CVE

TL;DR; I found a bypass for the recently fixed vulnerability, CVE-2024-9956, in Mobile Safari. The original fix blocks FIDO:/ URIs from being navigable. I was able to bypass it with a specifically crafted deep link to the Shortcuts app that leverages the x-cancel and x-error query parameters to open arbitrary URLs when the shortcut isn’t successful. Apple fixed it due to my report on 29 July 2025. CVE-2024-9956 (February 2025) All major mobile browsers were found to be vulnerable, allowing FIDO:/ intents to be triggered by a page....

Summary I discovered a vulnerability in Envoy Gateway, which allowed attackers to manipulate access logs via malicious User-Agent string. By injecting payloads into the User-Agent Header, attackers could overwrite log fields (e.g., spoof IP addresses) or crash observability tools by corrupting log formats. After discovering this CVE-2025-25294, I responsibly disclosed it to the maintainers and also fixed the code via that Commit. Impact In all Envoy Gateway versions prior to 1....