More Scope Injection for Fun and Profit (or, why those security updates broke your functions) Hoya Haxa: A Security Research Blog

More Scope Injection for Fun and Profit (or, why those security updates broke your functions) - www.hoyahaxa.com/2026/01/more...

Dead Ends, Red Herrings, and Failures In Our Time Hoya Haxa: A Security Research Blog

Dead Ends, Red Herrings, and Failures In Our Time

www.hoyahaxa.com/2026/01/dead...

RCE via ColdFusion ARchive (CAR) Deployment: One Example of an Authenticated Attack Path in CFAdmin (CVE-2025-61808)

www.hoyahaxa.com/2026/01/rce-...

Digging Through Six Old Sandbox Escapes in ColdFusion (ca. 2001 through 2012) Hoya Haxa: A Security Research Blog

New Blog Post - Digging Through Six Old Sandbox Escapes in ColdFusion (ca. 2001 through 2012)

www.hoyahaxa.com/2025/12/digg...

I'll be speaking at @districtcon.bsky.social in January 2026. Come find out about some new language-level vulnerabilities in Adobe ColdFusion. Looks like a great selection of talks!

Sandbox Security Escapes in ColdFusion and Lucee (CVE-2025-30288 and CVE-2024-55354) Hoya Haxa: A Security Research Blog

New Blog Post: Sandbox Security Escapes in ColdFusion and Lucee (CVE-2025-30288 and CVE-2024-55354)

www.hoyahaxa.com/2025/06/sand...

CFCamp 2025 Slides - Understanding CFML Vulnerabilities, Exploits, and Attack Paths Hoya Haxa: A Security Research Blog

The slides from my CFCamp 2025 (@cfcamp) talk are now online -- Understanding CFML Vulnerabilities, Exploits, and Attack Paths

www.hoyahaxa.com/2025/06/cfca...

An SSRF to LFI Payload for PDF Generators (CVE-2024-34112 and beyond) Hoya Haxa: A Security Research Blog

New Blog Post: An SSRF to LFI Payload for PDF Generators (CVE-2024-34112 and beyond)

www.hoyahaxa.com/2025/01/an-s...

An Initial Analysis of Adobe ColdFusion CVE-2024-53961 Hoya Haxa: A Security Research Blog

New Blog Post: An Initial Analysis of Adobe ColdFusion CVE-2024-53961 - www.hoyahaxa.com/2024/12/an-i...

hello world.