CVE-2025-57203: Stored XSS in MagicAI 9.1 (AI Chat) Enables Arbitrary JavaScript ExecutionSep 20, 2025·7 min read
CVE-2025-57204: Stored XSS in Stocky POS with Inventory Management & HRM (ui-lib) 5.0Discovered by: Michael KimVendor: ui-lib (Uilibrary)Product: Stocky – POS with Inventory Management & HRM (“Ultimate Inventory Management System with POS”)Affected Version: 5.0 (as released June 2025)Impact: Arbitrary JavaScript Execution (Stored XSS...Sep 20, 2025·4 min read
My Journey to Passing the CAPenX Certification: A Guide for Aspiring Expert-Level AppSec PentestersNov 10, 2024·6 min read
CVE-2024-37629: Simple XSS Payload Exploits 0day Vulnerability in 10,000 Web AppsJun 12, 2024·2 min read
CVE-2024-34240: Latest Stored XSS 0day Vulnerability UnveiledHow I Quickly Found a Stored XSS 0day in the QDOCS Smart School 7.0.0May 21, 2024·2 min read
CVE-2024-34241: A Step-by-Step Discovery GuideHow I Found Several Stored XSS Bugs in Rocket LMS Version 1.9 in Under 10 MinutesMay 17, 2024·3 min read
Review of the Certified AppSec Pentester Certification: Tips for Passing on Your First AttemptI was scrolling through LinkedIn and noticed a couple of hackers on my newsfeed posting that they passed the mock exam for the CAPen Certification by The SecOps Group. This caught my interest because I had never heard of the Certified AppSec Penteste...May 8, 2024·6 min read
Finding a Basic RCE Vulnerability on a Prominent News ChannelInspiring new bug bounty hunters with a simple RCE vulnerability discovery.May 4, 2024·5 min read
Uncovering an SSRF Vulnerability in PDFMyURL Affecting Numerous UsersA bug bounty story by GRuMPz.Apr 22, 2024·2 min read
Hunting and Finding CVE-2023-31045This is my journey on hunting and finding my first 0day as a security researcher. CVE-2023-31045.May 31, 2023·4 min read
