happy jesus day

please open this letter for the following reasons

Author

Oliver Maicher
December 27, 2025

1 Again, new bug bounty programs open:

Feel free to take a look and share it

πŸ‡§πŸ‡· Meet this guy, called Jesus in Rio de Janeiro, greets and merry xmas! (AI generated)

2 Bugs found recently

πŸŽ‰Parth Narula: Blind XSS leading to admin account takeover

πŸŽ‰Swastik: Price Manipulation (reduction to 1€/night) at hotel booking site

πŸŽ‰ Bharath Mn: WordPress staging environment to RCE and lateral movement

πŸŽ‰ Rijul Jenjen: XSS vulnerabilities in different applications

3 MongoDB exploit:

CVE-2025-14847: MongoDB Unauthenticated Memory Leak

Proof-of-concept exploit for a MongoDB zlib decompression vulnerability. Due to an issue where MongoDB returns the allocated buffer size instead of the actual decompressed length, unauthenticated attackers can leak uninitialized and potentially sensitive server memory.

4 React2shell: using React or Next.js or similar? fix now!

πŸ‡§πŸ‡· merry xmas from Rio,

Oliver

PS: check out my new linktree, plus travel map extended by country Nr. 41: