| Characters allowed before event in attribute name using setAttribute | hackvertor | 8/21/2024 | JS | 0 |
 14 | Active formatting elements | JorianWoltjer | 5/1/2024 | XSS | 0 |
8 | Characters that expand upon toUpperCase() | DreyAnd | 4/10/2024 | JS | 0 |
| Host | IDKdir | 7/15/2024 | JS | 0 |
1 | work | nu11secur1ty | 9/29/2024 | HTML | 0 |
| React DOM src | IDKdir | 7/15/2024 | JS | 0 |
| Characters allowed after * in CSS comments | hackvertor | 3/31/2024 | HTML | 0 |
| Tags that HTML encode it's contents | hackvertor | 7/16/2024 | XSS | 0 |
| Characters not urlencoded when using the shema part of the URL | d0ge | 9/24/2024 | JS | 0 |
| Characters allowed to end a JS string | sqjor | 7/17/2024 | JS | 0 |
| Attribute separators | tr3w | 5/6/2024 | HTML | 0 |
7  7 | Fuzzing weird script behaviour after script text | hackvertor | 7/18/2024 | XSS | 0 |
| Chars allowed before domain | t0xodile | 9/24/2024 | XSS | 0 |
2124 | Chars in href that will not default to full URL | joaxcar | 11/16/2024 | XSS | 0 |
4 | HTML elements that inherit properties which return the full URL | 0x999-x | 11/14/2024 | XSS | 0 |
4 | Characters allowed javascript and colon copy2 | avlidienbrunn | 9/29/2024 | JS | 0 |
2 | char not urlencoded (data) | nu11secur1ty | 9/29/2024 | JS | 0 |
| Characters urlencoded that get transformed when using the credentials part of the URL | hackvertor | 9/24/2024 | JS | 0 |
| Characters allowed in path traversal | joaxcar | 8/26/2024 | JS | 0 |
| Characters allowed as a class separator | hackvertor | 4/13/2024 | XSS | 0 |
