Security Disclosures

CVE disclosures, bug bounty findings, and responsible disclosure reports.

5

Total Findings

3

Critical/High

2

Medium

3

Rewarded

Severity:criticalhighmediumlowinformational

Pending Disclosures

Findings awaiting vendor approval or coordinated disclosure.

CVE-2025-XXXXXhighPending Disclosure

Authentication Bypass in Web Application

Vendor: Redacted2025Reward: Pending

Discovered an authentication bypass vulnerability allowing unauthorized access to protected resources.

Full writeup pending vendor approval.

CVE-2025-XXXXXmediumPending Disclosure

Stored XSS in Admin Dashboard

Vendor: Redacted2025Reward: Hall of Fame

Identified a stored cross-site scripting vulnerability in the administrative interface.

Full writeup pending vendor approval.

CVE-2025-XXXXXmediumPending Disclosure

Information Disclosure via API Endpoint

Vendor: Redacted2025Reward: None

Found an API endpoint exposing sensitive user information without proper authorization checks.

Full writeup pending vendor approval.

criticalPending Disclosure

IDOR Leading to Account Takeover

Vendor: Redacted2024Reward: $500

Discovered an insecure direct object reference vulnerability that could lead to full account takeover.

Full writeup pending vendor approval.

highPending Disclosure

SQL Injection in Search Functionality

Vendor: Redacted2024Reward: $300

Identified SQL injection vulnerability in the application's search feature.

Full writeup pending vendor approval.

Responsible Disclosure

All vulnerabilities listed here were reported through proper responsible disclosure channels. I work with vendors to ensure issues are patched before public disclosure. If you're a vendor and need to contact me regarding a security issue, please reach out via email.

Interested in my security research or have a bug bounty program?