| Character allowed after onerror event | InsertScript | 4/2/2024 | XSS | 0 |
| JavaScript separators between function names | InsertScript | 4/2/2024 | JS | 0 |
| HTML-Encoded Attribute Escape | IDKdir | 7/13/2024 | XSS | 0 |
 6  6 | ToUpperCase Improper Character Morphing | IDKdir | 7/13/2024 | JS | 1 |
1143 | Mutated XSS Attributes | IDKdir | 7/13/2024 | XSS | 0 |
| Host | IDKdir | 7/15/2024 | JS | 0 |
| React DOM src | IDKdir | 7/15/2024 | JS | 0 |
29 | Non-standard characters that break JSON.parse() | DreyAnd | 11/15/2024 | JS | 1 |
8 | Characters that expand upon toUpperCase() | DreyAnd | 4/10/2024 | JS | 0 |
1 1 | < removal bypass | Device1306 | 10/9/2024 | HTML | 0 |
2 | Bytes that will normalize ISO-2022-JP | Cillian-Collins | 12/26/2024 | XSS | 1 |
2 | Bytes that will scramble ISO-2022-JP | Cillian-Collins | 12/26/2024 | XSS | 1 |
| JavaScript Scheme starting with https:// | BinaryScary | 6/28/2024 | JS | 4 |
| JavaScript Scheme starting with http | BinaryScary | 7/16/2024 | JS | 1 |
1 | Characters that can break out of an inline style with double quotes | 0xdef1ant | 7/13/2024 | XSS | 0 |
1 | Characters that can break out of an inline style with single quotes | 0xdef1ant | 7/13/2024 | XSS | 0 |
1 | Characters that can break out of an inline style background-image url | 0xdef1ant | 7/13/2024 | XSS | 1 |
25 25 | Characters allowed between variable name and equals sign | 0x999-x | 4/9/2024 | JS | 0 |
4 4 | Characters that can break out of a single line comment | 0x999-x | 4/10/2024 | JS | 0 |
2 | HTML tags that can clobber the credentials part of the URL | 0x999-x | 11/4/2024 | XSS | 1 |
