Cc0wkinginblogs.night-wolf.io·Jun 8 · 7 min read[CVE-2026-48731] AI-Assisted Discovery of Command Injection in Warp TerminalDisclosure status: Reported to vendor and coordinated through a private fix path. I. Introduction Warp is an agentic development environment, born out of the terminal. Use Warp's built-in coding agent10
Cc0wkinginblogs.night-wolf.io·May 17 · 5 min read[CVE-2026-34612] AI-Assisted Discovery of SQL Injection Leading to RCE in Kestra v1.3.2I. Introduction Kestra is an open-source tool that helps automate and manage workflows. It allows users to create and run workflows on a schedule or when an event occurs. With Kestra, users can easily30
Cc0wkinginc0wking.hashnode.dev·Apr 3 · 1 min readStored-XSS in ERPNext (Frappe) Email Template EngineI. Description The Email Template engine is vulnerable to Cross-Site Scripting (XSS).An attacker with permission to create or edit email templates can inject malicious javascript code that are execute00
Cc0wkinginc0wking.hashnode.dev·Apr 3 · 1 min readSSTI in ERPNext (Frappe) Email Template EngineI. Description The Email Template engine is vulnerable to Server-Side Template Injection (SSTI).An attacker with permission to create or edit email templates can inject template expressions that are e00
