Analyzing JavaScriptCore Vulnerabilities: Developing CodeQL Queries for Security Research
TL;DR JavaScriptCore (JSC) is the JavaScript engine used by Safari, Mail, App Store and many other apps in MacOs. The JSC engine is responsible for executing every line of JavaScript (JS) that...
Read the full articleYou might also wanna read
The Frequency of Known Vulnerabilities in JavaScript Libraries
An interesting whitepaper was released at the 2017 NDSS Symposium discussing a large-scale attempt at determining just how vulnerable client

Mitigating DOM clobbering attacks in JavaScript
This article explores the concept of DOM clobbering and provides strategies for building more secure and robust web applications.
Six protobuf.js vulnerabilities disclosed including critical RCE flaw in schema handling
Cyera disclosed six protobuf.js vulnerabilities rooted in schema and metadata handling, including an input validation oversight that lets at
CVE-2026-40501: Inclusion of Functionality from Untrusted Control Sphere in CherryHQ cherry-studio
Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code execution vulnerability in SearchService that al
Unpacking CVE-2025-55182: React Server Components RCE Exploit Deep Dive and SBOM-Driven Identification
A critical pre-authenticated remote code execution vulnerability (CVE-2025-55182) was disclosed in React Server Components, affecting Next.j

WAF - WAF Release - 2025-07-14
This week’s vulnerability analysis highlights emerging web application threats that exploit modern JavaScript behavior and SQL parsing ambig

Comments
Sign in to join the conversation.
No comments yet. Be the first.