CVEs & Security Advisories
2026 (1)
| N° | CVE | Severity | Target | Description |
|---|---|---|---|---|
| 35 | CVE-2026-1388 | High | GitLab CE/EE | Regular Expression Denial of Service issue in GitLab merge requests - GitLab Patch Release |
2025 (8)
| N° | CVE | Severity | Target | Description |
|---|---|---|---|---|
| 37 | CVE-2025-12576 | Medium | GitLab CE/EE | Denial of Service issue in webhook endpoint - GitLab Patch Release |
| 36 | CVE-2025-13690 | Medium | GitLab CE/EE | Denial of Service issue in webhook custom headers - GitLab Patch Release |
| 34 | CVE-2025-13335 | Medium | GitLab CE/EE | Crafted wiki file may lead to endless server-side redirections - Bleeping Computer |
| 33 | CVE-2025-0673 | High | GitLab CE/EE | An attacker can trigger an infinite redirect loop, leading to a denial of service condition - Patch Release |
| 32 | GHSA-6p2v-wcv8-8j6w | Critical | Caido Plugin | Arbitrary File Read by Copy as a Curl command in Caido Plugin Exploit Generator - advisory |
| 31 | CVE-2025-0549 | Medium | GitLab | Partial Bypass for Device OAuth flow using Cross Window Forgery |
| 30 | CVE-2025-31116 | Medium | MobSF | SSRF on assetlinks_check with DNS Rebinding |
2024 (15)
| N° | CVE | Severity | Target | Description |
|---|---|---|---|---|
| 28 | CVE-2024-13054 | Medium | GitLab EE | Denial of Service Due to Inefficient Processing of Untrusted Input |
| 27 | CVE-2024-12379 | Medium | GitLab EE | Denial of Service due to Unbounded Object Creation via the scopes parameter in a Personal Access Token |
| 26 | CVE-2024-47830 | Critical | Plane | Server side request forgery via /_next/image endpoint |
| 25 | CVE-2024-8124 | High | GitLab | Denial of Service via sending a large glm_source parameter |
| 24 | CVE-2024-45412 | Medium | Yeti Platform | Potential Denial of Service due to the One Million Unicode Characters attack |
| 23 | CVE-2024-35231 | High | Rack::Contrib | Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter |
| 22 | CVE-2024-1211 | Medium | GitLab | Require confirmation before linking JWT identity - GitLab Blog |
| 21 | GHSA-9gw7-hxgx-f6rv | Medium | FAME (Cert SG) | Malicious Long Unicode filenames may cause an Application-level Denial of Service |
| 20 | CVE-2024-32874 | Medium | Frigate | Malicious Long Unicode filenames may cause Multiple Application-level Denial of Service |
| 19 | CVE-2024-0081 | High | NVIDIA NeMo | Unicode use in a user-controlled filename may cause a server-side DoS - Nvidia Acknowledgement |
| 18 | CVE-2024-24759 | Critical | MindsDB | Bypass SSRF Protection with DNS Rebinding |
| 17 | CVE-2024-23826 | Medium | SPbU SE Site | Uploading an image with a specific filename causes a server-side DoS |
| 16 | CVE-2024-23343 | Medium | — | — |
| 15 | CVE-2024-21623 | Critical | OTClient | Arbitrary Expression Injection in GitHub workflow leads to Command execution & leaking secrets |
2023 (10)
| N° | CVE | Severity | Target | Description |
|---|---|---|---|---|
| 14 | CVE-2023-52081 | Low | ffcss | Late-Unicode normalization vulnerability |
| 13 | CVE-2023-41889 | Medium | Shirasagi | Late-Unicode normalization vulnerability |
| 12 | CVE-2023-42183 | Low | LOCKSS | A Post-Unicode Normalization Vulnerability |
| 11 | CVE-2023-39911 | Medium | — | — |
| 10 | GHSA-373w-rj84-pv6x | Low | safeurl-python | Hostname blocklist does not block FQDNs - advisory |
| 9 | CVE-2023-35932 | High | jcvi | Configuration Injection due to unsanitized user input - advisory |
| 8 | CVE-2023-31131 | Medium | Greenplum DB | Arbitrary File Write when Extracting Tarballs using shutil.unpack_archive() |
| 7 | CVE-2023-30620 | High | MindsDB | Arbitrary File Write when Extracting a Remotely retrieved Tarball using Tarfile.extractall() |
| 6 | CVE-2022-23522 | High | MindsDB | Arbitrary File Write when Extracting Tarballs using shutil.unpack_archive() |
| 5 | CVE-2023-25803 / CVE-2023-25802 | High | Roxy-WI | Directory Traversal vulnerability |
| 4 | CVE-2023-25804 | Medium | Roxy-WI | Limited Path Traversal in name parameter |
2022 (3)
| N° | CVE | Severity | Target | Description |
|---|---|---|---|---|
| 3 | CVE-2022-23530 | Low | GuardDog (DataDog) | GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package - advisory |
| 2 | CVE-2022-3607 | Medium | OctoPrint | ZipSlip Symlink variant allows to read any file within OctoPrint Box |
| 1 | CVE-2022-1993 | High | Gogs | Path Traversal vulnerability on the endpoint '/info/refs' - advisory |
In Sum
Security Researcher focused on vulnerability discovery through responsible disclosure and bug bounty programs.
Specializing in Path Traversal, SSRF, Denial of Service (Unicode/ReDoS), Arbitrary File Write, and CI/CD Security.