InterIUT 2026 – MilSec Utils (2/2)
TL;DR: RCE through vm2 sandbox escape
Medium
FCSC 2026 – Shrimp Saver
TL;DR: XSS via HTML entity double-parse and CSP bypass via PHP warning
FCSC 2026 – FCSC Aquarium
TL;DR: RCE via data: URI injection in import() and node permission bypass via inspector API
FCSC 2026 – Shellfish Say
TL;DR: XSS via path traversal chained with arbitrary file write through PHP session upload progress