Valentin Lobstein

ʞʞıdɐɔoɥƆ

Security Researcher & Exploit Developer

at VulnCheck

Breaking, building, and documenting. Vulnerability research, exploit development, and offensive security.

75 cves 82 exploits 65 articles

Latest

Unauthenticated RCE in OpenCATS via Installer Config Injection

Unauthenticated remote code execution in OpenCATS through unsanitized input in the installer AJAX endpoint, allowing PHP code injection into config.php.

Read more →

Recent

all →
>_

CVE-2026-26210: ktransformers Unauthenticated RCE via Pickle Deserialization in ZMQ Scheduler

A critical unauthenticated RCE vulnerability in ktransformers' balance_serve backend. A ZMQ ROUTER socket binds to all interfaces and proxies messages to worker threads that deserialize them with pickle.loads() - no authentication, no validation.

CVERCE
>_

CVE-2026-25874: HuggingFace LeRobot Unauthenticated RCE via Pickle Deserialization in gRPC PolicyServer

A critical unauthenticated RCE vulnerability in HuggingFace's LeRobot project (21.5k stars). The gRPC PolicyServer deserializes attacker-controlled data with pickle.loads() in two RPC handlers, allowing instant code execution without authentication.

CVERCE
>_

Microsoft tensorwatch: Local Code Execution via Pickle Deserialization in ZMQ Listener

A local code execution vulnerability in Microsoft's tensorwatch. Calling tw.Watcher() - the first line in every README example - silently creates a ZMQ REP socket on localhost that deserializes incoming messages with pickle.loads(). Any local user on the same machine gets code execution.

CVERCE
>_

Instagram's 'Seen' Is a Lie — And They're About to Charge You for the Proof

Instagram's 'seen' indicator is a separate GraphQL call that any browser extension can block. It's been this way since 2019. Now Meta wants to charge $2/month for it.

PrivacyResearchInstagram
How to Start Contributing to Metasploit: Field Notes from 68 Modules

How to Start Contributing to Metasploit: Field Notes from 68 Modules

68 modules in 2.5 years. Here's what the official docs don't tell you about writing Metasploit modules - from finding targets to surviving code review.

MetasploitTutorialExploit Dev
>_

Your .swp Files Are Telling on You: A Git Forensics Guide

Swap files from Vim and nano can leak usernames, hostnames, and sensitive data in git repos. Even after deletion, the blob stays in git history forever. Here's how to find them and how to actually clean them.

ForensicsTutorial
Rick Astley

NEVER GONNA
GIVE YOU UP

You were warned.