Replican't: When Deserialization Starts Writing Your Script
replicator is an npm package for advanced JavaScript serialization and deserialization. It extends regular JSON behavior and lets applications encode and restore values that plain JSON does not preserve cleanly, such as richer object types.
Research
Deep dives into real-world security research, IoT hacking, and attack chain analysis.
Securing the Core, Ignoring the Door: The Repo Trust Trap
From Gate Opener to Full Control: Hacking a Smart Parking Device
Security Advisories
Vulnerability research, CVE writeups, and responsible disclosures.
Replican't: When Deserialization Starts Writing Your Script
replicator is an npm package for advanced JavaScript serialization and deserialization. It extends regular JSON behavior and lets applications encode and restore...
LiquidOverflow — How a Template Engine Exposed 86,000 Repositories to Arbitrary File Read
i0Regret: Breaking the Chain — How a Missing Slash Led to Arbitrary Code Execution
CVE-2025-46389: Emby MediaBrowser - Unverified Password Change
CVE-2025-46388: Emby MediaBrowser - IDOR Exposing User Configurations and Pin Codes
CVE-2025-46390: Emby MediaBrowser - User Enumeration via Registration Response Discrepancy
CVE-2025-46391: Emby MediaBrowser - Session Token Exposed in URL
CVE-2025-46387: Emby MediaBrowser - Privilege Escalation to Admin via Response Manipulation
CVE-2025-46386: Emby MediaBrowser - Account Takeover via IDOR Pin Code Exposure
CVE-2025-23182: UBtech Freepass - User Enumeration via Password Reset
CVE-2025-23183: UBtech Freepass - Open Redirect via Referer Header Manipulation
CVE-2024-47921: From a Printing System to Domain Admin - Weak Crypto in Smadar SPS
Supply chains often serve as the weakest link in advanced cyberattacks. During a security assessment for a client, we discovered how a...
CVE-2024-47917: Mobotix CCTV - Cross-Site Scripting (XSS)
Mobotix is a manufacturer of IP-based CCTV and surveillance camera systems widely deployed in enterprise and government environments. The web-based management interface...
CVE-2024-45253: Avigilon VideoIQ - Path Traversal via GET Request
Avigilon VideoIQ iCVR HD is an IP-based surveillance camera used in enterprise and commercial security deployments. The camera exposes a web interface...
CVE-2024-45247: Sonarr - Open Redirect via returnUrl Parameter
Sonarr is a popular open-source PVR (Personal Video Recorder) application used to automate downloading and managing TV series. It is widely deployed...
CVE-2024-45251 & CVE-2024-45252: Elsight Halo - They Fixed It. We Broke It Again.
Back in 2022, we found a critical RCE on the Elsight Halo drone communication chipset (CVE-2022-36784). The vendor patched it. We came...
CVE-2024-42343: Loway QueueMetrics - User Enumeration via Login Response Discrepancy
Loway QueueMetrics is a call center monitoring and reporting platform used to track agent performance, queue statistics, and call analytics. It is...
CVE-2024-42341: Loway QueueMetrics - Open Redirect via AUTH_url Parameter
Loway QueueMetrics is a call center monitoring and reporting platform used to track agent performance, queue statistics, and call analytics. It is...
CVE-2024-42342: Loway QueueMetrics - Host Header Override via HTTP Request Smuggling
Loway QueueMetrics is a call center monitoring and reporting platform used to track agent performance, queue statistics, and call analytics. It is...
CVE-2024-42338: CyberArk Identity - Full User List Exposure via Search Filter Bypass
CyberArk Identity is an enterprise identity and access management platform used by organizations to secure user authentication, single sign-on, and privileged access...
CVE-2024-42340: CyberArk Identity - Privilege Escalation via Client-Side Response Manipulation
CyberArk Identity is an enterprise identity and access management platform used by organizations to secure user authentication, single sign-on, and privileged access...
CVE-2024-42339: CyberArk Identity - IDOR Exposing Other Users' Rules and Configurations
CyberArk Identity is an enterprise identity and access management platform used by organizations to secure user authentication, single sign-on, and privileged access...
CVE-2024-42337: CyberArk Identity - Exposure of Complete Client List to Any User
CyberArk Identity is an enterprise identity and access management platform used by organizations to secure user authentication, single sign-on, and privileged access...
CVE-2024-41694: Cybonet PineApp Mail Relay - Exposure of Complete User List
PineApp Mail Relay by Cybonet is an email security gateway used by organizations to filter, relay, and manage email traffic. It provides...
CVE-2024-41695: Cybonet PineApp Mail Relay - Unauthenticated Local File Inclusion via Base64 Encoded Path
PineApp Mail Relay by Cybonet is an email security gateway used by organizations to filter, relay, and manage email traffic. It provides...
CVE-2023-42495: Dasan Networks W-Web - Command Injection via Login Username Field
Dasan Networks W-Web is a web-based management interface used to configure and manage Dasan network devices. Versions 1.22 through 1.27 are affected...
CVE-2023-37217: Tadiran Telecom Aeonix - User Enumeration via Account Lockout Behavior
Tadiran Telecom Aeonix is a unified communications platform used by enterprises for VoIP, call management, and telephony services. It is widely deployed...
CVE-2023-37218: Tadiran Telecom Aeonix - Local File Inclusion via fileName Parameter
Tadiran Telecom Aeonix is a unified communications platform used by enterprises for VoIP, call management, and telephony services. It is widely deployed...
CVE-2023-31186: Avaya IX Workforce Engagement - User Enumeration via Registration
Avaya IX Workforce Engagement is an enterprise workforce management platform used for call recording, quality management, and agent performance analytics in contact...
CVE-2023-32218: Avaya IX Workforce Engagement - Open Redirect via rd Parameter
Avaya IX Workforce Engagement is an enterprise workforce management platform used for call recording, quality management, and agent performance analytics in contact...
CVE-2023-31187: Avaya IX Workforce Engagement - Credentials Exposed in Developer Tools
Avaya IX Workforce Engagement is an enterprise workforce management platform used for call recording, quality management, and agent performance analytics in contact...
CVE-2023-23458: Sunell DVR - Full Credential Exposure Leading to Account Takeover
Sunell is a manufacturer of surveillance and security equipment including DVR (Digital Video Recorder) systems used for CCTV recording and playback in...
CVE-2023-23466: Media CP Control Panel - Unverified Password Change
Media CP is a web-based media hosting control panel used to manage streaming services, media servers, and user accounts.
CVE-2023-23467: Media CP Control Panel - Reflected XSS in Multiple Parameters
Media CP is a web-based media hosting control panel used to manage streaming services, media servers, and user accounts.
CVE-2023-23464: Media CP Control Panel - Flash Cross-Domain Policy Misconfiguration
Media CP is a web-based media hosting control panel used to manage streaming services, media servers, and user accounts.
CVE-2023-23465: Media CP Control Panel - Cross-Site Request Forgery (CSRF)
Media CP is a web-based media hosting control panel used to manage streaming services, media servers, and user accounts.
CVE-2022-39181: GLPI Reports Plugin - Reflected Cross-Site Scripting (XSS)
GLPI is an open-source IT asset management and helpdesk platform used by enterprises to manage IT infrastructure, track assets, and handle support...
CVE-2022-36787: WebVendome - SQL Injection via DocNumber Parameter
WebVendome is a web-based document management and business process platform.
CVE-2022-39178: WebVendome - Internal Server IP Disclosure
WebVendome is a web-based document management and business process platform.
Grounded by Default — How Default Credentials Gave Us Root on Military Drone Comms
CVE-2022-36778: Synel eHarmony - Blind Stored XSS via Document Comments
Synel eHarmony is a workforce management and time attendance platform used by organizations to manage employee records, documents, and HR processes.
CVE-2022-23169: Amodat Mobile Application Gateway - Error-Based SQL Injection
Amodat Mobile Application Gateway (MAG) is a mobile workforce management platform used by organizations to manage field operations, employee tasks, and mobile...
CVE-2022-23168: Amodat Mobile Application Gateway - SQL Injection Authentication Bypass
Amodat Mobile Application Gateway (MAG) is a mobile workforce management platform used by organizations to manage field operations, employee tasks, and mobile...
CVE-2022-23167: Amodat Mobile Application Gateway - Local File Inclusion
Amodat Mobile Application Gateway (MAG) is a mobile workforce management platform used by organizations to manage field operations, employee tasks, and mobile...
CVE-2022-22797: SysAid - Open Redirect via redirectURL Parameter
SysAid is a widely used IT service management (ITSM) platform that provides helpdesk, asset management, and IT automation capabilities for organizations.
CVE-2022-22796: SysAid - Unauthenticated Account Takeover via Setup Wizard Abuse
SysAid is a widely used IT service management (ITSM) platform that provides helpdesk, asset management, and IT automation capabilities for organizations.
CVE-2022-22791: Synel eHarmony - Blind Stored XSS via Nickname Field
Synel eHarmony is a workforce management and time attendance platform used by organizations to manage employee records, scheduling, and HR processes.
CVE-2021-36720: Cybonet PineApp Mail Secure - Reflected XSS via url Parameter
PineApp Mail Secure by Cybonet is an email security gateway used by organizations to filter, relay, and manage email traffic.