AI-Powered Vulnerability Hunting in WordPress Plugins/Themes<7 days spare time 100 plugins scanned 524 candidate findings 16 confirmed vulns 5 scanner patches This is not a vulnerability disclosure. It's a methodology. I want to share how to build an AI pipMay 26, 2026·17 min read
Two Access-Control Failures in SiYuan: Unauthenticated SQL Read and a Read-Only Role That Can Rewrite Server ConfigMay 19, 2026·6 min read
JSON-Path Traversal Injection in Kysely A Case Study Powered by ClaudeCodeI. Introduction Kysely is an open-source TypeScript SQL query builder. It lets developers build type-safe SQL queries SELECT, INSERT, UPDATE, DELETE, joins, JSON traversal directly in TypeScript, withMay 19, 2026·6 min read
Drag-and-Drop Path Injection Still Allows RCE via Shell Command SubstitutionI. Introduction Tabby is an open-source, highly configurable terminal emulator for Windows, macOS, and Linux. It supports local shells, SSH connections, WSL, serial ports, and telnet all from a singleMay 19, 2026·6 min read
[CVE-2026-34612] AI-Assisted Discovery of SQL Injection Leading to RCE in Kestra v1.3.2I. Introduction Kestra is an open-source tool that helps automate and manage workflows. It allows users to create and run workflows on a schedule or when an event occurs. With Kestra, users can easilyMay 17, 2026·5 min read
Giới thiệu về prompt engineeringGiới thiệu Prompt Engineering là một lĩnh vực khá mới, nhằm phát triển và tối ưu hóa các prompt để áp dụng và xây dựng hiệu quả với cả mô hình ngôn ngữ lớn (LLM) cho nhiều ững dụng và trường hợp sử dụMay 16, 2026·18 min read
Security Risks of "OpenClaw things"With great power comes great responsibilityMar 25, 2026·6 min read
Liên khúc CVE của GPLI version 10.0.17I. CVE-2025-24799 Tổng quan CVE-2025-24799 là lỗ hổng SQL Injection trước xác thực (Pre-auth SQLi) trong GLPI (phiên bản ≤ 10.0.17), nằm trong tính năng “Inventory”. Lỗi xuất phát từ việc xử lý saiFeb 27, 2026·9 min read
![[CVE-2026-34612] AI-Assisted Discovery of SQL Injection Leading to RCE in Kestra v1.3.2](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fuploads%2Fcovers%2F699fec8cc9015c37f6e5364f%2Fb524a566-1628-4c53-8b67-c2c37a822717.png&w=3840&q=75)
