Thanks to visit codestin.com
Credit goes to github.com

Skip to content
View Eyodav's full-sized avatar
5 followers · 15 following

Achievements

Achievement: Quickdraw

Achievements

Achievement: Quickdraw

Block or report Eyodav

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Eyodav/README.md

Typing SVG

Hi there, I'm Eyodavエヨダヴ👋

Eyodav

About Me

🔹 Pentester | Cybersecurity Student

🔹 Security Researcher | Bug bounty hunter

📝 Quick Facts

  • Specialties:
    • Pentesting
    • Bug Hunting
    • Forensics & OSINT

📊 Stats

  • My CVEs
    CVE Identifier Title / Description Links
    CVE-2025-34157 Stored XSS in Coolify Delete Flow GitHub · CVE.org
    CVE-2025-34159 Docker Compose Injection in Coolify GitHub · CVE.org
    CVE-2025-34161 Git Repository Command Injection in Coolify GitHub · CVE.org
    CVE-2025-54962 Unfiltered File Upload in OpenPLC GitHub · CVE.org
    CVE-2025-34226 Persistent DoS in OpenPLC Runtime GitHub · CVE.org
    CVE-2025-34171 CasaOS Unauthenticated File and Debug Data Exposure GitHub · CVE.org

Spotify

Songs I Listen To

Spotify

🌸 GitHub Stats

Click to expand

Eyodav GitHub Stats

Pinned Loading

  1. CVE-2025-34171 CVE-2025-34171 Public

    CasaOS expose multiple unauthenticated API endpoints that allow remote disclosure of sensitive configuration files and system debug information

  2. CVE-2025-34157 CVE-2025-34157 Public

    A stored XSS in the project delete flow allows execution of attacker-controlled JavaScript in an administrator’s browser when the admin attempts to delete a project created by a low-privileged user…

  3. CVE-2025-34159 CVE-2025-34159 Public

    A critical Remote Code Execution (RCE) vulnerability exists in Coolify's application deployment workflow. This flaw allows a low-privileged member to inject arbitrary Docker Compose directives duri…

  4. CVE-2025-34161 CVE-2025-34161 Public

    Authenticated low-privileged RCE in Coolify via unsanitized shell commands in the Git Repository field.

    1

  5. CVE-2025-34226 CVE-2025-34226 Public

    OpenPLC Runtime suffers from a persistent denial of service (DoS) vulnerability in the /upload-program-action endpoint.

  6. CVE-2025-54962 CVE-2025-54962 Public

    Authenticated users can upload arbitrary files (e.g. .html, .svg) as profile images in OpenPLC Runtime. These files are publicly accessible without authentication, allowing stored XSS or malicious …