My exploit demo of COPY FAIL (CVE-2026-31431): Proof that containers aren't a universal shield This demonstration reveals how the COPY FAIL exploit (CVE-2026-31431) successfully bypasses Docker isolation by poisoning the shared kernel's Page Cache. This cross-container attack proves that a low-privilege compromise can trigger arbitrary root code execution in a separate container.
Exploiting RCE in Apache Tomcat 10.1.53 (CVE-2026-34486) [+Video PoC] Explore how a fail-open regression in Apache Tomcat Tribes enables critical unauthenticated RCE. Read the step-by-step technical analysis, set up a vulnerable Docker environment, and watch the full Video PoC.
Intentionally vulnerable web application: SQL Injection + RCE + Privilege Escalation A vulnerable web application designed to take you on a classic exploitation journey: from a simple SQL Injection to Remote Code Execution, and finally, full root access.
Practical Exploitation of Server-Side Template Injection (SSTI) in Flask with Jinja2 Server-Side Template Injection (SSTI) is a security vulnerability that occurs when user input is embedded in templates in an unsafe manner, allowing attackers to inject malicious payloads into a template, which is then executed server-side.
![Exploiting RCE in Apache Tomcat 10.1.53 (CVE-2026-34486) [+Video PoC]](/blog/content/images/size/w600/2026/05/rce-apache-tomcat.png)
