Background

Tautulli is a Python/CherryPy web application that sits alongside your Plex Media Server and gives you statistics, notifications, and monitoring for everything happening on your server. It is one of the most popular self-hosted Plex companion apps, and a lot of people run it exposed on …

Background

I’ve been working through Vercel’s bug bounty program, which explicitly calls out server-side rendering and compiler security as focus areas. Svelte is a Tier 1 target in that program, and since Svelte 5 introduced a significant rework of how components are compiled and …

I’m a customer of Hover for my domain name needs. However, that will be changing because I don’t believe that they take issues seriously.

The first security issue

I was browsing their site, looking for a new domain, and being the constant tinkerer I am, I entered a single quote into the …