Security
CVE-2025-54336: Plesk Obsidian Authentication Bypass Vulnerability
TLDR; I found an authentication bypass in Plesk Obsidian. the admin password check uses PHP’s loose comparison (==) instead of strict (===). if the admin password looks like scientific notation …
CVE-2025-55166: SVG Sanitizer XSS Vulnerability via Context Confusion
I found a context confusion in svg-sanitizer library. it sanitizes SVG for XML context (case-sensitive) but when the SVG is inlined in HTML (case-insensitive), you can bypass the filter. xlink:hReF …