Web

• Spoofing OpenPGP.js signature verification (write-up) 2025-06-15

  A logical vulnerability in OpenPGP.js, allowing for spoofed signatures using a crafted PGP packet sequence

  hack web CVE-2025-47934
• Tetris in a PDF 2025-01-12

  A fully playable Tetris game embedded in a PDF file, using JavaScript and PDF form fields.

  make web
• Ghostscript security research (write-up series) 2024-10-31

  A bunch of bugs in Ghostscript, including a classic format string vulnerability leading to RCE

  hack web CVE-2024-29506 CVE-2024-29507 CVE-2024-29508 CVE-2024-29509 CVE-2024-29510 CVE-2024-29511
• Arbitrary JavaScript execution in PDF.js (write-up) 2024-05-20

  A bug in PDF.js (and Firefox) with widespread XSS consequences

  hack web CVE-2024-4367 CVE-2024-34342
• Vulnerability write-up - “Dangerous assumptions” 2023-02-24

  Write-up on several bugs in Feathers.js, Sequelize, and Socket.IO relating to type confusion and incorrect interop assumptions

  hack web CVE-2022-29822 CVE-2022-2422 CVE-2023-22580 CVE-2023-22579 CVE-2023-22578 CVE-2022-2421