When Hospitality Software is Too Hospitable (CVE-2026-21966, CVE-2026-21967)

When Hospitality Software is Too Hospitable (CVE-2026-21966, CVE-2026-21967) An XSS Filter Bypass and a Curious SSRF in Oracle Hospitality OPERA 2026-02-13T00:00:00Z https://trebledj.me/posts/oracle-opera-vulns/ research web java pentesting infosec writeup cve Sharing is Caring: Arbitrary Code Execution for Breakfast A CTF challenge exploring binary exploitation in C++, gadget mania, and a new form of deserialization attack. 2025-10-03T00:00:00Z https://trebledj.me/posts/arbitrary-code-execution-for-breakfast/ ctf pwn cpp infosec writeup research Reverse Engineering a Siemens Programmable Logic Controller for Funs and Vulns (CVE-2024-54089, CVE-2024-54090 & CVE-2025-40757) When security by obscurity breaks... 2025-09-12T00:00:00Z https://trebledj.me/posts/reversing-a-siemens-plc-for-funs-and-vulns/ research embedded reverse cryptography cpp pentesting infosec writeup cve Output-Invariant and Time-Based Testing – Practical Techniques for Black-Box Enumeration of LLMs Abusing inherent context and sluggishness in LLMs for stealthy enumeration of prompt injection points. 2025-05-09T00:00:00Z https://trebledj.me/posts/output-invariant-prompt-injection/ infosec ai notes pentesting redteam research writeup 5 Weekend Reads You Missed: BOOMlang v2, Blue Team Strikes Back, ET, CVSS 4.1, and DLLModules Breaking news, awesome stuff happened! 2025-04-01T00:00:00Z https://trebledj.me/posts/boomlang-blue-team-strikes-back-et-cvss-and-dllmodules/ satire infosec programming pentesting programming-languages windows Delay and Interactive Pause in Multi-Threaded Python It's like musical chairs for threads (except no one gets left behind)! 2025-03-10T00:00:00Z https://trebledj.me/posts/delay-and-interactive-pause-in-multithreaded-python/ programming python tutorial infosec pentesting 12 Days of Christmas – Reflections from a Pentester Secure Your Janky Systems, 2024 Edition 2024-12-25T00:00:00Z https://trebledj.me/posts/twelve-days-to-secure-your-systems/ infosec software-engineering reflection web pentesting How to Use PrismJS Plugins with NodeJS and MarkdownIt Improve your storytelling with these dead simple hacks for rendering fancy Prism plugins in Node! 2024-11-03T00:00:00Z https://trebledj.me/posts/prism-plugins-in-node/ programming web js tutorial meta performance Dynamic Views Loading – Abusing Server Side Rendering in Drogon What could go wrong releasing a C++ web server with "live reload" into the wild? 2024-08-18T00:00:00Z https://trebledj.me/posts/abusing-server-side-rendering-in-drogon/ infosec cpp ctf web programming linux notes research writeup Automating Boolean-Based SQL Injection with Python How to be efficiently lazy at finding hidden gems in predictable places – Database Edition 2024-08-10T00:00:00Z https://trebledj.me/posts/automating-boolean-sql-injection-with-python/ infosec sql python web programming project writeup tutorial pentesting