A remote webpage can abuse an unauthenticated guest HTTP API to compromise the Windows guest container, then feed a malicious app entry leading to Linux host code execution on click.

A malicious protobuf registry can return a file:// verification URL during device auth; the buf CLI opens it via the OS default handler (e.g. macOS open), enabling client-side code execution during login.

Remote Code Execution in Github “GH” CLI via custom GitHub Enterprise Server

Abusing XSS and CSRF for Remote Code Execution in Google Chrome

A tour of Node.js’s experimental permission controls (module policy + process permissions), plus practical bypasses and the fixes that closed them.

Burp Suite remote code execution by leveraging the Chrome remote debugging interface when crawling or scaning.

Process-based permissions can be bypassed with the “inspector” module in Node.js

A string-vs-object handling mismatch can create surprising type confusion: apps that mutate assumed-object payloads before signing may be bypassed if untrusted input is a string that later verifies as an object.

Restrictions made with the –experimental-permission flag can be bypassed with the built-in wasi module

Remote Code Execution in Microsoft Teams Desktop Application due to missing contextIsolation flag in authentication windows

A malicious Docker image can escape its container and execute code on the host by abusing Kitematic’s Electron Web Preview webview without contextIsolation.

An underprivileged Ghost user can create a post with javascript, that when previewed by and admin will execute and elevate privileges.

Remote Code Execution vulnerability in Electron affecting apps with the ability to open nested child windows due to WebPreferences not being inherited properly

Adaptive cards in Outlook (and other products) do not properly validate the “Action.OpenUrl” leading to XSS

Build project for an IoT Elmo to prank my friend.