Security vulnerabilities I have responsibly disclosed. All findings were reported to the affected vendors and patched before public disclosure.
| CVE / ID | Product | Summary | Severity | Date | References |
|---|---|---|---|---|---|
| CVE-2026-34782 | Zammad | missing authorization in AI assistance controller for text tools | Moderate (5.3) | 2026-04-08 | CVE, GHSA, Blog post |
| CVE-2026-34837 | Zammad | missing authorization in AI assistance controller for context data used in text tools | Moderate (5.3) | 2026-04-08 | CVE, GHSA, Blog post |
| CVE-2026-34721 | Zammad | cross-site request forgery (CSRF) in OAuth callback endpoints | Moderate (5.9) | 2026-04-08 | CVE, GHSA |
| CVE-2025-30201 | Wazuh | bypass of UNC path mitigation in Windows OSQuery via \\?\UNC\ | High (7.1) | 2025-03-17 | CVE, GHSA, Blog post |