I am a cybersecurity researcher and penetration tester from Australia. I specialize in Web Application Security, Binary Exploitation, and Vulnerability Research. My work focuses on discovering zero-day vulnerabilities in open-source software and commercial applications through systematic code analysis and fuzzing. I practice responsible disclosure and contribute to securing the software supply chain through CVE reporting and proof-of-concept development.
| ID | Package | Vulnerability | Impact | CVE |
|---|---|---|---|---|
| GHSA-vc9j-w4ch-7h3j | Codazon Magento |
Reflected XSS | XSS allowing arbitrary JavaScript execution via crafted payload in cat parameter. Affects v1.1.0.0 - v2.4.7 | CVE-2025-60991 |
| GHSA-jmc7-28c7-wx66 | Kissflow Platform |
Stored XSS | Stored XSS enabling privilege escalation account takeover and PII Data stolen. Affects v2.0 - v4.2 | CVE-2025-57393 |
| GHSA-7q72-8f9r-v4mw | PoDoFo |
Heap Use-After-Free | Memory corruption in PdfTokenizer::ReadDictionary causing DoS via malformed PDF. Affects v0.10.0 - v0.10.5 | CVE-2025-46205 |
| GHSA-77h4-r63x-87f8 | Poppler |
Stack Overflow | DoS via deeply nested PDF metadata structures causing uncontrolled recursion. Affects v24.06.1 - v25.03.0 | CVE-2025-43718 |
| GHSA-x867-qv23-g3mv | Neto CMS |
CRLF Injection | HTTP response splitting allowing arbitrary code execution. Affects v6.313.0 - v6.314.0 | CVE-2025-28357 |
| GHSA-63m8-3cc3-jr6j | Neto E-Commerce |
XSS | XSS via kw parameter enabling privilege escalation. Affects v6.313.0 - v6.3115 | CVE-2024-57494 |
Web Security • XSS Research
Comprehensive collection of XSS payloads for penetration testing and security research. Contains bypass techniques for modern WAFs and CSP policies.
API Security • Automation
Automated security testing tool for Swagger/OpenAPI endpoints with vulnerability detection capabilities.
Vulnerability Research • Disclosure
Repository documenting discovered vulnerabilities with technical analysis, PoCs, and responsible disclosure timelines.
- 6 CVEs published across multiple platforms and frameworks
- 128+ stars on XSS payload repository
- Discovered vulnerabilities in: Poppler PDF library, PoDoFo, Neto CMS, Kissflow, Codazon Magento themes
- Focus areas: Memory corruption bugs, web application security, API fuzzing, binary analysis
I'm interested in collaborating on security research, CTF competitions, and vulnerability disclosure. Feel free to reach out for:
- Security research collaboration
- Penetration testing projects
- CTF team participation
- Responsible disclosure coordination