Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

patrickhener — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting patrickhener. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Patrickhener focuses on identifying vulnerabilities in web applications and enterprise software, with a core use case in security research and penetration testing. Historically, their contributions span multiple vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation, often targeting authentication mechanisms and API endpoints. While no major public incidents are directly attributed to this researcher, their 13 CVEs demonstrate consistent findings in complex systems, particularly in open-source platforms and cloud services. Their work emphasizes uncovering flaws in access controls and input validation, contributing to improved security postures across affected vendors.

Top products by patrickhener: goshs
CVE IDTitleCVSSSeverityPublished
CVE-2026-42091 goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS — goshsCWE-352 6.5 Medium2026-05-04
CVE-2026-40903 Goshs - ArtiPACKED Vulnerability – GitHub Actions Credential Persistence — goshsCWE-829 9.1 Critical2026-04-21
CVE-2026-40885 goshs: Public collaborator feed leaks .goshs ACL credentials and enables unauthorized access — goshsCWE-200 9.1AICriticalAI2026-04-21
CVE-2026-40884 goshs: Empty-username SFTP password authentication bypass in goshs — goshsCWE-306 9.8 Critical2026-04-21
CVE-2026-40883 goshs: CSRF in state-changing GET routes enables authenticated file deletion and directory creation — goshsCWE-352 8.1AIHighAI2026-04-21
CVE-2026-40876 SFTP root escape via prefix-based path validation in goshs — goshsCWE-22 8.8AIHighAI2026-04-21
CVE-2026-40189 goshs has a file-based ACL authorization bypass in goshs state-changing routes — goshsCWE-862 9.8AICriticalAI2026-04-10
CVE-2026-40188 goshs is Missing Write Protection for Parametric Data Values — goshsCWE-1314 7.7 High2026-04-10
CVE-2026-35471 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs — goshsCWE-22 9.1AICriticalAI2026-04-06
CVE-2026-35393 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs POST multipart upload — goshsCWE-22 9.8AICriticalAI2026-04-06
CVE-2026-35392 goshs has an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs PUT Upload — goshsCWE-22 9.1AICriticalAI2026-04-06
CVE-2026-34581 goshs has Auth Bypass via Share Token — goshsCWE-288 8.1 High2026-04-02
CVE-2025-46816 goshs route not protected, allows command execution — goshsCWE-284 9.8AICriticalAI2025-05-06

This page lists every published CVE security advisory associated with patrickhener. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.