I found a context confusion in svg-sanitizer library. it sanitizes SVG for XML context (case-sensitive) but when the SVG is inlined in HTML (case-insensitive), you can bypass the filter. xlink:hReF …
TLDR; I found an authentication bypass in Plesk Obsidian. the admin password check uses PHP’s loose comparison (==) instead of strict (===). if the admin password looks like scientific notation …
TLDR; There is a horrible lag issue with spotify, spotify didn’t fix it yet, so basically I profile the app, detect the bug slowing it down, add some code to force hardware acceleration using …