Technical Analysis of the Top BlueHat Prize Submissions
Technical Analysis of the Top BlueHat Prize Submissions
Now that we have announced the winners of the first BlueHat Prize competition, we wanted to provide some technical details on the top entries and explain how we evaluated their submissions. Speaking on behalf of the judges, it was great to see people thinking creatively about defensive solutions to important security problems!Son Yazılar
- Lexmark printer using China Mobile DNS server querying for what appears to be VoIP address
- CVE-2025-0429 | AI Power Plugin up to 1.8.96 on WordPress wpaicg_export_ai_forms code injection
- CVE-2024-12117 | Stackable Plugin up to 3.13.11 on WordPress Gutenberg Block cross site scripting
- CVE-2024-13361 | AI Power Plugin up to 1.8.96 on WordPress Shortcode authorization
- CVE-2024-13319 | Themify Builder Plugin up to 7.6.5 on WordPress cross site scripting
- CVE-2024-13360 | AI Power Plugin up to 1.8.96 on WordPress server-side request forgery
- CVE-2024-13406 | XML for Google Merchant Center Plugin up to 3.0.11 on WordPress cross site scripting
- CVE-2025-0428 | AI Power Plugin up to 1.8.96 on WordPress wpaicg_export_prompts code injection
- CVE-2025-23195 | Apache Ambari up to 2.7.8 DocumentBuilderFactory xml external entity reference
- CVE-2024-51941 | Apache Ambari up to 2.7.8 Ambari Metrics/AMS Alerts special elements into a different plane (special element injection)