Two container-to-host RCE vulnerabilities in Docker. vllm-metal hardcoded trust_remote_code=True, letting a malicious model execute arbitrary Python on the host. When Docker quietly patched it, we found mlx-lm doing the same thing through an importlib path with no gate at all....

Arbitrary file read in Ollama via tensor digest path traversal. A malicious OCI registry can trick Ollama into exfiltrating any file on the host — including SSH private keys — in three unauthenticated API calls....

SSRF in Ollama’s OCI registry redirect handling. A malicious registry can redirect blob downloads to internal endpoints, bypass hash verification, and exfiltrate full responses via the push API....

SSRF in Docker Model Runner’s OCI authentication flow. A malicious registry can redirect the token exchange to scan internal networks and exfiltrate tokens during a model pull....

Missing authentication in the smART Sketcher 2.0 allows anyone within Bluetooth range to send arbitrary images to a child’s toy without any pairing or authorization....

HTB Season 9. Signed is a Medium Windows Active Directory box involving MSSQL enumeration, Silver Ticket forging, and NTLM reflection via CVE-2025-33073....

Phase 6 of the CMU Binary Bomb. Reversing a linked list sorting algorithm to find the correct node ordering and defuse the final bomb....

Phase 5 of the CMU Binary Bomb. Mapping an array lookup chain to find the input that iterates exactly 15 times and lands on 0xF....

Phase 4 of the CMU Binary Bomb. Using Ghidra to decompile a recursive function and trace the call tree to find the correct input....

Phase 3 of the CMU Binary Bomb. Tracing sscanf format strings and conditional jumps to find the correct two-number input....