Security-Research

Unauthenticated SSRF in RustDesk Lets Anyone Port-Scan Your Internal Network
Unauthenticated SSRF in …

Background

RustDesk is an open-source remote desktop tool written in Rust. It is basically the self-hosted alternative to TeamViewer or AnyDesk, and it has gotten pretty popular because you can run your own relay and rendezvous server. That self-hosted server model is actually the interesting part …

March 6, 2026 Read
Open Redirect in Prowlarr Login Lets Attackers Redirect Users After Authentication
Open Redirect in Prowlarr …

Background

Prowlarr is an open-source indexer manager for the *arr ecosystem (Radarr, Sonarr, Lidarr, etc.). It acts as a centralized proxy for torrent and Usenet indexers, so a typical homelab setup has it sitting alongside a media server stack with direct access to download clients and a lot of …

March 5, 2026 Read
Finding an Authentication Bypass and Credential Disclosure in Seerr Using Claude and Bitwarden's AI Security Plugins
Finding an Authentication …

Background

I’ve been running Seerr at home for a while now. It’s a self-hosted media request manager, forked from Jellyseerr/Overseerr, and it’s the kind of app that gets exposed to the internet pretty regularly since family members need to be able to submit requests. That always …

February 27, 2026 Read