| Characters that cause exceptions when URL encoded | hackvertor | 10/3/2024 | JS | 2 |
 4 | Characters allowed javascript and colon copy2 | avlidienbrunn | 9/29/2024 | JS | 0 |
1 | work | nu11secur1ty | 9/29/2024 | HTML | 0 |
1 | HTML vector | nu11secur1ty | 9/29/2024 | HTML | 0 |
141 | char not urlencoded (data+) | nu11secur1ty | 9/29/2024 | JS | 0 |
1 | domain values | nu11secur1ty | 9/29/2024 | JS | 0 |
2 | char not urlencoded (data) | nu11secur1ty | 9/29/2024 | JS | 0 |
| Entities that cause an external URL before @ | hackvertor | 9/25/2024 | XSS | 4 |
| Characters that cause an external URL before @ | hackvertor | 9/25/2024 | JS | 2 |
| Chars allowed before domain | t0xodile | 9/24/2024 | XSS | 0 |
| Characters unencoded characters supported in the hash | hackvertor | 9/24/2024 | JS | 1 |
| Characters not urlencoded when using the shema part of the URL | d0ge | 9/24/2024 | JS | 0 |
| Characters urlencoded that get transformed when using the credentials part of the URL | hackvertor | 9/24/2024 | JS | 0 |
2 | JIS X 0208 bytes that produce ASCII characters | JorianWoltjer | 9/22/2024 | JS | 1 |
| Characters allowed in colon entity | InsertScript | 9/19/2024 | XSS | 0 |
4 | Entities allowed between two forward slashes | InsertScript | 9/19/2024 | XSS | 1 |
5 | Characters allowed between multiple HTML attributes | JorianWoltjer | 9/12/2024 | XSS | 2 |
4 | URL domain dot alternatives | JorianWoltjer | 9/10/2024 | JS | 4 |
1 | Bypass __proto__ string match defense | vitorfhc | 8/29/2024 | JS | 0 |
| Bypasses for __proto__ string match | vitorfhc | 8/29/2024 | JS | 0 |
