bryamzxz

Independent security research · Bogotá

bryamzxz.

Independent security research and coordinated disclosure out of Bogotá. Coverage: coordinated CVEs in open-source software, bug-bounty work against Colombian state infrastructure, and mobile-spyware forensics with civic partners.

All findings on this site were produced by source-first review and reproduced in isolated labs. Methodology and per-finding audit trails are documented in each post.

1 disclosure on recordSince 2026bryamestebanvargas@gmail.com

Disclosures

most recent first
  1. 001

    Dolibarr dol_eval(): Five Years of Partial Patches

    Three high-severity vulnerabilities in Dolibarr ERP/CRM — a dol_eval() PHP code injection (CWE-94), an OS command execution via call_user_func_array() in cron (CWE-78), and a passively-triggered eval-injection PHP code execution (CWE-95)...

    CVE-2026-37711CVE-2026-37712CVE-2026-37713CVSS 9.1