VPVũ Phúc Thànhinblogs.night-wolf.io·Jun 16 · 10 min readDeleting any file on a Coolify managed server with a single `..`I. Introduction Coolify is an open-source, self-hostable PaaS that lets you deploy apps, databases, and pre-baked services on your own servers — the "Vercel/Heroku/Netlify replacement, but you own the00
VPVũ Phúc Thànhinblogs.night-wolf.io·Jun 16 · 14 min readBypassing Kestra's path-traversal guard with a single backslashI. Introduction Kestra is an open-source event-driven workflow orchestration platform written in Java on top of Micronaut. It lets teams declare "flows" — task graphs that move data, call APIs, run sc00
VPVũ Phúc Thànhinblogs.night-wolf.io·May 29 · 11 min readAnatomy of a GHSA Collaboration: Fixing Filament's MFA Race TogetherI. Introduction Filament is an open-source full-stack UI framework for Laravel built on top of Livewire. It lets developers compose admin panels, forms, tables, infolists, actions, and notifications a00
VPVũ Phúc Thànhinblogs.night-wolf.io·May 19 · 6 min readTwo Access-Control Failures in SiYuan: Unauthenticated SQL Read and a Read-Only Role That Can Rewrite Server ConfigI. Introduction SiYuan is an open-source, privacy-first personal knowledge management tool. It lets users write in Markdown with block-level references, store everything in a local SQLite block data00
VPVũ Phúc Thànhinblogs.night-wolf.io·May 19 · 6 min readJSON-Path Traversal Injection in Kysely A Case Study Powered by ClaudeCodeI. Introduction Kysely is an open-source TypeScript SQL query builder. It lets developers build type-safe SQL queries SELECT, INSERT, UPDATE, DELETE, joins, JSON traversal directly in TypeScript, with00
