PromptPurify is live, a tiny, powerful prompt guardrail.See it →

SL7 Lab

Security advisories from the lab.

40+ CVEs across 28 vendors, 2015 → 2026. Spring AI JSONPath, Erlang/OTP SSH pre-auth, Chrome Mojo IPC sandbox escape. Filed by the same people who would run your engagement.

Trusted by security teams across Fintech, SaaS & Education, Enterprise & Telecom, Security & Critical Infrastructure

Sample reports

We delivered these.

Past customer engagements, redacted and downloadable. Open one to see what an SL7 deliverable looks like.

WEB · WP

Real Media Library, WordPress Plugin

Real Media · Jan 2023PDF

WEB

Kimai Time Tracking, Web Application

Kimai · Jan 2023PDF

WEB · CMS

KeyStoneJS, VAPT

KeyStoneJS · Sept 2017PDF

CMS

Pagekit, VAPT

Pagekit · Jan 2017PDF

CMS · RUBY

Refinery CMS, Pentest Report

Refinery CMS · Feb 2016PDF

Exploit writeups

We weaponised these.

Vendor patches reverse-engineered, POCs derived, published in full. 10 lab posts across Windows kernel, Apache, Spring, Jenkins, and our n8n disclosure.

n8n CVE-2025-68613, RCE Exploitation: A Detailed Guide

WIN · PATCH-DIFF

Windows Telephony Services, 2025 Patch Diffing & Analysis · Part 2

WIN · PATCH-DIFF

Windows Telephony Services, 2025 Patch Diffing & Analysis · Part 1

WIN · PATCH TUE

October 2024-10 Critical Windows CVEs Patch Analysis

Windows TCP/IP, Vulnerability Exploitation Risk Analysis

CVE-2024-39877, Apache Airflow Arbitrary Code Execution

CVE-2024-22263, Spring Cloud Data Flow Arbitrary File Writing

CVE-2023-39143, PaperCut Remote Code Execution Analysis

CVE-2024-23897, Arbitrary File Read in Jenkins

WINRAR · 0-DAY

CVE-2023-38831, WinRAR Zero-Day Vulnerability Analysis

Sample reports

Read what we deliver.

Anonymised pentest reports from real engagements. Same structure as what arrives in your inbox the day an engagement closes.

Application pentest sample report

Anonymised end-to-end webapp engagement report, methodology, severity matrix, reproducers, fix verification.

KeystoneJS, webapp pentest

Open-source CMS pentest. Findings, chained exploit, and remediation guidance.

Kimai, time-tracking webapp

Real engagement against the Kimai open-source platform.

Refinery CMS, Ruby on Rails

Stack-aware webapp testing on a Rails CMS.

Real Media Player, webapp

Webapp pentest report, chains across auth, media handling, and storage paths.

Pagekit CMS, webapp pentest

Open-source CMS pentest. Chained finding from auth to RCE.

Vulnerability index

We disclosed these.

39 CVE and PSV advisories, coordinated with vendors and on NVD. Most recent first.

2026

4 disclosures

CVE-2026-22730Spring AI MariaDB Filter Enables SQL Injection and Access Control BypassSpring AI · Mar 2026 CVE-2026-22729Spring AI JSONPath Injection Enables Access Control BypassSpring AI · Mar 2026 CVE-2026-24291Windows Accessibility Infrastructure Flaw Enables Local Privilege EscalationMicrosoft Windows · Mar 2026 CVE-2026-25049n8n Sandbox Escape via Expression Handling Enables Remote Code Executionn8n · Feb 2026

2025

8 disclosures

CVE-2025-68613n8n Expression Injection Flaw Enables Remote Code Executionn8n · Dec 2025 CVE-2025-55182React Server Components Deserialization Flaw Enables Remote Code ExecutionReact Server Components · Dec 2025 CVE-2025-6019libblockdev Flaw in udisksd Interaction Enables Local Privilege Escalationlibblockdev / udisksd · June 2025 CVE-2025-4318Remote Code Execution in AWS Amplify Studio via Component Injection FlawAWS Amplify Studio · May 2025 CVE-2025-32433Erlang/OTP SSH Pre-Auth Remote Code ExecutionErlang/OTP · Apr 2025 CVE-2025-2783Mojo IPC Sandbox Escape in Chrome Enables Remote Code ExecutionGoogle Chrome · Mar 2025 CVE-2025-25364Command Injection in Speedify VPN Enables macOS Privilege EscalationSpeedify · Feb 2025 CVE-2025-1094Critical SQL Injection in PostgreSQL 14.15PostgreSQL · Feb 2025

2024

1 disclosure

CVE-2024-50379TOCTOU Race Condition in Apache TomcatApache Tomcat · Dec 2024

2023

1 disclosure

CVE-2023-37581Stored XSS in Weblog Setting of Apache RollerApache Roller · Aug 2023

2019

1 disclosure

CVE-2019-13143FB50 Smart Lock Ownership Transfer VulnerabilityFB50 smart lock · Aug 2019

2018

2 disclosures

PSV-2018-0182Denial of Service on NETGEAR Routers and GatewaysNETGEAR · Dec 2019 CVE-2018-11714Authentication Bypass in TP-Link RouterTP-Link Router · Jun 2018

2017

19 disclosures

CVE-2017-16807Stored XSS in Kirby PanelKirby Panel · Nov 2017 CVE-2017-15879Unauthenticated CSV Injection in KeystoneJSKeystoneJS · Oct 2017 CVE-2017-15878Stored XSS in KeystoneJS Contact FormKeystoneJS · Oct 2017 CVE-2017-15284Stored XSS in OctoberCMS 1.0.425OctoberCMS · Oct 2017 CVE-2017-14618XSS in phpMyFAQ ≤ 2.9.8phpMyFAQ · Sept 2017 CVE-2017-14619XSS Arbitrary Web Script Injection in phpMyFAQphpMyFAQ · Sept 2017 CVE-2017-14713Stored XSS in EPESI 1.8.2 (Phonecalls description)EPESI 1.8.2 · Sept 2017 CVE-2017-14714Stored XSS in EPESI 1.8.2 (Phonecalls subject)EPESI 1.8.2 · Sept 2017 CVE-2017-14715Stored XSS in EPESI 1.8.2 (Tasks Alerts Title)EPESI 1.8.2 · Sept 2017 CVE-2017-14716Stored XSS in EPESI 1.8.2 (Tasks Title)EPESI 1.8.2 · Sept 2017 CVE-2017-14717Stored XSS in EPESI 1.8.2 (Tasks Description)EPESI 1.8.2 · Sept 2017 CVE-2017-12853CSRF Admin Password Change in RealTime RouterRealTime Router · Aug 2017 CVE-2017-9426SQL Injection via imageID Parameter in Piwigo FacetagPiwigo Facetag · Jun 2017 CVE-2017-9425XSS in Piwigo Facetag ExtensionPiwigo Facetag · Jun 2017 CVE-2017-9243XSS on Aries QWR-1104 Wireless-N RouterAries QWR-1104 · May 2017 CVE-2017-9101RCE via Phonebook Import in PlaySMS 1.4PlaySMS 1.4 · May 2017 CVE-2017-9100Admin Dashboard Authentication Bypass for D-Link RouterD-Link Router · May 2017 CVE-2017-9080RCE via Unrestricted File Upload in PlaySMS 1.4PlaySMS 1.4 · May 2017 CVE-2017-5594Authentication Bypass in Pagekit CMSPagekit CMS · Feb 2017

2015

3 disclosures

CVE-2015-8814CSRF in Umbraco CMSUmbraco CMS · Mar 2017 CVE-2015-8813SSRF in Umbraco CMS URL ParameterUmbraco CMS · Mar 2017 CVE-2015-2652Unauthenticated File Upload in Oracle E-Business SuiteOracle E-Business Suite · Jul 2015

BugDazz Autonomous

The CVE-finding intuition, productised.

BugDazz hunts the bug classes disclosed above, SQL injection, sandbox escape, deserialisation, IPC abuse, across your code on every deploy. Built by the same researchers who filed those CVEs.

See BugDazz Autonomous