Security research and bug bounty findings.
The table below lists vulnerabilities that were found in my free time and reported as part of the bug bounty or vulnerability disclosure program. All have been addressed and resolved by the respective teams.
| Date | Name | Org | Info |
|---|---|---|---|
| 2026-02 | Stack Overflow in FreeType | FreeType | Issue |
| 2026-02 | Signed int overflow in dr_libs MS-ADPCM decoder | dr_libs | Issue |
| 2026-02 | Denial of Service via Cookie Bombing | seznam.cz | Seznam HoF |
| 2026-01 | Open Redirect | seznam.cz | Bounty reward |
| 2026-01 | ReDoS | NodeBB | Bounty reward |
| 2025-12 | rXSS to partial account takeover | undisclosed | Bounty reward |
| 2025-12 | sXSS (Old browsers only) | seznam.cz | Seznam HoF |
| 2025-12 | rXSS | hrad.cz | |
| 2025-11 | CVE-2025-12097 | Many big universities | Utwente HoF |