moltenbit

I break software before someone worse does.

Security research and bug bounty, done the boring way: reported to the vendor, fixed, then written up here.

Latest writeups / 3

all writeups →

From the ledger / 5 of 29

full ledger →
CVE-2026-58418
Gitea

SSRF via HTTP redirect in repository migration allows authenticated users to bypass internal address restrictions and reach localhost or private-network services

CVE-2026-14285
MiniUPnP

heap over-read in UPnP event callback URL host parsing (upnpevents.c)

CVE-2026-56727
Zammad

PGP email verification handler discards GPG return values, falsely marking all inbound signed emails as valid signatures

CVE-2026-56725
Zammad

unauthenticated request to OTRS import controller endpoint blocks request workers for ~115 seconds, enabling denial of service

CVE-2026-56724
Zammad

knowledge base permission checks allow users with limited read permissions to access items outside their assigned scope