Skip to main content
Scour
Discover
Docs
Login
Sign Up
Discover
About
Docs
Changelog
You are offline. Trying to reconnect...
Copied to clipboard
Unable to share or copy to clipboard
Web Exploits
🌐 Web Exploits
Specific
SQL Injection, XSS, CSRF, Command Injection
Filter Results
Timeframe
Choose a timeframe
Fresh
Past Hour
Today
This Week
This Month
Feeds to Scour
Subscribed
All
Scoured
178
posts in
201.0
ms
📋
OWASP Top 10
OWASP
·
4d
4 days ago
Aikido and
OWASP
bring agentic Code Audit to the global AppSec community
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Aikido and OWASP bring agentic Code Audit to the global AppSec community
🔐
Infosec
Eugene Yan
·
1d
1 day ago
Patterns for Building Cybersecurity Evals
Covers
3 stories
See all stories this covers
including
ExploitGym: Can AI Agents Turn Security Vulnerabilities into Real Attacks?
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Patterns for Building Cybersecurity Evals
🔒
Web Security
medium.com
·
1d
1 day ago
Cross-site
request
forgery (CSRF) (APPRENTICE)
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Cross-site request forgery (CSRF) (APPRENTICE)
🔒
Web Security
medium.com
·
5d
5 days ago
Cross-Site
Scripting
(XSS):Still the Web’s Most Underestimated vulnerability
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Cross-Site Scripting(XSS):Still the Web’s Most Underestimated vulnerability
🔒
Web Security
medium.com
·
1d
1 day ago
Writeup — Manipulating WebSocket Messages to
Exploit
Vulnerabilities
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Writeup — Manipulating WebSocket Messages to Exploit Vulnerabilities
🔒
Web Security
medium.com
·
2d
2 days ago
CSRF
where token is tied on non-session cookie
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for CSRF where token is tied on non-session cookie
🎯
Pen Testing
OffSec
·
5d
5 days ago
AI vs Traditional
Penetration
Testing
: Tooling and Outcomes
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for AI vs Traditional Penetration Testing: Tooling and Outcomes
🛡️
Content Security Policy
medium.com
·
2d
2 days ago
React Doesn’t Prevent
XSS
— Developers Do
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for React Doesn’t Prevent XSS — Developers Do
🔒
Web Security
medium.com
·
3d
3 days ago
CSRF
Attacks: How They Work and How to Stop Them
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for CSRF Attacks: How They Work and How to Stop Them
🔒
Web Security
medium.com
·
1d
1 day ago
PortSwigger
SQLi
Lab 2:
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for PortSwigger SQLi Lab 2:
🔐
Infosec
Help Net Security
·
5d
5 days ago
Attackers are
exploiting
FortiSandbox
vulnerabilities
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Attackers are exploiting FortiSandbox vulnerabilities
🔓
Hacking
cisa.gov
·
6d
6 days ago
Vulnerability
Summary for the Week of June 8, 2026
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Vulnerability Summary for the Week of June 8, 2026
🔓
Hacking
medium.com
·
6d
6 days ago
PortSwigger :
SQL
Injection
Vulnerability
Allowing Login Bypass
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for PortSwigger : SQL Injection Vulnerability Allowing Login Bypass
⚠️
XSS
Scott Helme
·
6d
6 days ago
The Instructure Canvas Breach (2026): How
XSS
in a Support Ticket Compromised 275 Million Students
Covers
4 stories
See all stories this covers
including
[Canvas] Security Incident Update and FAQs
Discussed on
Hacker News
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for The Instructure Canvas Breach (2026): How XSS in a Support Ticket Compromised 275 Million Students
🔐
Infosec
thehackernews.com
·
5d
5 days ago
Attackers
Exploit
Three Fortinet FortiSandbox Flaws, One Patched Last Week
Covered by
sh.itjust.works
,
igor´sLAB
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
🔒
Web Security
medium.com
·
4d
4 days ago
PortSwigger : Stored
XSS
into HTML Context with Nothing Encoded
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for PortSwigger : Stored XSS into HTML Context with Nothing Encoded
🔒
Web Security
medium.com
·
3d
3 days ago
PortSwigger : DOM
XSS
in document.write Sink Using Source location.search
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for PortSwigger : DOM XSS in document.write Sink Using Source location.search
🔒
Web Security
medium.com
·
3d
3 days ago
PortSwigger : DOM
XSS
in innerHTML Sink Using Source location.search
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for PortSwigger : DOM XSS in innerHTML Sink Using Source location.search
🔒
Web Security
medium.com
·
4d
4 days ago
PortSwigger : Reflected
XSS
into HTML Context with Nothing Encoded
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for PortSwigger : Reflected XSS into HTML Context with Nothing Encoded
⚠️
XSS
scotthelme.ghost.io
·
6d
6 days ago
The Instructure Canvas Breach (2026): How
XSS
in a Support Ticket Compromised 275 Million Students
Covers
4 stories
See all stories this covers
including
[Canvas] Security Incident Update and FAQs
Love
Like
Not for me
Save
Add to your feed
Feeds
Share
Report
Off Topic
Harmful Content
Low Quality
Spam
Misleading
Duplicate
Wrong Language
Block Domain
Actions for The Instructure Canvas Breach (2026): How XSS in a Support Ticket Compromised 275 Million Students
Log in to enable infinite scrolling
Keyboard Shortcuts
Navigation
Next / previous post
j
/
k
Open post
o
or
Enter
Preview post
v
Post Actions
Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s
Recommendations
Add interest / feed
Enter
Not interested
x
Go to
Home
g
h
Interests
g
i
Feeds
g
f
Likes
g
l
History
g
y
Changelog
g
c
Settings
g
s
Discover
g
b
Search
/
Pagination
Next page
n
Previous page
p
General
Show this help
?
Submit feedback
!
Close modal / unfocus
Esc
Press
?
anytime to show this help
Like
Save
Not for me
Report