Vercel

Finding a Svelte SSR XSS …

Background

I’ve been working through Vercel’s bug bounty program, which explicitly calls out server-side rendering and compiler security as focus areas. Svelte is a Tier 1 target in that program, and since Svelte 5 introduced a significant rework of how components are compiled and …

Vercel

Finding a Svelte SSR XSS …

Background

Finding a Svelte SSR XSS via Unsanitized idPrefix in HTML Comment Markers

AdGuardHome: Unauthenticated API Access via HTTP/2 Cleartext (h2c) Upgrade

Unauthenticated SSRF in RustDesk Lets Anyone Port-Scan Your Internal Network