note

The Trap of Path Spoofing in Python Web Frameworks: An Explanation of BadHost (CVE-2026-48710) and Practical Defenses

I recently read a security report published on BadHost CVE-2026-48710 and felt that it was a highly impactful vulnerability for projects using Starlette or FastAPI, so I have organized my thoughts on ...
GitHub

FlipNova — Full-Stack Micro-SaaS

├── src/ # Frontend (React + TypeScript) │ ├── components/ # Reusable UI components (shadcn/ui based) │ │ ├── ui/ # Button, Badge, Card, Input primitives │ │ ├── SnapshotModal.tsx # Full-detail market ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
LinkedIn

Jakub M.’s Post

FastAPI isn't just a lightweight web framework—it's the backbone for hundreds of LLM and AI projects. Think production-grade APIs integrating with models via LangChain, serving inference endpoints, or ...