Interested in web hacking and AI for security
 

Who am I

name: 신현서 (se1en)
Team: CyKor
E-mail: selen0328@gmail.com
LinkedIn : https://www.linkedin.com/in/hyunseo-shin-bb074632a/

Experience

CyKor 세미나 강사 (2024, 2025, 2026)
CyKor Recruiting CTF 문제 출제 (2024, 2025)
CyKor CTF 문제출제 (2025)
KoS CTF 문제 출제 (2025)

고려대학교 AI교육봉사단 (2026)

Presentations

AI기반 취약점 탐지 워크플로우 구축기 - OWASP Seoul Chapter 5월 세미나 (2026.05)

Achievements & Awards

2023 고려대학교 해커톤 HACKUTHON (1st place)
제 5회 부산.울산 정보보호 경진대회 장려상
2025 숭실대 해킹방어대회 대학부 최우수상

HackerOne South Korea 1st Place (2026~)

 

 

Bug Bounty & CVEs

  • CVE-2025-66514 | cvss 5.4 / xss in nextcloud mail | (Bounty Awarded)
  • CVE-2025-66558 | cvss 3.1 / Improper Authentication in nextcloud twofactor_webauthn | (Bounty Awarded)
  • CVE-2026-0994 | cvss 8.2 / dos in protobuf
  • CVE-2026-21721 | cvss 8.1 / Privilege Escalation in grafana | (Bounty Awarded)
  • CVE-2026-22922 | cvss 6.5 / Incorrect Use of Privileged APIs in airflow | (Bounty Awarded)
  • CVE-2026-28227 | cvss 5.1 / Improper Access Control in discourse | (Bounty Awarded)
  • CVE-2026-21725 | cvss 2.6 / Race Condition in grafana | (Bounty Awarded)
  • CVE-2026-26979 | cvss 2.7 / Missing Authorization in discourse | (Bounty Awarded)
  • CVE-2026-26973 | cvss 4.3 / IDOR in discourse | (Bounty Awarded)
  • CVE-2026-27162 | cvss 4.9 / Exposure of Sensitive Information in discourse | (Bounty Awarded)
  • CVE-2026-27151 | cvss 2.7 / Missing Authorization in discourse | (Bounty Awarded)
  • CVE-2026-27153 | cvss 2.7 / Missing Authorization in discourse | (Bounty Awarded)
  • CVE-2026-33355 | cvss 6.5 / Exposure of Sensitive Information in discourse | (Bounty Awarded)
  • CVE-2026-34538 | cvss 6.5 / Exposure of Resource to Wrong Sphere in airflow 
  • CVE-2026-6409 | cvss 7.1 / dos in protobuf | (Bounty Awarded)
  • CVE-2026-42228 | cvss 6.3 / Missing Authorization in n8n | (Bounty Awarded)
  • CVE-2026-45264 | cvss 4.3 / Improper Access Control in nextcloud groupfolders | (Bounty Awarded)
  • pending CVEs….

Bug Bounty (No CVE issued)

  • Nextcloud Contacts | cvss 6.5 / idor in nextcloud contacts | (Bounty Awarded)
  • Matomo | Security issue reported via HackerOne | (Bounty Awarded)
  • Matomo Official plugins | Security issue reported via HackerOne | (Bounty Awarded)
  • Matomo Official plugins | Security issue reported via HackerOne | (Bounty Awarded)
  • Matomo for wordpress | Security issue reported via HackerOne | (Bounty Awarded)
  • Owncloud  | Security issue reported via YesWeHack | (Bounty Awarded, pending CVE)
  • Discourse | Security issue reported via HackerOne | (Bounty Awarded)
  • Scalelite | Security issue reported via YesWeHack | (Bounty Awarded)
  • Owncloud  | Security issue reported via YesWeHack | (Bounty Awarded, pending CVE)
  • Nextcloud Text | Security issue reported via HackerOne | (Bounty Awarded, pending CVE)
  • Bigbluebutton | Security issue reported via YesWeHack | (Bounty Awarded)
  • Mattermost | Security issue reported via Bugcrowd | (Bounty Awarded)
  • Greenlight | Security issue reported via YesWeHack | (Bounty Awarded)
  • Greenlight | Security issue reported via YesWeHack | (Bounty Awarded)
  • Greenlight | Security issue reported via YesWeHack | (Bounty Awarded)
  • Greenlight | Security issue reported via YesWeHack | (Bounty Awarded)
  • Greenlight | Security issue reported via YesWeHack | (Bounty Awarded)
  • Nextcloud End_to_end_encryption | Security issue reported via HackerOne | (Bounty Awarded, pending CVE)
  • Owncloud Gallery | Security issue reported via YesWeHack | (Bounty Awarded, pending CVE)
  • Bigbluebutton | Security issue reported via YesWeHack | (Bounty Awarded)
  • Owncloud Richdocuments | Security issue reported via YesWeHack | (Bounty Awarded)
  • Nextcloud Notes | Security issue reported via HackerOne | (Bounty Awarded, pending CVE)
  • Pigeonhole | Security issue reported via YesWeHack | (Bounty Awarded, pending CVE )
  • Matomo for wordpress | Security issue reported via HackerOne | (Bounty Awarded)
  • Matomo for wordpress | Security issue reported via HackerOne | (Bounty Awarded)
  • airflow | Security issue reported via Huntr | (Bounty Awarded, pending CVE)
  • Nextcloud Circles | Security issue reported via HackerOne | (Bounty Awarded, pending CVE)
  • Nextcloud Contacts | Security issue reported via HackerOne | (Bounty Awarded, pending CVE)
  • Nextcloud | Security issue reported via HackerOne | (Bounty Awarded, pending CVE)
  • Nextcloud richdocuments | Security issue reported via HackerOne | (Bounty Awarded, pending CVE)
  • Nextcloud richdocuments | Security issue reported via HackerOne | (Bounty Awarded, pending CVE)
  • Nextcloud tables | Security issue reported via HackerOne | (Bounty Awarded, pending CVE)
  • Nextcloud tables | Security issue reported via HackerOne | (Bounty Awarded, pending CVE)

Team Project

BOB 14th team weblover

Topic: Multi-Agent System(MAS) Vulnerability Research
CVEs: CVE-2026-25051, CVE-2025-15514, CVE-2026-0621, CVE-2026-25631, CVE-2026-27966, CVE-2026-33665, CVE-2026-3357, CVE-2026-3345 pending CVEs….
papers:다중 에이전트 시스템의 공격 표면 분석을 통한 공격 벡터 도출 | 한국정보보호학회

Education

고려대학교 사이버국방학과(2023~)
Best of the Best 14th 취약점분석트랙(2025)

se1en
se1en
se1en의 보안 블로그

티스토리툴바