I’m available for Web-security tests. Get in touch with me via email at jcretel-infosec@protonmail.com.

CVEs ¶

• CVE-2025-61726 (memory exhaustion in Request.ParseForm)
• CVE-2025-58186 (lack of limit when parsing cookies can cause memory exhaustion in net/http)
• CVE-2025-47908 (denial of service via malicious preflight requests in github.com/rs/cors)
• CVE-2025-30204 (jwt-go allows excessive memory allocation during header parsing)
• CVE-2025-22868 (unexpected memory consumption during token parsing in golang.org/x/oauth2)
• CVE-2022-21703 (cross-origin request forgery against Grafana)

Bug-bounty hall of fame ¶

• Deutsche Telekom
• Deezer
• Equifax
• Ericsson
• Motorola Solutions
• OpenVPN
• ProtonMail
• Shift Crypto
• Stellantis
• Trend Micro
• [X/Twitter][twitter]