$ ls ~/blog
CVEs I found, research notes, and things that crashed along the way.
> Jul 12, 2026
A missing restricted-flag let ap_expr file functions run from .htaccess, so a low-trust Apache user could read files with the httpd process's privileges.
[cve][apache][research]