CVE Disclosures
Vulnerabilities discovered and responsibly disclosed. All findings were reported to vendors prior to publication.
2023
| CVE | Severity | Product | Type | Writeup |
|---|---|---|---|---|
| CVE-2023-0669 | HIGH 7.2 | GoAnywhere MFT | Unauthenticated RCE | Read → |
| CVE-2023-24329 | HIGH 7.5 | Python urllib | URL Blacklisting Bypass | Read → |
| CVE-2023-32315 | HIGH 7.5 | Openfire XMPP | Path Traversal → RCE | Read → |
| CVE-2023-27350 | CRITICAL 9.8 | PaperCut | Authentication Bypass → RCE | Read → |
| CVE-2023-24055 | CRITICAL 9.8 | KeePass | Password Theft | Read → |
| CVE-2023-21752 | HIGH 7.1 | Windows Backup | Local Privilege Escalation | Read → |
2022
| CVE | Severity | Product | Type | Writeup |
|---|---|---|---|---|
| CVE-2022-45299 | HIGH | Webbrowser-rs | Rust Library Vulnerability | Read → |
| CVE-2022-41544 | CRITICAL 9.8 | GetSimple CMS | Unauthenticated RCE | Read → |
Disclosure Policy
90-day policy aligned with Google Project Zero. Extensions granted for complex coordinated releases.