Posts
CVE-2025-54336: Plesk Obsidian Authentication Bypass Vulnerability
TLDR; I found an authentication bypass in Plesk Obsidian. the admin password check uses PHP’s loose comparison (==) instead of strict (===). if the admin password looks like scientific notation …
CVE-2025-55166: SVG Sanitizer XSS Vulnerability via Context Confusion
I found a context confusion in svg-sanitizer library. it sanitizes SVG for XML context (case-sensitive) but when the SVG is inlined in HTML (case-insensitive), you can bypass the filter. xlink:hReF …
How to Fix Spotify Desktop Scrolling Lag and Performance Issues
TLDR; There is a horrible lag issue with spotify, spotify didn’t fix it yet, so basically I profile the app, detect the bug slowing it down, add some code to force hardware acceleration using …