- Security Researcher / CTF Player @W4llz
| Year | Name | Award |
|---|---|---|
| 2026 | W4llz | SekaiCTF 2026 2nd |
| 2026 | W4llz | Break The Syntax CTF 2026 2nd |
| 2025 | Jiyong | Google Cloud VRP (Vulnerability Reward Program) - Honorable Mention |
CVE-2026-48718 β Firebird
Status
- Coordinated disclosure (technical details will be published after the embargo).
CVE-2026-1665 β Command Injection in nvm
Target
- nvm-sh/nvm
Summary
- Command injection caused by insufficient validation of environment variables during
wgetinvocation.
References
CVE-2025-69262 β Command Injection in pnpm
Target
- pnpm/pnpm
Summary
- Command injection through environment variable substitution, potentially leading to arbitrary code execution in CI/CD and build environments.
References
CVE-2025-14550 β Denial of Service in Django
Target
- django/django
Summary
- Super-linear processing of repeated HTTP headers in the ASGI request path, enabling a potential denial-of-service attack.
References
- Name: Jiyong Yang (μμ§μ©)
- Contact: contact@sy2n0.me



