The socket.io module was vulnerable to cross-site websocker hijacking attack due to the incorrect parsing of http Origin header.

Invalid UTF-8 characters could trigger cPanel to use the Legacy Login page.

Some people asked me about publishing a comparison between x8 and other major tools for parameter discovery: Arjun and Param Miner, so here it is!