-627X0
This challenge covers the review of a CVE in a java codebase and its patch
|
< 1 Hr. | |
95 | PRO |
|
|
Latex: --shell-escape
This exercise covers how one can leverage latex when pdflatex is used with the --shell-escape option to gain command execution.
|
< 1 Hr. |  |
53 | PRO |
|
|
CVE-2025-X93X0
This challenge covers the review of a CVE in a golang codebase and its patch
|
-- | |
65 | PRO |
|
|
Golang Code Review #07
This challenge covers the review of a snippet of code written in Golang.
|
-- | |
90 | PRO |
|
|
CVE-2025-X215X
This challenge covers the review of a CVE in a golang codebase and its patch
|
-- | |
72 | PRO |
|
|
CVE-2025-6X9X2
This challenge covers the review of a CVE in a python codebase and its patch
|
-- | |
101 | PRO |
|
|
CVE-2025-X942X
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
111 | PRO |
|
|
CVE-2025-6X85
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
111 | PRO |
|
|
CVE-2025-X270X
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
125 | PRO |
|
|
Puzzle 08 | < 1 Hr. | |
23 | PRO |
Showing 61–90 of 743 exercises
Free Labs of the Month
