Research & Writing

CVE disclosures, HackTheBox machine writeups, and general blog posts. Filter by category below.

HTB: Principal

pac4j-jwt authentication bypass via CVE-2026-29000, password reuse for foothold, and SSH CA misconfiguration for root.

Jun 3, 2026 8 min read

CVE-2026-24135: Arbitrary File Deletion in Gogs via Wiki Path Traversal

A path traversal vulnerability in Gogs' wiki update function allows authenticated users to delete arbitrary files on the server by manipulating the old_title parameter.

Feb 6, 2026 3 min read