Research & Advisories
I find critical risk in global infrastructure, from industrial control systems and software used by hundreds of millions of users, to the backbone of decentralized finance.
| Scada-LTS Open-source SCADA platform for industrial control management |
CVE-2022-35420 | Authentication Bypass |
| uTorrent Torrent client with 150M+ monthly users |
CVE-2020-8437 | Unauthenticated Remote Crash |
| Flashbots Relay Critical blockchain infrastructure relaying 42% of Ethereum blocks and billions in cryptocurrency |
Security Advisory | Cryptocurrency Theft |
| Temporal Enterprise-grade workflow orchestration infrastructure used by companies like Netflix |
CVE-2025-14986 | Cross-Tenant Metadata Read |
| Sandboxie Windows application and malware sandboxing software |
CVE-2025-64721 | Sandbox Escape, Windows Local Privilege Escalation to SYSTEM |
| Serv-U FTP Server Enterprise managed file transfer (MFT) server |
CVE-2019-12181 | Linux Local Privilege Escalation to root |
| Retesteth Ethereum protocol testing infrastructure published by the Ethereum Foundation |
Security Advisory | Unauthenticated Remote Code Execution |
| D-Link DIR-842 Router Home and SMB wireless router |
CVE-2021-27342 | Vulnerability Mitigation Bypass |
| Zoho Firewall Analyser, Zoho OpManager Enterprise network monitoring and firewall analytics platform |
CVE-2019-17421 | Linux Local Privilege Escalation to root |
| nipper-ng Network device config auditing tool (routers, firewalls, switches) |
CVE-2019-17422 CVE-2019-17423 CVE-2019-17424 CVE-2019-17425 |
Unauthenticated Remote Code Execution |