Two Access-Control Failures in SiYuan: Unauthenticated SQL Read and a Read-Only Role That Can Rewrite Server ConfigI. Introduction SiYuan is an open-source, privacy-first personal knowledge management tool. It lets users write in Markdown with block-level references, store everything in a local SQLite block dataMay 19, 2026·6 min read
[CVE-2026-34612] AI-Assisted Discovery of SQL Injection Leading to RCE in Kestra v1.3.2May 17, 2026·5 min read
Security Risks of "OpenClaw things"With great power comes great responsibilityMar 25, 2026·6 min read
Liên khúc CVE của GPLI version 10.0.17I. CVE-2025-24799 Tổng quan CVE-2025-24799 là lỗ hổng SQL Injection trước xác thực (Pre-auth SQLi) trong GLPI (phiên bản ≤ 10.0.17), nằm trong tính năng “Inventory”. Lỗi xuất phát từ việc xử lý saiFeb 27, 2026·9 min read
Lỗ hổng XXE trong thư viện Dcm4che: Thư viện xử lý DICOM trong lĩnh vực y tếBài viết sẽ trình bày cách mà mình tìm ra lỗi, nguyên nhân, kĩ thuật khai thác cũng như cách khắc phục lỗi XXE trong thư viện này.Oct 1, 2025·7 min read
[ZVE-2025-3566] Stored XSS to RCE in Manage Engine OpManagerIn this article, I share my experience discovering a stored XSS vulnerability in Manage Engine OpManager and the creative approach taken to escalate its severity to achieve remote code execution (RCE). The vulnerability stems from inconsistencies in ...Jul 30, 2025·3 min read
Two RCE Design Flaws in ManageEngine Exchange Reporter Plus 5721ManageEngine Exchange Reporter Plus is a web-based tool for managing and monitoring Exchange Server and Exchange Online environments. It offers over 450 built-in reports on mailboxes, email traffic, user activity, and permissions. The tool supports r...Jul 30, 2025·5 min read
Abusing Content Delivery Networks (CDNs): Phishing, Malware, and EvasionContent Delivery Networks (CDNs) like jsDelivr, Webflow CDN, CloudFront, and Google APIs are trusted internet infrastructure – and attackers are abusing that trust. By hosting malicious pages and payloads on CDN domains, adversaries exploit the domai...May 24, 2025·15 min read
![[CVE-2026-34612] AI-Assisted Discovery of SQL Injection Leading to RCE in Kestra v1.3.2](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fuploads%2Fcovers%2F699fec8cc9015c37f6e5364f%2Fb524a566-1628-4c53-8b67-c2c37a822717.png&w=3840&q=75)
![[ZVE-2025-3566] Stored XSS to RCE in Manage Engine OpManager](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1753930975579%2Fb835c2ae-2b5b-425e-9210-09bb506d46c1.png&w=3840&q=75)
