moltenbit

Security Research

29 disclosures 26 CVEs last update 2026-07-01

Security vulnerabilities I have responsibly disclosed. All findings were reported to the affected vendors and patched before public disclosure.

Disclosure ledger / 29

2026
CVE-2026-58418
Gitea

SSRF via HTTP redirect in repository migration allows authenticated users to bypass internal address restrictions and reach localhost or private-network services

No CVE
Hushline

IDOR in FieldDefinition lets authenticated users alter or destroy other users’ submission fields and stored disclosure content

2025

Hall of fame

HackerOne

Ranked among the top contributors of the program.