Vulnerability Research
CVE-2026-34156: VM Sandbox Escape to RCE in NocoBase
Critical VM sandbox escape vulnerability (CVSS 9.9) in NocoBase enabling remote code execution. Full technical analysis, proof of concept, and disclosure timeline.
Articles
Vulnerability Research
Applying Ethical Theories in Responsible Disclosure Program
How utilitarianism, deontology, and virtue ethics guide responsible vulnerability disclosure decisions. A framework for balancing public safety and vendor relationships.
Vulnerability Research
CVE-2025-60507 | Moodle GeniAI plugin v2.3.6: XSS via PDF Upload & Prompt Injection
Chained XSS and prompt injection in Moodle GeniAI plugin v2.3.6 via PDF upload. Demonstrates AI-integrated plugin security risks.
Penetration Testing
CVE-2025-60511: IDOR
Insecure direct object reference in Moodle's OpenAI Chat Block plugin exposing unauthorized access to chat data. Full exploitation walkthrough and CVE details.
Penetration Testing
CVE-2025-60506 | Stored Cross-Site Scripting (XSS) in Moodle PDF Annotator plugin (v1.5 release 9)
Stored XSS in Moodle PDF Annotator plugin v1.5 release 9 through malicious annotation content. Technical analysis and responsible disclosure details.
Vulnerability Research
CVE-2025-57520 – Stored XSS in Decap CMS (<= 3.8.3)
Stored XSS vulnerability in Decap CMS versions up to 3.8.3 allowing script injection through content fields. Includes PoC and remediation steps.