[Application Portal feature (Portal to another space) SandBox Escape RCE] <br /> [Exposing API Sensitive Data via Redux Trick and Manipulating During Rendering] [Vulnerability of XSS attack-based unsafe token theft and elevated authority] <br /> [Iframe plugin XSS vulnerability] <br /> [Picket Static Object XSS Vulnerability] <br /> [CSRF-token bypass CSRF attack using apiCall.] <br /> [[Android][ENG] Forced exploitation of Pro (Use Speech Captions, Host Settings) based on Pro Feature Bypass[High]] <br /> [[Android][ENG] Forced exploitation of HostSettings(Mute,unMute,remove,respwan..) based on Client Owner bypass[High]] <br /> [[Android][ENG] Application Level DOS attack based on Pro Feature(Congregate Around Actor, Respawn)[High]] <br /> [[Android][ENG] Vulnerability of forcibly tampering and deleting contents based on room contents save function / Contents Object Version Null Exception DOS attack[High]] <br /> [[Android][ENG] Exposing 3D face modeling data External stored in Android storage[Low]] <br /> [[Android][ENG] Task Hijacking attack based on unsafe task management.[Medium]]

onthelook GraphQL Injection Code Execution

Exploit progress using Windows GUI binary fuzzing