CVEs
A few CVEs I’ve been credited with over the years, grouped by product.
Apple Safari
Eight memory-corruption CVEs from my 2026 Safari research, across Safari 26.5 (May 2026) and 26.5.2 (Jun 2026) — in WebKit, WebRTC, and Web Extensions. How they were found, and where the automation hands back to me, is in Finding memory bugs in Apple’s WebKit.
| CVE | Component | Class | Release |
|---|---|---|---|
| CVE-2026-28947 | WebKit | Use-after-free | 26.5 |
| CVE-2026-28946 | WebKit | Use-after-free | 26.5 |
| CVE-2026-28944 | WebRTC | Heap-buffer-overflow | 26.5 |
| CVE-2026-43704 | Web Extensions | Use-after-free | 26.5.2 |
| CVE-2026-43731 | WebKit | Use-after-free | 26.5.2 |
| CVE-2026-43705 | WebKit | Type confusion | 26.5.2 |
| CVE-2026-43676 | WebKit | OOB access | 26.5.2 |
| CVE-2026-43746 | WebRTC | Use-after-free | 26.5.2 |
Adobe InCopy
- CVE-2021-21010 — Uncontrolled search path element (CWE-427) that runs arbitrary code as the current user when a victim opens a malicious file. InCopy ≤ 15.1.1 on Windows · CVSS 7.0 (High).
GPAC / MP4Box
- CVE-2020-24829 — Heap buffer overflow (CWE-787) in
gf_m2ts_section_complete(media_tools/mpegts.c); a crafted MP4 crashes MP4Box. GPAC 0.5.2–0.8.0 · CVSS 5.5 (Medium). - CVE-2020-22352 — NULL-pointer dereference (CWE-476) in
gf_dash_segmenter_probe_input; a crafted file to MP4Box triggers a DoS. GPAC 0.8 · CVSS 5.5 (Medium).