I’m available for Web-security tests. Contact me via email.

CVEs ¶

• CVE-2025-61726: memory exhaustion in Request.ParseForm
• CVE-2025-58186: lack of limit when parsing cookies can cause memory exhaustion in net/http
• CVE-2025-47908: denial of service via malicious preflight requests in github.com/rs/cors
• CVE-2025-30204: jwt-go allows excessive memory allocation during header parsing
• CVE-2025-22868: unexpected memory consumption during token parsing in golang.org/x/oauth2
• CVE-2025-10630: regex DoS in Grafana Zabbix Plugin (video PoC)
• CVE-2022-21703: cross-origin request forgery against Grafana (blog post, video PoC)

Bug-bounty hunting ¶

• Hackerone
• YesWeHack

Other mentions include

• Deutsche Telekom
• Deezer
• Motorola Solutions
• OpenVPN
• ProtonMail
• Shift Crypto
• Stellantis
• Trend Micro