Browse all 4 CVE security advisories affecting pglombardo. AI-powered Chinese analysis, POCs, and references for each vulnerability.
pglombardo develops security tools and research, focusing on vulnerability analysis and exploitation techniques. Their work primarily targets web applications and enterprise systems, with a history of identifying vulnerabilities across multiple classes including remote code execution, cross-site scripting, and privilege escalation. The researcher has documented three CVEs, demonstrating expertise in identifying flaws that could lead to system compromise. Their contributions often center on practical security research, with an emphasis on real-world exploit development. While no major public incidents are directly attributed to pglombardo, their CVE contributions highlight consistent engagement with vulnerability discovery and disclosure processes within the security community.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41308 | Password Pusher: JSON API `/p.json` file upload alias bypasses file-push authentication — PasswordPusherCWE-288 | 6.5 | Medium | 2026-05-08 |
| CVE-2024-56733 | Password Pusher Allows Session Token Interception Leading to Potential Hijacking — PasswordPusherCWE-384 | 5.7 | Medium | 2024-12-30 |
| CVE-2024-52796 | Password Pusher's rate limiter can be bypassed by forging proxy headers — PasswordPusherCWE-770 | 5.3 | Medium | 2024-11-20 |
| CVE-2024-51989 | Cross-site Scripting (XSS) Vulnerability in PasswordPusher — PasswordPusherCWE-79 | 7.1 | High | 2024-11-07 |
This page lists every published CVE security advisory associated with pglombardo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.