caverav - Security Researcher and Application Security Engineer

CVE-2026-0540: How a CTF Detour Led Us to a DOMPurify mXSS - Daft

2026-03-29

Security Research

security

/

xss

/

mxss

/

dompurify

/

javascript

/

cve

/

web-security

/

ssr

A detailed write-up of the DOMPurify mXSS we found during a CTF detour, affecting 3.1.3 through 3.3.1 and fixed through a small patch series in 3.3.2.

1075 words

|

5 minutes

Cover image for CVE-2026-0540: How a CTF Detour Led Us to a DOMPurify mXSS - Daft

CVE-2025-15265: Svelte Hydratable Key SSR XSS - Lydian

2026-03-17

Security Research

security

/

xss

/

svelte

/

javascript

/

ssr

/

cve

/

web-security

A technical write-up of the Svelte async SSR XSS I discovered in hydratable() key serialization, affecting versions 5.46.0 through 5.46.3.

799 words

|

4 minutes

Cover image for CVE-2025-15265: Svelte Hydratable Key SSR XSS - Lydian

CVE-2025-67635: Unauthenticated DoS in the Jenkins CLI full-duplex endpoint

2025-12-12

Security Research

security

/

jenkins

/

dos

/

java

/

concurrency

/

cli

[Race conditions](https://db.fluidattacks.com/wek/124/) and missing timeouts in Jenkins' plain CLI endpoint let anyone exhaust servlet threads without Overall/Read.

1150 words

|

6 minutes

CVE-2025-9624: Nested Boolean/Disjunction Asymmetric DoS in Amazon's OpenSearch query_string - Chick

2025-11-25

Security Research

security

/

dos

/

java

/

cve

/

hacking

/

web-security

/

amazon

/

opensearch

How I found CVE-2025-9624, an asymmetric Denial of Service in Amazon's OpenSearch's query_string handling, and how it was fixed with search.query.max_query_string_length.

662 words

|

3 minutes

Cover image for CVE-2025-9624: Nested Boolean/Disjunction Asymmetric DoS in Amazon's OpenSearch query_string - Chick

The Obsolescence of SSL Pinning in Mobile App Security

2025-09-01

Security

security

/

ssl-pinning

/

hacking

/

mobile-security

/

android

/

ios

/

tls

This blog post is dense and time-consuming to read in full.If you just need the essentials:

4165 words

|

21 minutes

Cover image for The Obsolescence of SSL Pinning in Mobile App Security

CVE-2025-9375: XML Injection Vulnerability in xmltodict 0.14.2 - Mono

2025-08-25

Security Research

security

/

xml

/

python

/

cve

/

hacking

/

web-security

I discovered an XML Injection vulnerability in xmltodict version 0.14.2, a popular Python library with over 1.5 million weekly downloads on PyPI. This vulnerability allows attackers to inject arbitrary XML markup through crafted dictionary keys, potentially leading to XML structure manipulation, data corruption, and in web contexts, cross-site scripting (XSS) attacks.

691 words

|

3 minutes

Cover image for CVE-2025-9375: XML Injection Vulnerability in xmltodict 0.14.2 - Mono

CVE-2025-7969: Markdown-it Fence Rendering XSS - Fito

2025-08-20

Security Research

security

/

xss

/

javascript

/

cve

/

hacking

/

web-security

Markdown-it 14.1.0 contains an XSS vulnerability (CVE-2025-7969) that enables arbitrary JavaScript execution through a fence rendering bypass. This post provides a technical deep dive into the vulnerability, exploitation techniques, and real-world impact scenarios.

1048 words

|

5 minutes

Cover image for CVE-2025-7969: Markdown-it Fence Rendering XSS - Fito

CVE-2025-8101: Linkify.js Prototype Pollution & XSS - Charly

2025-07-26

Security Research

security

/

xss

/

prototype-pollution

/

javascript

/

cve

/

hacking

/

web-security

Linkify.js 4.3.1 contains a prototype pollution vulnerability (CVE-2025-8101) that enables remote code execution through XSS. This post provides a technical deep dive into the vulnerability, exploitation techniques, and real-world impact scenarios.

730 words

|

4 minutes

Cover image for CVE-2025-8101: Linkify.js Prototype Pollution & XSS - Charly