Home

Posts

Kanboard CVE-2026-33058 Writeup

Walkthrough of the discovery of an authenticated SQL injection in Kanboard version <= 1.2.50 tracked as CVE-2026-33058

March 18, 2026 · 12 min

Flying Whales in a Pot of Honey

What I’ve been up to in the last few weeks

January 7, 2026 · 2 min

CVE-2025-6004 tl;dr

A tl;dr about account lockout bypass (CVE-2025-6004) in Hashicorp Vault

August 17, 2025 · 3 min

Go Report [a vulnerability] Card

While publishing oauth-labs I stumbled upon a vulnerability in goreportcard

December 7, 2024 · 16 min

ghmlwr: Malware on GitHub (retired)

New pet project ghmlwr

September 1, 2024 · 2 min

Atlassian Research and Work

Atlassian Research and a short status update

August 28, 2024 · 2 min

RFC5322, your XSS companion

Why RFC5322 email validation might lead to XSS vulnerabilities

April 1, 2024 · 2 min

Parcel Tracking, I can haz PII plz?

This is a short one about a not-so-fun parcel tracking service that I came across after completing the check-out of my cat food order for my furry overlords

March 8, 2024 · 4 min

Uncooperative Businesses

A short personal opinon piece about uncooperative businesses.

February 15, 2024 · 3 min

AirTies Air4930 - Feature...?

A not-so-fun little feature of AirTies Air 4930.

February 10, 2024 · 1 min