GitBlit 0day: Client Side Template Injection Leading to XSS Without HTML
February 25, 2026
A timeline breaking down the responsible disclosure process from finding to disclosure of a CSTI in GitBlit.
Read More →Posts ~ warp
Posts
Supabase Shenanigans
February 20, 2026
Supabase is quite permissive by default, by not implementing Row-Level Security, you could be exposing PII of thousands of users.
Read More →SQL Injection in University
November 18, 2025
An SQL Injection Attack found on a European university.
Read More →From Shortcodes to Sensitive Data: Exploiting CVE-2024-13346 and Beyond
April 17, 2025
Exploiting unauthenticated shortcode execution in WordPress Avada theme to chain vulnerabilities, exposing PII, triggering callbacks, and achieving XSS.
Read More →