Valentin Lobstein

Chocapikk

Security Engineer & Exploit Developer

Breaking, building, and documenting. Vulnerability research, exploit development, and offensive security engineering at LeakIX.

CV
50 cves 80 exploits 87 plugins 44 articles

Latest

LightLLM: Unauthenticated RCE via Pickle Deserialization in WebSocket Endpoints

CVE-2026-26220: A critical unauthenticated RCE vulnerability in LightLLM's PD disaggregation system. Two WebSocket endpoints deserialize binary frames with pickle.loads() without authentication, and the server explicitly refuses to bind to localhost - it's always network-exposed.

Read more →

Recent

all →
>_

manga-image-translator: Unauthenticated RCE via Pickle Deserialization with Nonce Bypass

A critical unauthenticated RCE vulnerability in manga-image-translator. Two FastAPI endpoints deserialize raw HTTP POST bodies with pickle.loads(), and the nonce-based authentication is bypassed because the default value is an empty string - which is falsy in Python.

CVE-2026-26215RCE
How Internet Scanners Actually Work: The 'Passive' Scanning Myth

How Internet Scanners Actually Work: The 'Passive' Scanning Myth

A deep dive into how internet-wide scanners like Shodan, Censys, and nmap actually identify services. Spoiler: there's nothing passive about it.

EducationTools
From Zero to Shell: Hunting Critical Vulnerabilities in AVideo

From Zero to Shell: Hunting Critical Vulnerabilities in AVideo

A comprehensive security audit of AVideo revealing 10 vulnerabilities including a critical unauthenticated RCE that chains cryptographic weaknesses, predictable salt bruteforce, and an eval() vulnerability to achieve complete server compromise in under 10 seconds.

CVERCE
Streama Path Traversal + SSRF: Chaining Vulnerabilities for Arbitrary File Write

Streama Path Traversal + SSRF: Chaining Vulnerabilities for Arbitrary File Write

A critical vulnerability in Streama allows authenticated users to write arbitrary files through a combination of Server-Side Request Forgery (SSRF) and Path Traversal. This write-up covers the root cause analysis, exploitation flow, and the vendor's comprehensive fix.

CVERCEPath Traversal
>_

Setting Up Giscus: An Ad-Free Alternative to Disqus for Blog Comments

How I set up Giscus for ad-free blog comments using GitHub Discussions, avoiding Disqus due to ads and other concerns.

BlogTutorial
When a Wi-Fi SSID Gives You Root on an MT02 Repeater – Part 2

When a Wi-Fi SSID Gives You Root on an MT02 Repeater – Part 2

Deep dive into bind‐shell deployment, payload experiments, and a new ‘time_conf’ primitive for stealthy, persistent root access without reboot or UI lockup.

IoT
Rick Astley

NEVER GONNA
GIVE YOU UP

You were warned.