Skip to content

CryptoCat's Blog

CVE Analysis

Initializing search

CryptoCat's Blog

Home
CTF Writeups
CTF Writeups
- Monthly Challenges
  Monthly Challenges
  - YesWeHack
    YesWeHack
    50: Bucket Vault
    49: Secret Manager
    48: RubitMQ
    47: APICrash
    46: Ghost Whisper
    45: Chainfection
    44: Hardware Monitor
    43: CCTV Manager
    42: Hex Color Palette
  - Intigriti
    Intigriti
    02-26: InkDrop
    04-25: HackDonalds
    08-24: SafeNotes
    01-24: Repo Woes
    04-23: We Like To Sell Bricks
  - CryptoCat
    CryptoCat
    11-25: Mother Printers
    10-25: Ultimate Calculator 3000
    12-24: Summar-AI-ze
- 2026
  2026
  - LACTF
    LACTF
    Pwn
    Pwn
    tic-tac-no
    ScrabASM
- 2025
  2025
  - NahamCon (Winter)
    NahamCon (Winter)
    Misc
    Misc
    Hacky Christmas
    Pwn
    Pwn
    VulnBank
    Snorex 2K CCTV
  - PwnSec
    PwnSec
    Rev
    Rev
    Malayo
  - K17
    K17
    Rev
    Rev
    Secure Exam Browser
    Bait and Switch
  - DefCamp
    DefCamp
    Pwn
    Pwn
    Nulle
  - Imaginary (iCTF)
    Imaginary (iCTF)
    Rev
    Rev
    Nimrod
    Comparing
    Weird App
    Stacked
  - HackTheAgent
    HackTheAgent
    AI
    AI
    LLM Hacking (levels 1-5)
  - WHY
    WHY
    Web
    Web
    Shoe Shop
    Planets
    Buster
    Why2025 CTF Time
    Why2025 Planner
    Fancy Login Form
  - N0PS
    N0PS
    Web
    Web
    Press Me If U Can
  - NahamCon
    NahamCon
    Web
    Web
    SNAD
    Infinite Queue
    TMCB
    Method in the Madness
    No Sequel
    Advanced Screening
    My First CTF
    My Second CTF
    My Third CTF
    The Mission
  - Tsuku
    Tsuku
    Web
    Web
    len_len
    Flash
    YAMLwaf
  - CTF@CIT
    CTF@CIT
    Web
    Web
    Breaking Authentication
    Commit & Order: Version Control Unit
    How I Parsed your JSON
    Mr. Chatbot
    Keeping Up with the Credentials
- 2024
  2024
  - Intigriti
    Intigriti
    Warmup
    Warmup
    BabyFlow
    In Plain Sight
    IrrORversible
    Layers
    Rigged Slot Machine 1
    Game
    Game
    Bug Squash 1
    Bug Squash 2
    Rev
    Rev
    Secure Bank
    Web
    Web
    Biocorp
    Cat Club
    Pizza Paradise
    SafeNotes 2.0
    Misc
    Misc
    Quick Recovery
    Triage Bot 2
    Pwn
    Pwn
    Floormat Sale
    Retro2Win
    Rigged Slot Machine 2
    UAP
    Crypto
    Crypto
    Schrodinger's Pad
    Mobile
    Mobile
    Cold Storage
    OSINT
    OSINT
    No Comment
    Trackdown
    Trackdown 2
    Forensics
    Forensics
    CTF Mind Tricks
    Hoarded Flag
    Password Management
  - CSAW
    CSAW
    Web
    Web
    Playing on the Backcourts
    Log Me In
    Lost Pyramid
    BucketWars
  - CyberSpace
    CyberSpace
    Web
    Web
    Feature Unlocked
  - UIU
    UIU
    Web
    Web
    Fare Evasion
    Log Action
  - Wani
    Wani
    Web
    Web
    Bad Worker
    PoW
    One Day One Letter
  - Akasec
    Akasec
    Web
    Web
    Upload
  - HTB Cyber Apocalypse
    HTB Cyber Apocalypse
    Web
    Web
    Flag Command
    TimeKORP
    KORP Terminal
    Labyrinth Linguist
    Locktalk
    SerialFlow
    Testimonial
- 2023
  2023
  - Intigriti
    Intigriti
    Gamepwn
    Gamepwn
    Dark Secrets
    Misc
    Misc
    Triage Bot
    OSINT
    OSINT
    Photographs
    Pwn
    Pwn
    Floormat Store
    Web
    Web
    Bug Report Repo
    My Music
  - Imaginary (iCTF)
    Imaginary (iCTF)
    Web
    Web
    Blank
    IDORiot
    Inspection
    Login
    Perfect Picture
    Roks
  - Google
    Google
    Pwn
    Pwn
    Write-Flag-Where
  - HTB Cyber Apocalypse
    HTB Cyber Apocalypse
    AI
    AI
    Last Hope
    Mysterious Learnings
    Crypto
    Crypto
    Perfect Synchronization
    Pwn
    Pwn
    Getting Started
    Labyrinth
    Pandora's Box
    Void
    Rev
    Rev
    Cave System
    Hunting License
    Needle in a Haystack
    Shattered Tablet
    She Sells Sea Shells
  - Sekai
    Sekai
    Rev
    Rev
    Azusawa's Gacha World
  - Amateurs
    Amateurs
    Web
    Web
    Sanity
    Waiting an Eternity
  - NahamCon
    NahamCon
    Web
    Web
    Hidden Figures
    Marmalade 5
    Obligatory
    Star Wars
    Stickers
  - Angstrom
    Angstrom
    Pwn
    Pwn
    Leek
- 2022
  2022
  - Imaginary (iCTF)
    Imaginary (iCTF)
    Crypto
    Crypto
    ASE
    Pwn
    Pwn
    Links 1
    Links 2
    Links 3
    Open Doors
  - SEETF
    SEETF
    Pwn
    Pwn
    4mats
    Easy Overflow
    Rev
    Rev
    BabyReeee
    Web
    Web
    Super-Secure-Requests-Forwarder
  - HTB Cyber Apocalypse
    HTB Cyber Apocalypse
    Pwn
    Pwn
    Hellbound
  - Angstrom
    Angstrom
    Pwn
    Pwn
    Really Obnoxious Problem
    Wah
    Whats My Name
    Where Am I
    Web
    Web
    Crumbs
    Xtra Salty Sardines
  - NahamCon
    NahamCon
    Pwn
    Pwn
    Baby Steps
    Web
    Web
    Flaskmetal Alchemist
    Hacker Ts
    Two for One
  - Pico
    Pico
    Forensics
    Forensics
    Side Channel
    Pwn
    Pwn
    Buffer Overflow 1
    Buffer Overflow 2
    Buffer Overflow 3
    Flag Leak
    Function Overwrite
    ROPfu
    RPS
    Stack Cache
    Wine
    X-Sixty-What
    Rev
    Rev
    Wizardlike
    Web
    Web
    Noted
  - Space Heroes
    Space Heroes
    Pwn
    Pwn
    Vader
    Web
    Web
    Flag in Space
  - Intigriti
    Intigriti
    Pwn
    Pwn
    Bird
    Cake
    Easy Register
    Search Engine
  - Dice
    Dice
    Pwn
    Pwn
    Interview Opportunity
- 2021
  2021
  - Pico
    Pico
    Pwn
    Pwn
    Unsubscriptions Are Free
  - Crusaders of Rust (COR)
    Crusaders of Rust (COR)
    Crypto
    Crypto
    Fibinary
    Pwn
    Pwn
    Chainblock
  - HTB Cyber Santa
    HTB Cyber Santa
    Crypto
    Crypto
    Meet Me Halfway
    Xmas Spirit
    Pwn
    Pwn
    Minimelfistic
    Mr. Snowy
    Naughty List
    Sleigh
    Rev
    Rev
    Infiltration
    Intercept
  - K3rn3l
    K3rn3l
    Crypto
    Crypto
    Badseed
    Twizzty Buzzinezz
  - HTB x Synack RedTeamFive
    HTB x Synack RedTeamFive
    Misc
    Misc
    Context
    Hotel
    Pwn
    Pwn
    Air Supplies
    Injection Shot
    Library
    Recruitment
    Rev
    Rev
    Knock Knock
    Split
  - KillerQueen
    KillerQueen
    Pwn
    Pwn
    A Kind of Magic
    Tweety Birb
    Zoom2Win
  - HacktivityCon
    HacktivityCon
    Pwn
    Pwn
    Retcheck
    The Library
    Yabo
    Web
    Web
    Availability
  - CSAW
    CSAW
    Pwn
    Pwn
    Alien Math
    Password Checker
    Rev
    Rev
    Checker
  - HackyHolidays
    HackyHolidays
    Crypto
    Crypto
    Cute Invoice
    Mineslazer
    Forensics
    Forensics
    Injection Traffic
    Power Snacks
    Pwn
    Pwn
    Deleted Flag
    Engine Control
    Web
    Web
    Skylark
  - HTB Cyber Apocalypse
    HTB Cyber Apocalypse
    Crypto
    Crypto
    Phasestream
    Misc
    Misc
    Alien Camp
    Build Yourself In
    Pwn
    Pwn
    Controller
    System Drop
    Web
    Web
    Blitzprop
    E-Tree
    Wild Goose Hunt
  - Angstrom
    Angstrom
    Pwn
    Pwn
    Sanity Checks
    Secure Login
    Sticky Stacks
    Tranquil
    Rev
    Rev
    Free Flags
    Jailbreak
    Web
    Web
    Jar
Bug Bounty
Bug Bounty
- 10-25: IDOR Leads to Mass PII Exposure in Healthcare App
Vuln Research
Vuln Research
- CVE Analysis
  CVE Analysis
- Research Projects

Table of contents

2026
2025

CVE Analysis

2026

CVE-2026-20127: Cisco Catalyst SD-WAN Authentication Bypass 🐈
CVE-2026-4609: ProfileGrid Arbitrary Group Joining 🐈
CVE-2026-4608: ProfileGrid rid SQL Injection 🐈
CVE-2026-6127: Elementor REST API Stored XSS 🐈
CVE-2026-3612: Wavlink Command Injection
CVE-2026-20127: Cisco Catalyst SD-WAN Authentication Bypass
CVE-2024-4040: CrushFTP Template Injection

2025

CVE-2025-31344: giflib Heap-based Buffer Overflow
CVE-2025-24813: Tomcat DefaultServlet Partial PUT
CVE-2025-54376: Hoverfly WebSocket Auth Bypass

Bold entries are vulnerabilities I discovered and reported 🐈

May 14, 2026