| Characters allowed between HTML attributes | 0x999-x | 4/10/2024 | XSS | 0 |
 8 | Characters that expand upon toUpperCase() | DreyAnd | 4/10/2024 | JS | 0 |
| Break out of CSS strings | hackvertor | 4/4/2024 | HTML | 0 |
1143 | Mutated XSS Attributes | IDKdir | 7/13/2024 | XSS | 0 |
141 | char not urlencoded (data+) | nu11secur1ty | 9/29/2024 | JS | 0 |
5  5 | Characters allowed before CSS selectors | hackvertor | 7/15/2024 | XSS | 0 |
32 | Characters that can precede the javascript protocol copy | rcbarnett | 5/2/2024 | XSS | 0 |
25 | Characters allowed before optional chaining | hackvertor | 5/4/2024 | JS | 0 |
1 | Bypass __proto__ string match defense | vitorfhc | 8/29/2024 | JS | 0 |
| Tags that remove the span or are self closing | hackvertor | 7/16/2024 | XSS | 0 |
| Characters that act as quotes or whitespace | hackvertor | 4/13/2024 | HTML | 0 |
| Tags that cause child tags not to be found in the DOM | hackvertor | 7/18/2024 | HTML | 0 |
| Characters allowed in colon entity | InsertScript | 9/19/2024 | XSS | 0 |
 3 | Characters allowed javascript and colon copy2 copy2 | PinkDraconian | 11/7/2024 | JS | 0 |
| Characters that cause the backslash to be consumed with a big5 charset | hackvertor | 11/1/2024 | XSS | 0 |
1 | HTML vector | nu11secur1ty | 9/29/2024 | HTML | 0 |
| Characters urlencoded that get transformed when using the credentials part of the URL | hackvertor | 9/24/2024 | JS | 0 |
| Bypasses for __proto__ string match | vitorfhc | 8/29/2024 | JS | 0 |
| Characters allowed after * in CSS comments | hackvertor | 3/31/2024 | HTML | 0 |
| Characters allowed as a class separator | hackvertor | 4/13/2024 | XSS | 0 |
