Skip to content
View 0xNayel's full-sized avatar
10 followers · 1 following

Achievements

Achievement: Starstruck

Achievements

Achievement: Starstruck

Block or report 0xNayel

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
0xNayel/README.md

Ahmed Nayel

Offensive Security Researcher · Bug Bounty Hunter · CVE Contributor

roles

About

Offensive security practitioner based in Egypt, with hands-on experience across web · mobile · network domains. Reported valid vulnerabilities to organizations including Visa · Indeed · Atlassian · Adobe, with multiple coordinated disclosures and published CVEs. Ranked among the top researchers in Egypt on HackerOne. Active in CTFs, open-source security tooling, and public vulnerability research.

BSc Computers & Data Science — Faculty of Computer & Data Science, Alexandria University.

GitHub

contribution snake

CVE Discoveries

  CVE-2026-5562 — Unauthenticated Remote Code Execution in kafka-ui

  CVE-2026-4045 — LDAP Injection User Enumeration in ProjectSend

  CVE-2026-4044 — Path Traversal via Arbitrary File Deletion in ProjectSend

  CVE-2026-23852 — Stored XSS to RCE via Dynamic Icons in SiYuan

  CVE-2025-1553 — Stored XSS in Scale Project Management

Certifications

eMAPT eWPTx OSCP OSWE

Stack

Featured Writeups

Full archive at 0xnayel.com.

Featured Project

MonMon — AI-powered monitoring tool for bug bounty hunters. Tracks changes across subdomains, HTTP endpoints, command output, and scope pages. Alerts via Telegram, Discord, and webhooks.

Get In Touch

For engagements, collaboration, or responsible disclosure — reach out via the contact form at 0xnayel.com.

Popular repositories Loading

  1. MonMon MonMon Public

    Monitoring Monster (MonMon) is a monitoring tool for bug bounty hunters. It tracks changes across subdomains, HTTP endpoints, shell command output, and bug bounty program scopes. When something cha…

    TypeScript 38 8

  2. WifineticTwo WifineticTwo Public

    Python

  3. headlessHTBsolve headlessHTBsolve Public

    rce to the headless htb

    Python

  4. monitoredHTBsolution monitoredHTBsolution Public

    Python

  5. 2ndCloudAssignment 2ndCloudAssignment Public

    PHP

  6. 0xnayel.github.io 0xnayel.github.io Public

    HTML