Posts
[CVE-2025-41243] Spring Cloud Gateway: complicating evaluation context
Bypassing some restrictions in Spring Cloud Gateway filters to DoS, secrets leak or RCE
VolgaCTF 2025: s3waaas writeup
Writeup for VolgaCTF 2025 A/D service s3waaas, a vulnerable S3 implementation with analytics via ClickHouse
Bypassing Content-Disposition: attachment
Exploring techniques to bypass Content-Disposition: attachment header restrictions.
Apport Lpe
Investigating a local privilege escalation vulnerability in Ubuntu’s Apport crash reporting system.