┌──(root㉿0xbassia)-[~]
└─# cat profile.txt
[+] Name........: Mohamed Bassia
[+] Role........: Security Researcher / Vulnerability Hunter
[+] Specialties.: Source-code auditing, 0-day discovery, web exploitation
[+] Bug classes.: Prototype pollution, SSRF, IDOR, CSRF, auth bypass
[+] Credits.....: 10 published CVEs (6 GitHub-reviewed + 4 WPScan)
[+] Status......: Reading code others trust, finding what they missedSource-Code Auditing & SAST
Vulnerability Research & Exploitation
Fuzzing & Supply-Chain
Languages
10 published CVEs · unauth RCE, SSRF, prototype pollution, access control · npm & WordPress
| CVE | Package / Plugin | Severity | Vulnerability Class |
|---|---|---|---|
| CVE-2026-47378 | nocodb |
🟠 Medium | Hidden column exposure in public shared views (broken access control) |
| CVE-2026-46510 | form-data-objectizer |
🔴 High 8.2 |
Prototype pollution (bracket-notation keys) |
| CVE-2026-46509 | @ranfdev/deepobj |
🔴 High 8.2 |
Prototype pollution |
| CVE-2026-45325 | @tmlmobilidade/utils |
🔴 High 8.2 |
Prototype pollution (setValueAtPath) |
| CVE-2026-45302 | parse-nested-form-data |
🔴 High 8.2 |
Prototype pollution (__proto__ in form fields) |
| CVE-2026-44483 | @rvf/set-get |
🔴 High 8.2 |
Prototype pollution (via @rvf/core preprocessFormData) |
| CVE-2026-9815 | MagicForm (<= 0.1.3) |
🔴 High | Unauthenticated arbitrary file upload to RCE |
| CVE-2026-12516 | Fediverse Embeds (< 1.5.8) |
🔴 High 7.5 |
Unauthenticated SSRF via media proxy (full read + open proxy) |
| CVE-2026-12517 | Fediverse Embeds (< 1.5.8) |
🟠 Medium 5.3 |
Unauthenticated SSRF via site-info endpoint |
| CVE-2026-9067 | Schema & Structured Data for WP & AMP (< 1.60) |
🔴 High | Unauthenticated arbitrary media upload |
6 npm CVEs credited via the GitHub Advisory Database · 4 WordPress CVEs disclosed through WPScan
🛡️ 10× Published CVEs · 🦈 Pull Shark ×2 · ⚡ Quickdraw · 👥 Pair Extraordinaire · 🧊 Arctic Code Vault Contributor
root@0xbassia:~# echo "Hack the planet, responsibly." █