CVE-2025-61922: Zero-Click Account Takeover on Prestashop
Technical analysis of CVE-2025-61922 leading to zero-click account takeover in PrestaShop Checkout < 5.0.5
Blog Posts
The Most Beautiful Payment Bypass - Is It Not?
Technical analysis of a payment bypass in the Prestashop integration of Stripe.
Exploring the Unknown: Beneath the Surface of Unpatched WordPress SSRF
Research on additional vulnerability scenario of the root cause of WordPress Core Blind SSRF.
Destructuring CVE-2023-26045: NodeBB Code Execution Vulnerability
Technical analysis of CVE-2023-26045 to achieve code execution on NodeBB < 2.8.7
Razer OTP Bypass
Technical analysis of how I was able to bypass OTP code requirement in Razer.