| Entities that convert to greater than in a iframe srcdoc | hackvertor | 8/1/2024 | XSS | 0 |
| HTML tags that force HTML mode inside SVG | hackvertor | 8/2/2024 | XSS | 1 |
| Characters allowed before event in attribute name using setAttribute | hackvertor | 8/21/2024 | JS | 0 |
| Characters allowed after * in CSS comments | hackvertor | 3/31/2024 | HTML | 0 |
| Characters allowed as a class separator | hackvertor | 4/13/2024 | XSS | 0 |
 5  5 | Characters allowed before the tag attribute and equals. | hansmach1ne | 4/30/2024 | HTML | 0 |
2124 | Chars in href that will not default to full URL | joaxcar | 11/16/2024 | XSS | 0 |
| DOM element relationships | joaxcar | 4/10/2024 | XSS | 0 |
| List of HTML elements that convert to arbitrary string | joaxcar | 4/10/2024 | XSS | 0 |
| Characters allowed in path traversal | joaxcar | 8/26/2024 | JS | 0 |
24 | Characters that can be used in eval to write code in between | m-boll | 5/12/2024 | JS | 0 |
| Characters to break out from eval string | m-boll | 5/12/2024 | JS | 0 |
1 | Characters that can be between < and script> | m10x | 11/12/2024 | HTML | 0 |
2 | char not urlencoded (data) | nu11secur1ty | 9/29/2024 | JS | 0 |
1 | domain values | nu11secur1ty | 9/29/2024 | JS | 0 |
141 | char not urlencoded (data+) | nu11secur1ty | 9/29/2024 | JS | 0 |
1 | HTML vector | nu11secur1ty | 9/29/2024 | HTML | 0 |
1 | work | nu11secur1ty | 9/29/2024 | HTML | 0 |
| Characters that close or encapsulate HTML attribute values | ola456 | 11/5/2024 | XSS | 1 |
1 | Characters allowed to break double quotes | p3n7a90n | 6/30/2024 | XSS | 0 |
