avatar

Alperen

@alpernae

  • localhost:1337
  • @alpernae
  • /u/alpernae
  • alpernae
    • Who am I ?

    Hey there! I’m a security nerd who thrives on uncovering vulnerabilities, crafting tools, and fortifying the web. Bug bounties, AI-powered security, and fuzzing marathons are my playground. Let’s break stuff to build it better!

    Overview

    3

    total CVE

    CRITICAL
    1
    HIGH
    1
    MEDIUM
    1
    LOW
    0
    NONE
    0

    Latest CVEs

    9.1

    CVSS3.1

    CVE-2024-40422 -

    The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized …

    πŸ“… Published: July 24, 2024, midnight πŸ”„ Last Modified: Jan. 29, 2025, 10:15 p.m.

    7.2

    CVSS3.1

    CVE-2022-28132 -

    The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate the database through crafted requests. By exploiting this flaw, attackers can bypass authentication …

    πŸ“… Published: May 14, 2024, 8:20 p.m. πŸ”„ Last Modified: Feb. 13, 2025, 3:46 p.m.

    4.8

    CVSS3.1

    CVE-2020-35241 -

    FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie accor…

    πŸ“… Published: Dec. 30, 2020, 2:26 p.m. πŸ”„ Last Modified: Jan. 29, 2025, 9:15 p.m.
    See all CVEs of