..

Research

CVEs, vulnerability writeups, and tooling.

CVEs

Reported vulnerabilities with published advisories.

CVE Target Class CVSS Advisory
CVE-2026-48105 Arc Enterprise (Basekick Labs) Cluster FSM accepts arbitrary file paths → cluster-wide path-traversal worm primitive Critical GHSA-f85q-mvg8-qf37
CVE-2026-48106 Arc Enterprise (Basekick Labs) Cluster replication accepts unauthenticated MsgReplicateSync → cluster-wide data injection High GHSA-wfgr-8x84-22q7
CVE-2026-47735 Arc (Basekick Labs) Authenticated arbitrary local-file read via DuckDB I/O functions, bypasses RBAC High GHSA-p2j4-c4g6-rpf5
CVE-2026-48050 Arc (Basekick Labs) Unauthenticated pprof endpoints → runtime state leak + CPU-burn DoS Moderate GHSA-j93g-rp6m-j32m
CVE-2026-6959 HashiCorp Nomad / Nomad Enterprise Symlink attack → arbitrary file read/write on client host 6.0 Medium HCSEC-2026-14
CVE-2026-8052 HashiCorp Nomad exec2 task driver Symlink attack → arbitrary file read/write on client host 6.0 Medium HCSEC-2026-13
CVE-2026-27965 Vitess vtbackup OS command injection → RCE 8.4 High GHSA-8g8j-r87h-p36x
CVE-2026-27969 Vitess vtbackup Path traversal → arbitrary file write 9.3 Critical GHSA-r492-hjgh-c9gw
CVE-2025-63701 Advantech TP-3250 printer driver Heap corruption via DocumentPropertiesW 6.8 Medium NVD
Advantech TP-3250 printer driver Heap corruption via monochrome blit (DrvRender) advisory pending

Pending disclosure: DragonflyDB Issues (reported May 2026).

Writeups

Tooling

Bug bounty and recon tooling, built around my bounty workflow.