How fuzzing F3D’s 3D file parser with a dictionary-based libFuzzer harness found four memory corruption vulnerabilities in VTK’s GLTF document loader - two use-after-frees, a heap buffer overflow, and a buffer overread.

How a TOCTOU race condition in KDE’s kio-admin plugin verification lets local attackers escalate privileges through Dolphin’s administrator mode - with a ~4% hit rate per attempt.

How a 6-character verification code with a disabled rate limit turned django-allauth’s email verification into a bruteforce target - the only High finding in a Radically Open Security code audit.