Exercises
| Exercise | Avg. Time | Difficulty | Solved by | Tier | |
|---|---|---|---|---|---|
|
CVE-2026-XX953
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. |  |
55 | PRO |
|
|
CVE-2026-XX230
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
45 | PRO |
|
|
CVE-2026-XX928
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
37 | PRO |
|
|
CVE-2026-XX977
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
47 | PRO |
|
|
CVE-2026-XX762
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
45 | PRO |
|
|
CVE-2026-XX790
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
46 | PRO |
|
|
CVE-2026-XX130
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
54 | PRO |
|
|
CVE-2023-51XX9
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
51 | PRO |
|
JWT: Refresh Token Bypass
This exercise covers bypassing JWT refresh token validation to maintain unauthorized access.
|
< 1 Hr. |  |
40 | PRO |
|
|
CVE-2026-21XX3
This challenge covers the review of a CVE in a Python codebase and its patch
|
< 1 Hr. | |
46 | PRO |
|
|
CVE-2026-2413X
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
48 | PRO |
|
|
CVE-2023-3X829
This challenge covers the review of a CVE in a Python codebase and its patch
|
-- | |
62 | PRO |
|
|
CVE-2025-X23XX
This challenge covers the review of a CVE in a javascript codebase and its patch
|
-- | |
63 | PRO |
|
|
CVE-2024-X170X
This challenge covers the review of a CVE in a JavaScript codebase and its patch
|
-- | |
76 | PRO |
|
|
CVE-2025-X9X28
This challenge covers the review of a CVE in a typescript codebase and its patch
|
-- | |
62 | PRO |
|
|
CVE-2025-XX662
This challenge covers the review of a CVE in a python codebase and its patch
|
-- | |
65 | PRO |
|
|
CVE-2025-XX953
This challenge covers the review of a CVE in a typescript codebase and its patch
|
-- | |
75 | PRO |
|
|
CVE-2025-625X8
This challenge covers the review of a CVE in a javascript codebase and its patch
|
-- | |
81 | PRO |
|
|
CVE-2026-XX951
This challenge covers the review of a CVE in a javascript codebase and its patch
|
-- | |
72 | PRO |
|
|
CVE-2026-XX871
This challenge covers the review of a CVE in a python codebase and its patch
|
-- | |
66 | PRO |
|
|
CVE-2026-X189X
This challenge covers the review of a CVE in a python codebase and its patch
|
< 1 Hr. | |
67 | PRO |
|
|
JWT: Signature Leak
This exercise covers exploiting a JWT signature leak to forge authentication tokens.
|
< 1 Hr. | |
49 | PRO |
|
CVE-2026-24895: FrankenPHP Path Confusion RCE using Unicode | < 1 Hr. | |
15 | PRO |
|
|
JWT: Invalid Algorithm
This exercise covers exploiting JWT algorithm validation flaws to bypass signature verification.
|
< 1 Hr. | |
48 | PRO |
|
|
CVE-2026-XX050
This challenge covers the review of a CVE in a typescript codebase and its patch
|
-- | |
70 | PRO |
|
|
CVE-2026-XX888
This challenge covers the review of a CVE in a typescript codebase and its patch
|
-- | |
82 | PRO |
|
|
CVE-2025-XX864
This challenge covers the review of a CVE in a typescript codebase and its patch
|
< 1 Hr. | |
84 | PRO |
|
|
CVE-2021-X27X0
This challenge covers the review of a CVE in a JavaScript codebase and its patch
|
-- | |
87 | PRO |
|
|
CVE-2021-437XX
This challenge covers the review of a CVE in a JavaScript codebase and its patch
|
-- | |
102 | PRO |
|
|
CVE-2020-XX079
This challenge covers the review of a CVE in a javascript codebase and its patch
|
< 1 Hr. | |
122 | PRO |
Showing 31–60 of 734 exercises
Free Labs of the Month
