Skip to content

[Security] Critical Vulnerabilities Identified (RCE, IDOR) #23

Description

@Nixon-H

Greetings,

I have identified multiple critical security vulnerabilities in this application, including unauthenticated Remote Code Execution (RCE) and Authentication Bypass.

I have attempted to contact the maintainer via email (ayondip***@gmail.com and ayondip@dev*******.com) to disclose these issues privately.

This issue is opened to track the disclosure process.

Disclosure Timeline:

  • Initial Contact: December 16, 2025 (Emails sent).
  • Public Disclosure Date: December 23, 2025 (If no response is received).

In accordance with standard responsible disclosure guidelines, if I do not receive a response by December 23, 2025, I will proceed with public disclosure and a CVE request to ensure the community is aware of this risk."

Regards,
Nixon-H

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions