Reasoning-First vulnerability research: How I built an AI Agent that found multiples bugs in Open Source project Subtitle: A practical look at building an AI-assisted vulnerability research workflow that reasons through code, traces trust boundaries, and helps discover real security issues responsibly on multiplMay 27, 2026·11 min read
Two Access-Control Failures in SiYuan: Unauthenticated SQL Read and a Read-Only Role That Can Rewrite Server ConfigI. Introduction SiYuan is an open-source, privacy-first personal knowledge management tool. It lets users write in Markdown with block-level references, store everything in a local SQLite block dataMay 19, 2026·6 min read
JSON-Path Traversal Injection in Kysely A Case Study Powered by ClaudeCodeI. Introduction Kysely is an open-source TypeScript SQL query builder. It lets developers build type-safe SQL queries SELECT, INSERT, UPDATE, DELETE, joins, JSON traversal directly in TypeScript, withMay 19, 2026·6 min read
Drag-and-Drop Path Injection Still Allows RCE via Shell Command SubstitutionI. Introduction Tabby is an open-source, highly configurable terminal emulator for Windows, macOS, and Linux. It supports local shells, SSH connections, WSL, serial ports, and telnet all from a singleMay 19, 2026·6 min read
[CVE-2026-34612] AI-Assisted Discovery of SQL Injection Leading to RCE in Kestra v1.3.2I. Introduction Kestra is an open-source tool that helps automate and manage workflows. It allows users to create and run workflows on a schedule or when an event occurs. With Kestra, users can easilyMay 17, 2026·5 min read
Giới thiệu về prompt engineeringGiới thiệu Prompt Engineering là một lĩnh vực khá mới, nhằm phát triển và tối ưu hóa các prompt để áp dụng và xây dựng hiệu quả với cả mô hình ngôn ngữ lớn (LLM) cho nhiều ững dụng và trường hợp sử dụMay 16, 2026·18 min read
Security Risks of "OpenClaw things"With great power comes great responsibilityMar 25, 2026·6 min read
![[CVE-2026-34612] AI-Assisted Discovery of SQL Injection Leading to RCE in Kestra v1.3.2](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fuploads%2Fcovers%2F699fec8cc9015c37f6e5364f%2Fb524a566-1628-4c53-8b67-c2c37a822717.png&w=3840&q=75)
