Valentin Lobstein

Chocapikk

Security Engineer & Exploit Developer

Breaking, building, and documenting. Vulnerability research, exploit development, and offensive security engineering at LeakIX.

CV
58 cves 80 exploits 87 plugins 47 articles

Latest

CVE-2025-71243: AI-Assisted Reversal of SPIP Saisies RCE in 30 Minutes

From VulnCheck advisory to working PoC in 30 minutes. Full AI-assisted reversal of CVE-2025-71243, an unauthenticated PHP code injection in SPIP's Saisies plugin affecting versions 5.4.0 through 5.11.0.

Read more →

Recent

all →
>_

MajorDoMo Revisited: What I Missed in 2023

In 2023 I found CVE-2023-50917 in MajorDoMo. In 2026, AI agents found 8 more bugs I completely missed.

CVESecurity Research
Android's AccessibilityService: A Single Toggle to Total Device Control

Android's AccessibilityService: A Single Toggle to Total Device Control

How one API designed for disability access became the foundation of a $145M surveillance industry. A proof-of-concept implant demonstrates the full attack chain: silent permission escalation in 2.4 seconds, contextual keylogging, see-through overlays, network toggle, self-hiding persistence, and an embedded Linux terminal with apt - all from a single accessibility toggle, no root required.

AndroidSecurity ResearchAccessibilityService
>_

LightLLM: Unauthenticated RCE via Pickle Deserialization in WebSocket Endpoints

CVE-2026-26220: A critical unauthenticated RCE vulnerability in LightLLM's PD disaggregation system. Two WebSocket endpoints deserialize binary frames with pickle.loads() without authentication, and the server explicitly refuses to bind to localhost - it's always network-exposed.

CVERCE
>_

manga-image-translator: Unauthenticated RCE via Pickle Deserialization with Nonce Bypass

A critical unauthenticated RCE vulnerability in manga-image-translator. Two FastAPI endpoints deserialize raw HTTP POST bodies with pickle.loads(), and the nonce-based authentication is bypassed because the default value is an empty string - which is falsy in Python.

CVE-2026-26215RCE
How Internet Scanners Actually Work: The 'Passive' Scanning Myth

How Internet Scanners Actually Work: The 'Passive' Scanning Myth

A deep dive into how internet-wide scanners like Shodan, Censys, and nmap actually identify services. Spoiler: there's nothing passive about it.

EducationTools
From Zero to Shell: Hunting Critical Vulnerabilities in AVideo

From Zero to Shell: Hunting Critical Vulnerabilities in AVideo

A comprehensive security audit of AVideo revealing 10 vulnerabilities including a critical unauthenticated RCE that chains cryptographic weaknesses, predictable salt bruteforce, and an eval() vulnerability to achieve complete server compromise in under 10 seconds.

CVERCE
Rick Astley

NEVER GONNA
GIVE YOU UP

You were warned.