Posts

2025

403 Help is Forbidden - Web Cache Poisoning in the Wild Aug 11
Continuous Checks are Important - Privilege Escalation in Tandoor Recipes Aug 2
All Your Recipe Are Belong to Us (Part 3/3) - Broken Access Controls Leading to Privilege Escalation and More in Mealie Mar 25
All Your Recipe Are Belong to Us (Part 2/3) - Server-Side Template Injection (RCE), Arbitrary File Read and Unrestricted File Upload (Stored XSS) in Tandoor Recipes Jan 28

2024

All Your Recipe Are Belong to Us (Part 1/3) - Stored XSS, CSRF and Broken Access Control Vulnerabilities in Grocy Nov 27
(External: cyber.wtf) Harvesting the Database - 5 CVEs in TOPqw Webportal Nov 11
(External: hackmanit.de) Template Injection Vulnerabilities – Understand, Detect, Identify Feb 14

2023

Older posts →