-
[2026-06-01] | Category: Security Research | Reading time: 12 min
A bug bounty program led me into the internals of mathjs 11.8.2. Two property reads in the
FunctionNode and SymbolNode compilers skip the library's own safe-property allow-list, so an
evaluated constructor() expression reaches the JavaScript Function constructor and turns
math.evaluate() into remote code execution. Root cause, the silent 11.9.1 fix, and a reproducible
local proof of concept.
rce
mathjs
sandbox escape
code injection
-
[2026-03-24] | Category: Security Research | Reading time: 15 min
Grafana is the most popular open-source monitoring and observability platform, used by
thousands of organizations to visualize metrics, logs, and traces. During security research
on the Grafana OSS codebase, I identified a full read Server-Side Request Forgery
(SSRF) vulnerability/misconfiguration in the data source proxy.
ssrf
grafana
data source proxy
cloud metadata
misconfiguration
-
[2026-02-04] | Category: Security Research | Reading time: 20 min
GLPI is an open-source IT asset management software used by thousands of organizations worldwide.
I identified a vulnerability chain that allows an authenticated administrator to achieve Remote Code Execution (RCE)
via PHP Object Injection in the progress indicator storage mechanism.
CVE-2026-22248
object injection
insecure desegrialization
rce
glpi