Engineering notes from the trenches.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
Reverse-engineering APIs, automation that survives production, security research, and honest takes on the tools I ship with.
3 posts ← reset filters
A critical SQL injection vulnerability in Drupal core's database abstraction API affects all PostgreSQL-backed sites. Here's how it works, how to detect it, and what to do right now.
TONNET's E-LAN Hybrid Recording System has a critical unauthenticated SQL injection (CVE-2026-9003, CVSS 7.5) that lets anyone dump the database. Here's how it works and what to do if you're stuck with one of these devices.
CVE-2026-3985 exposes a high-severity SQL injection in the Creative Mail WordPress plugin via the checkout_uuid parameter, affecting all versions up to 1.6.9. Here's how it works and what to do now.