Skip to content
View xeloxa's full-sized avatar
🎯
Focusing
🎯
Focusing
113 followers · 146 following

Achievements

Achievement: Pull Sharkx2Achievement: StarstruckAchievement: QuickdrawAchievement: Pair ExtraordinaireAchievement: Galaxy BrainAchievement: YOLO

Achievements

Achievement: Pull Sharkx2Achievement: StarstruckAchievement: QuickdrawAchievement: Pair ExtraordinaireAchievement: Galaxy BrainAchievement: YOLO

Highlights

Organizations

@Nolva-Security

Block or report xeloxa

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
xeloxa/README.md

Welcome! 👋 View my resume ↗

I'm an Ethical Hacker & Penetration Tester passionate about Cloud, Web App & Application Security. I focus on offensive security and actively contribute to open-source projects.

🚀 Projects

  • s3finder - A tool for discovering and analyzing open S3 buckets
  • Temodar Agent - AI-powered WordPress plugin/theme security analysis platform with Semgrep-based static analysis and agent-assisted investigation workflows
  • aws-clf-c02-notlari - AWS Certified Cloud Practitioner study notes

More projects coming soon! 🛠️

🏆 Bug Bounties

🛡️ Security Contributions

Repository Stars Fix
gofiber/fiber GitHub Repo stars Reported cache middleware query-string key collision / response mix-up (GHSA-35hp-hqmv-8qg8, CVE-2026-30246) · ↗ Advisory
NousResearch/hermes-agent GitHub Repo stars Reported ACP auth / approval hardening issues and fixes · ↗ #13468 · ↗ #13471 · ↗ #13525
EvoMap/evolver GitHub Repo stars Reported RCE, arbitrary file write, and prototype pollution issues · ↗ GHSA-j5w5-568x-rq53 · ↗ GHSA-r466-rxw4-3j9j · ↗ GHSA-2cjr-5v3h-v2w4
lukilabs/craft-agents-oss GitHub Repo stars Fixed path traversal in STORE_ATTACHMENT IPC handler (v0.3.2) · ↗ Advisories
NoeFabris/opencode-antigravity-auth GitHub Repo stars Set 0600 permissions for credential storage · ↗ #353

More contributions coming soon! 🔜

🔍 CVEs

CVE ID Status CVSS Description
CVE-2026-1993 ✅ Published 8.8 Privilege escalation in ExactMetrics <= 9.0.2
CVE-2026-1992 ✅ Published 8.8 Arbitrary plugin installation in ExactMetrics <= 9.0.2
CVE-2026-1857 ✅ Published 4.3 SSRF vulnerability in Kadence Blocks <= 3.6.1
CVE-2026-2633 ✅ Published 4.3 Unauthorized media upload in Kadence Blocks <= 3.6.1

More coming soon! 🔜

💥 Exploits

CVE ID Exploit Exploit-DB Description
CVE-2024-28397 ↗ GitHub ⏳ Pending Remote Code Execution in Js2Py
xeloxa's GitHub streak xeloxa's GitHub stats

Pinned Loading

  1. temodar-agent temodar-agent Public

    Temodar Agent is an AI-powered WordPress plugin and theme security analysis platform built for security researchers, product security teams, auditors, and defenders. It combines AI agent workflows,…

    Python 57 9

  2. s3finder s3finder Public

    A high-performance CLI tool for discovering AWS S3 buckets using intelligent name generation. Combines traditional wordlist scanning with LLM-powered suggestions to find buckets that other tools miss.

    Go 3 2

  3. CVE-2024-28397-Js2Py-RCE-Exploit CVE-2024-28397-Js2Py-RCE-Exploit Public

    Professional exploit for CVE-2024-28397: Js2Py Sandbox Escape leading to Remote Code Execution (RCE). Includes modular payload generation.

    Python 2

  4. aws-clf-c02-notlari aws-clf-c02-notlari Public

    Bu repository, AWS Certified Cloud Practitioner sınavı için aldığım notları ve sınav ipuçlarını içeren bir yönlendirme kaynağıdır. Notlar "AWS SkillBuilder - AWS Cloud Practitioner Essentials" kurs…

    4