CVEs Published CVE-2026-32230 | +2 CVE in Progress
Organizations 14 (Apple · Meta · NASA · OpenAI · JPMC · Infosys …)
Certs CRTA · ISC² CC · NCPT · OCI Architect
TryHackMe Top 1% | Seven Time League Winner #1
NCL Top 7% National · #1 at Pace
PortSwigger 100+ Labs
| Severity | Target | Finding | ID |
|---|---|---|---|
| 🔴 Critical | React / Next.js | RCE via exposed RSC endpoints on The Economic Times Admin Portal | CVE-2025-55182 |
| 🟡 Medium | Uptime Kuma ★83K | Missing authorization on monitor pings | CVE-2026-32230 |
| ✅ Fixed | Pretix | Log injection via request_id_header |
PR #5920 |
| ✅ Fixed | Pretix OIDC | PKCE values logged to stdout | Responsible Disclosure |
| ✅ Fixed | Metabase ★46K | Sharing bypass exposing datasets | GHSA-j3qp-7mr8-hr55) |
| ⿻ Duplicate | n8n | Authorization bypass (IDOR) | GHSA-vh2p-7mqh-wwhw |
| ⿻ Duplicate | n8n | Authenticated SSRF via workflows/from-url |
GHSA-7rp7-qh7m-h47v |
| 🤝 Credited | Directus | Enumeration oracle via RBAC filter bypass | GHSA-2xcm-7h22-3m66 |
| 🏆 Hall of Fame | JPMorgan Chase | Internal hostnames in prod JS | Synack RD #690 |
Additional disclosures to NASA · OpenAI · Microsoft · Mercedes-Benz · Infosys (CERT-In acknowledged)
🔬 Fuzzing Fang engine's for memory corruption bugs
🔍 Source code auditing high-star open-source projects
⚡ Manual + Multi-LLM workflow
🏆 OSCP | BSCP Prep
🏴 Hands'on Offsec | THM | HTB | Portswigger
