Release notes, architecture writeups, and post-mortems from the Santh toolchain. 2026-06-04T00:00:00Z https://santh.dev/blog/ https://santh.dev/favicon.svg https://santh.dev/og-default.png Santh https://santh.dev contact@santh.dev © 2024 Corum Collective LLC. MIT licensed. https://santh.dev/blog/securly-chrome-extension/ 2026-06-03T00:00:00Z 2026-06-03T00:00:00Z

CERT/CC VU#595768: seven vulnerabilities in v3.0.7 of the Securly content-filtering Chrome extension used on K-12 Chromebooks - plaintext-HTTP config, hardcoded AES keys, MD5/SHA-1 hashing, weak access control, and an undeclared content script.

Santh https://santh.dev https://santh.dev/blog/keyhog/ 2026-05-28T00:00:00Z 2026-06-04T00:00:00Z

Open-source secret scanner in Rust. SIMD on the CPU, an Aho-Corasick automaton on the GPU, live verification of which leaked keys are still active, and SARIF + JSON + TUI output.

Santh https://santh.dev https://santh.dev/blog/vaultwarden-sso-session-fixation/ 2026-05-19T00:00:00Z 2026-05-19T00:00:00Z

CVE-2026-47158: Vaultwarden's OpenID Connect SSO flow was not bound to the browser that started it, allowing account takeover of any SSO user who completes a login. The flaw, the exploit, and the 1.36.0 fix.

Santh https://santh.dev