The Year of Linux on the Desktop (CVE-2019-14744)
KDE Frameworks (kf5/kdelibs) < 5.61.0 is vulnerable to a command injection vulnerability (CVE-2019-14744) in the KConfig class. This post goes over how I found it along with a brief analysis.
Axway SecureTransport 5.x XML Injection / XXE
Axway SecureTransport versions 5.3 through 5.0 (and potentially others) are vulnerable to an unauthenticated blind XML injection (& XXE) vulnerability.
Fun With Custom URI Schemes
Take a look into how custom URI schemes can be used to leverage underlying vulnerabilities in applications.
A Questionable Journey From XSS to RCE
Electronic Arts' Origin Client suffered from a vulnerability that allowed attackers to leverage remote code execution... all because of a simple content injection issue.