This article discusses the CVE-2025-62507 vulnerability in Redis, which allows for remote code execution through a stack buffer overflow triggered by the XACKDEL command. The authors analyze how the vulnerability can be exploited and provide a proof of concept to demonstrate the risk.

A security engagement revealed an HTML to PDF converter API that allowed for local file access and remote code execution due to vulnerabilities in a .NET renderer using an outdated Chromium version. The authors successfully exploited a known vulnerability in Chromium 62, demonstrating the importance of manual penetration testing in uncovering overlooked security issues.