A running index of vulnerabilities I’ve discovered, advisories I’ve published, and other research output. Each entry links to the full writeup where one exists.

Coordinated disclosure: details for a given issue are published only after a patch is available or the disclosure window has elapsed.

CVEs & advisories

CVE / ID	Product	Class	Impact	Disclosed	Writeup
CVE-2019-12176	HTC VIVEPORT Desktop	insecure service permissions	LPE	2019-05-24	link
CVE-2019-12177	HTC VIVEPORT Desktop	DLL hijacking	LPE	2019-05-24	link

Papers

None yet.

Bug bounties / acknowledgements

None yet.