- HackerOne
- BugCrowd
- New Blog hack.do
- Old Blog m-austin.com
- X @mattaustin
- GitHub CLI: CVE-2025-48938
- OpenMRS Velocity Template RCE: CVE-2020-24621
- Marked - CVE-2016-10531
- Static-eval - CVE-2017-16226
- Node.js: CVE-2023-30587 Permissions Model Bypass
Microsoft:
- Teams RCE - CVE-2020-17091
- Yammer Desktop RCE CVE-2018-8569
- Other Pending RCEs
Google:
- RCE Chrome Headless - CVE-2021-30618
- "Carpet Bomb" from File Download - CVE-2012-2847
- Overly broad file access granted after drag+drop - CVE-2012-2848
Electron:
- WebPreferences Bypass CVE-2018-15685
Zulip
- CVE-2020-9445 - Server XSS vulnerability in modal_link
- CVE-2020-9443 - Desktop RCE Untrusted content in webview.
- CVE-2020-10856 - Remote code execution due to missing context isolation
- CVE-2020-10857 - shell.openExternal and shell.openItem
- CVE-2020-10858 - Zulip recording via the webcam and microphone due to a missing permission request handler.
Other / Bug Bounty: RCEs in both Burp and ZAP proxy apps. RCEs in VSCode via Markdown issues. Bugcrowd MVP January 2020 Microsoft (MSRC) Contributors List - 2019 Facebook Hall of Fame