~/vulnerabilities$
CVE Discoveries
Security vulnerabilities discovered through responsible disclosure
Server-Side Request Forgery Vulnerability
Discovered a Server-Side Request Forgery vulnerability that allowed unauthenticated attackers to make arbitrary HTTP requests from the server, leading to internal service enumeration and cloud metadata access.
Remote Code Execution Vulnerability
Identified an unsafe deserialization vulnerability in the API gateway's request transformation layer. Crafted payloads could achieve remote code execution on the gateway server.
Authentication Bypass via JWT Vulnerability
Identified a JWT algorithm confusion vulnerability where the application accepted HMAC-signed tokens using the RSA public key, allowing forging valid admin tokens.
Insecure Direct Object Reference
Found an Insecure Direct Object Reference in the user data export functionality. By manipulating the export request ID parameter, an authenticated user could download any other user's exported data.
Cross-Site Scripting Vulnerability
Discovered a stored Cross-Site Scripting vulnerability through SVG file uploads. Malicious SVG files with embedded JavaScript were rendered without sanitization.
Server-Side Request Forgery in Cloud Service
Exploited an SSRF in the PDF generation feature by injecting a crafted URL in the HTML template, allowing access to internal cloud metadata endpoints.