I'm Kai Aizen — independent security researcher focused on adversarial AI, LLM red teaming, and the intersection of social engineering and prompt injection. I build frameworks and tooling for structured AI safety testing.
Creator of AATMF · Author of Adversarial Minds · 22 CVEs · Linux kernel contributor · Hakin9 Contributing Author
| # | CVE | Target | Type | CVSS |
|---|---|---|---|---|
| 1 | CVE-2026-3596 | Riaxe Product Customizer (WP) | Missing Authorization → Unauthenticated Arbitrary Options Update → Privilege Escalation via install-imprint AJAX action | 9.8 |
| # | CVE | Target | Type | CVSS |
|---|---|---|---|---|
| 2 | CVE-2026-3288 | Kubernetes ingress-nginx | Config Injection → RCE | 8.8 |
| 3 | CVE-2026-1313 | MimeTypes Link Icons (WP) | SSRF via crafted post content | 8.3 |
| 4 | CVE-2026-30911 | Apache Airflow Core | Missing Authorization — HITL Endpoints (v3.1.0–3.1.7) | 8.1 |
| 5 | CVE-2026-31899 | CairoSVG | Exponential DoS — recursive <use> amplification |
7.5 |
| 6 | CVE-2026-3599 | Riaxe Product Customizer (WP) | Unauthenticated SQL Injection via options parameter keys in product-data | 7.5 |
| 7 | CVE-2026-32809 | ouch-org/ouch | Symlink escape → arbitrary file overwrite | 7.4 |
| 8 | (pending) | TelSender (WP) | Unauthenticated Stored XSS via Telegram Chat Title | 7.2 |
| # | CVE | Target | Type | CVSS |
|---|---|---|---|---|
| 9 | CVE-2025-9776 | CatFolders (WP) | SQL Injection via CSV Import | 6.5 |
| 10 | CVE-2026-33693 | Lemmy / activitypub-federation-rust | SSRF — 0.0.0.0 bypass | 6.5 |
| 11 | CVE-2026-32885 | ddev/ddev | ZipSlip path traversal in archive extraction | 6.5 |
| 12 | CVE-2025-12163 | Omnipress (WP) | Stored XSS | 6.4 |
| 13 | CVE-2026-0811 | Advanced CF7 DB (WP) | CSRF → Form Entry Deletion | 5.4 |
| 14 | CVE-2026-1314 | 3D FlipBook (WP) | Missing Auth → Data Exposure | 5.3 |
| 15 | CVE-2026-3594 | Riaxe Product Customizer (WP) | Unauthenticated Info Disclosure via /orders | 5.3 |
| 16 | CVE-2026-3595 | Riaxe Product Customizer (WP) | Unauthenticated Arbitrary User Deletion via user_id parameter | 5.3 |
| 17 | CVE-2025-11171 | Chartify (WP) | Missing Authentication for Admin Function | 5.3 |
| 18 | CVE-2025-11174 | Document Library Lite (WP) | Missing Auth → Info Disclosure | 5.3 |
| 19 | CVE-2026-32794 | Apache Airflow Databricks Provider | TLS Certificate Verification Bypass → MitM | 4.8 |
| 20 | CVE-2026-0814 | Advanced CF7 DB (WP) | Missing Auth → Subscriber+ Export | 4.3 |
| 21 | CVE-2025-12030 | ACF to REST API (WP) | IDOR → Contributor+ Field Modification | 4.3 |
| 22 | CVE-2026-1208 | Welcart (WP) | CSRF → Settings Update | 4.3 |
| Advisory | Target | Type | Severity |
|---|---|---|---|
| GHSA-j425-whc4-4jgc | OpenClaw (309k ⭐) | system.run env override RCE — allowlist bypass via GIT_SSH_COMMAND, editor hooks, GIT_CONFIG_* | Medium (6.3) |
| GHSA-9jmq-9m65-3fhx | dagster-io/dagster | Arbitrary code exec via pickle deserialization in IO managers + Databricks | — |
| GHSA-pph4-qh43-9qm6 | vllm-project/vllm | RCE via unauthenticated TCPStore Pickle deserialization (V1 Engine) | — |
| GHSA-gwmc-ch8w-qhx5 | vllm-project/vllm | RCE via TCPStore Pickle deserialization (StatelessProcessGroup) | — |
| GHSA-c64x-w74w-4h53 | FlowiseAI/Flowise | Unauthenticated code exec via prediction API auth whitelist bypass | — |
| GHSA-9vqm-j6v3-2xr4 | juspay/hyperswitch | SSRF via merchant webhook URL | — |
| GHSA-f38f-5xpm-9r7c | CairoSVG | Exponential DoS — recursive <use> element amplification |
High (7.5) |
| Finding | Component | Type | Status |
|---|---|---|---|
| io_uring/zcrx Race Condition | Linux kernel io_uring/zcrx |
Race Condition → Double-Free → OOB Write | ✅ Upstream, backported to v6.18.16 + v6.19 |
| PR | Target | Type | Status |
|---|---|---|---|
| concourse/concourse#9486 | Concourse CI | Symlink breakout — unvalidated symlink targets in tar extraction | ✅ Merged, shipped in v8.1.1 |
| Project | Description | |
|---|---|---|
| AATMF v3.1 | Adversarial AI Threat Modeling Framework — 20 tactics, ~240 techniques. Maps to OWASP LLM Top-10, NIST AI RMF, MITRE ATLAS. |  |
| AATMF Red Teaming Toolkit | Python CLI for systematic LLM safety testing — three-layer eval pipeline, defense fingerprinting, decay tracking, attack chain planning. |  |
| LLM Red Teamer's Playbook | Diagnostic methodology for bypassing LLM defense layers — input filters → alignment → identity → output → agentic trust. |
| Project | Description |
|---|---|
| ChatGPT-DNS-Exfill | DNS exfiltration via ChatGPT Canvas — rendered content triggers DNS lookups without HTTP requests. |
| chatgpt-rce-dns | DNS exfiltration and Python Pickle RCE attack chains in AI code execution sandboxes. |
| Tool | Description |
|---|---|
| Burp MCP Toolkit | MCP security analysis for Burp Suite — prompt injection and tool poisoning testing via Model Context Protocol. |
| SnailHunter | AI-powered bug bounty automation — LLM analysis combined with traditional security scanning. |
| KubeRoast | Red-team Kubernetes misconfiguration and attack-path scanner. |
| Xposure | Autonomous credential intelligence platform for attack surface recon. |
| SnailSploit Recon | Chrome MV3 extension for passive recon and bug bounty automation. |
| ZenFlood | Low-bandwidth stress testing — modernized Slowloris. |
| Claude-Red | Curated offensive security skills library for the Claude skills system. |
| SnailObfuscator | Structurally-aware code obfuscation engine. |
