Engineering notes from the trenches.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
8 posts ← reset filters
A critical SQL injection vulnerability in Drupal core's database abstraction API affects all PostgreSQL-backed sites. Here's how it works, how to detect it, and what to do right now.
CVE-2026-6456 exposes a critical privilege escalation in the WordPress Account Switcher plugin through a loose comparison flaw in its REST API. Here's how it works and what to do right now.
TONNET's E-LAN Hybrid Recording System has a critical unauthenticated SQL injection (CVE-2026-9003, CVSS 7.5) that lets anyone dump the database. Here's how it works and what to do if you're stuck with one of these devices.
CVE-2026-24208 exposes a path traversal vulnerability in NVIDIA Triton Inference Server that enables denial of service. Here's how it works, who's affected, and what to do right now.
CVE-2026-47107 exposes a critical sandbox escape path in Windmill's nsjail configuration where /etc is bind-mounted read-write, letting authenticated users overwrite passwd, resolv.conf, and more. Here's how it works and what to do.
A new resource consumption vulnerability (CVE-2026-24215) in NVIDIA Triton Inference Server's DALI backend allows attackers to exhaust GPU memory, leading to denial-of-service. This post details the vulnerability, its impact, and immediate mitigation strategies.
A default empty API client token in phpMyFAQ lets any unauthenticated user create and modify FAQ entries, categories, and questions via the REST API. Here's what happened, why it matters, and how to fix it.
A deep dive into CVE-2025-11954, a CSRF vulnerability in WISECP with a CVSS score of 8. I break down how the attack works mechanically, why this 'old' class of vulnerability keeps showing up, and provide detailed defense strategies with production-ready code examples.