Home | b4r

Welcome to my blog. I’m a security researcher and CTF player, and this is where I write about reverse engineering, forensics, web exploitation, Linux, and the process behind finding and understanding security issues.

You’ll mostly find write-ups, CVEs, notes, and other things I’ve been learning, breaking, or digging into lately.

a second-order ddns authz bug in nezha

cve-2026-53521 let a stored future ddns profile id turn into another user ddns profile context later in nezha

b b4r
June 10, 2026
3 min read

vulnerability cve web exploitation authorization
another sharp authz bug, this time in quick creation

cve-2026-53634 let authenticated sharp users bypass create authorization through quick creation command endpoints

b b4r
June 10, 2026
2 min read

vulnerability cve web exploitation laravel
an idor in openproject through meeting agenda items

cve-2026-49355 exposed private work package data through the single meeting agenda item api in openproject

b b4r
June 8, 2026
3 min read

vulnerability cve web exploitation idor
two quiet wallos bugs that still became CVEs

cve-2026-50198 and cve-2026-50199 in wallos were both small authenticated trust bugs, but both still crossed user boundaries in ways they should not have

b b4r
June 5, 2026
4 min read

vulnerability cve web exploitation
a neat little cve in filament

cve-2026-48067 came from a scope mismatch in filament AttachAction and AssociateAction

b b4r
May 25, 2026
2 min read

vulnerability cve web exploitation laravel
cross-tenant credential disclosure in itflow

cve-2026-47755 let a low-privileged authenticated user pull another client credentials and totp secrets in itflow

b b4r
May 25, 2026
3 min read

vulnerability cve web exploitation idor

See all posts →

a second-order ddns authz bug in nezha

another sharp authz bug, this time in quick creation

an idor in openproject through meeting agenda items

two quiet wallos bugs that still became CVEs

a neat little cve in filament

cross-tenant credential disclosure in itflow