Blog

Kira Found a CVSS 10.0 Full Compromise in Hoppscotch: Four Weaknesses. One Exploit.

One unauthenticated HTTP request. No login, no token, no credentials. Four independent weaknesses spread across the codebase, none dangerous alone, catastrophic together.