christbowel
IT Sicherheit, meine Leidenschaft :)
Offensive Security
Researcher &
Software Security.
Turning attack surfaces into CVEs.
×8// intelligence_feed
Latest Writeups.
wp2shell: anatomy of a pre-auth RCE in WordPress Core
How two one-line oversights chain into code execution on 500 million sites
Read article
CVE-2026-56111: OOB Write - Writing Past the Mesh in Marlin Firmware
How three copies of one G-code command revealed an out-of-bounds write reachable from a single serial line, confirmed on a real STM32 target.
Read article
Dependency-Track: Breaking Tenant Isolation with a Single PUT Request
OWASP Dependency-Track ships a Portfolio ACL feature that promises multi-tenant isolation. Turns out it only blocks reads. A low-privileged user can suppress any vulnerability, rewrite triage decisions, poison audit trails, and inject rogue projects into another team's hierarchy. Here is how.
Read article