Interested in web hacking and AI for security
Who am I
name: 신현서 (se1en)
Team: CyKor
E-mail: selen0328@gmail.com
Experience
CyKor 세미나 강사(2024, 2025, 2026)
CyKor Recruiting CTF 문제 출제(2024, 2025)
CyKor CTF 문제출제(2025)
KoS CTF 문제 출제(2025)
Awards
2023 고려대학교 해커톤 HACKUTHON (1st place)
제 5회 부산.울산 정보보호 경진대회 장려상
2025 숭실대 해킹방어대회 대학부 최우수상
Bug Bounty & CVEs
- CVE-2025-66514 | cvss 5.4 / xss in nextcloud mail | (Bounty Awarded)
- CVE-2025-66558 | cvss 3.1 / Improper Authentication in nextcloud twofactor_webauthn | (Bounty Awarded)
- CVE-2026-0994 | cvss 8.2 / dos in protobuf
- CVE-2026-21721 | cvss 8.1 / Privilege Escalation in grafana | (Bounty Awarded)
- CVE-2026-22922 | cvss 6.5 / Incorrect Use of Privileged APIs in airflow | (Bounty Awarded)
- CVE-2026-28227 | cvss 5.1 / Improper Access Control in discourse | (Bounty Awarded)
- CVE-2026-21725 | cvss 2.6 / Race Condition in grafana | (Bounty Awarded)
- CVE-2026-26979 | cvss 2.7 / Missing Authorization in discourse | (Bounty Awarded)
- CVE-2026-26973 | cvss 4.3 / IDOR in discourse | (Bounty Awarded)
- CVE-2026-27162 | cvss 4.9 / Exposure of Sensitive Information in discourse | (Bounty Awarded)
- CVE-2026-27151 | cvss 2.7 / Missing Authorization in discourse | (Bounty Awarded)
- CVE-2026-27153 | cvss 2.7 / Missing Authorization in discourse | (Bounty Awarded)
- CVE-2026-33355 | cvss 6.5 / Exposure of Sensitive Information in discourse | (Bounty Awarded)
- CVE-2026-34538 | cvss 6.5 / Exposure of Resource to Wrong Sphere in airflow
- pending CVEs….
Bug Bounty (No CVE issued)
- Nextcloud Contacts | cvss 6.5 / idor in nextcloud contacts | (Bounty Awarded)
- Matomo | Security issue reported via HackerOne | (Bounty Awarded)
- Matomo Official plugins | Security issue reported via HackerOne | (Bounty Awarded)
- Matomo Official plugins | Security issue reported via HackerOne | (Bounty Awarded)
- Matomo for wordpress | Security issue reported via HackerOne | (Bounty Awarded)
- Owncloud | Security issue reported via YesWeHack | (Bounty Awarded, pending CVE)
- Discourse | Security issue reported via HackerOne | (Bounty Awarded)
- Scalelite | Security issue reported via YesWeHack | (Bounty Awarded)
- Owncloud | Security issue reported via YesWeHack | (Bounty Awarded, pending CVE)
- Nextcloud Text | Security issue reported via HackerOne | (Bounty Awarded, pending CVE)
- Bigbluebutton | Security issue reported via YesWeHack | (Bounty Awarded)
- Mattermost | Security issue reported via Bugcrowd | (Bounty Awarded)
- Greenlight | Security issue reported via YesWeHack | (Bounty Awarded)
- Greenlight | Security issue reported via YesWeHack | (Bounty Awarded)
- Greenlight | Security issue reported via YesWeHack | (Bounty Awarded)
- Greenlight | Security issue reported via YesWeHack | (Bounty Awarded)
- Greenlight | Security issue reported via YesWeHack | (Bounty Awarded)
- Protobuf | Security issue reported via github | (Bounty Awarded, pending CVE)
- Nextcloud End_to_end_encryption | Security issue reported via HackerOne | (Bounty Awarded, pending CVE)
- Owncloud Gallery | Security issue reported via YesWeHack | (Bounty Awarded, pending CVE)
- Bigbluebutton | Security issue reported via YesWeHack | (Bounty Awarded)
- Owncloud Richdocuments | Security issue reported via YesWeHack | (Bounty Awarded)
- Nextcloud Groupfolders | Security issue reported via HackerOne | (Bounty Awarded, pending CVE)
- Nextcloud Notes | Security issue reported via HackerOne | (Bounty Awarded, pending CVE)
- Pigeonhole | Security issue reported via YesWeHack | (Bounty Awarded, pending CVE )
- Matomo for wordpress | Security issue reported via HackerOne | (Bounty Awarded)
Team Project
BOB 14th team weblover
Topic: Multi-Agent System(MAS) Vulnerability Research
CVEs: CVE-2026-25051 ,CVE-2025-15514,CVE-2026-0621, CVE-2026-25631, CVE-2026-27966, CVE-2026-33665, CVE-2026-3357 pending CVEs….
papers:다중 에이전트 시스템의 공격 표면 분석을 통한 공격 벡터 도출 | 한국정보보호학회
Education
고려대학교 사이버국방학과(2023~)
Best of the Best 14th 취약점분석트랙(2025)