# Latest posts

Weak Middleware + SaaS Demo Page = Unauthenticated ATO

A blogpost about a critical vulnerability resulted from giving third parties the responsibility to secure your products
TwigPlayground - CSCTF 2024

Writeup for a web challenge from CyberSpace CTF
PyCGI - bi0sCTF Writeup

Writeup for a challenge from bi0sCTF
Teach me - SparkCTF Writeup

Writeup for a challenge i wrote for SparkCTF 2022 held locally in Tunisia
DiceCTF@Hope 2022 - Writeup

Writeup for web challenges from diceCTF @Hope 2022

# CVEs

CVE-2026-7817

LFI/SSRF in LLM API configuration endpoints in pgadmin4 <= v9.14
CVE-2026-7815

SQL injection in Maintenance tool option values in pgadmin4 <= v9.14

Feel free to reach out or just to say hi on X 👋

Press Esc or click anywhere to close