Olivia
Online
003random
@rub003
Working on fast, accurate and auditable CVE enrichment at Volerion.
The Netherlands
Joined February 2012
323 Following
2.5K Followers
825 Posts
Pinned Tweet
The $15,000 secret of viewing posts from private Instagram accounts.
https://t.co/VsWiZQUjHj
#bugbounty #bugbountytips #writeup
@HunterMapping Sending the HTTP request requires administrative privileges. The public vector (for that 9.9 score) defines PR:L which is incorrect.
@spaceraccoonsec ~ Written by someone who had a Mr Robot profile picture for the last decade 😂. Great show. It for sure had an influence on me.
@spaceraccoonsec It influenced people?
@foilmanhacks @mqst_ @OSINTindustries @lol_archiver @epieos I'm an *ethical* hacker 😉. Nonetheless, this bug was found during an event.
This bug was buried so deep. You had to use a mobile user agent to reach the code path. Then block the victim account. And then request one of their posts via the oEmbed endpoint. This would trigger a try catch condition where super user privileges were used to fetch the post.
1️⃣ How I Exposed Instagram's Private Posts by Blocking Users
@rub003 won 3rd place at BountyCon 2022 by chaining Instagram oEmbed endpoint quirks with mobile user agent detection to access private posts (earning him $14,500 in bounties).
https://t.co/xBlePPez87
@AmitaiCo Oh interesting! What do you mean with 'overall score'?
@FFmpeg @MITREcorp @MITREattack @VolerionSec's algorithm looks better, 0.6 impact seems more correct.
https://t.co/RMWWc02T9Q
@FFmpeg @__noided @MITREcorp @MITREattack @VolerionSec We try to capture a more appropriate severity via our (@VolerionSec) risk scoring algorithm. We would love to have your input on what you think matters when it comes to vulnerability severity, so that we can give this CVE a more appropriate score than CVSS does.
@FFmpeg @__noided @MITREcorp @MITREattack @VolerionSec Completely agree. 6.9 (in CVSSv4) is way too high for this vulnerability. But the score is correct according to the CVSS specification. And thats what @VolerionSec is doing. Provide an auditable and reliable solution to CVE enrichment so every record gets timely & accurate data.
@zoomeye_team The vendor (Grafana) signals CVSS 10.0, however, my CVSS conclusion landed at a 6.5 (v3.1) / 8.5 (v4.0): https://t.co/xiTnXbWRe9. with PR:H, S:U (SCIM token needed, impact stays in Grafana). Curious to hear your opinion on their CVSS 10.0!
🦾💼 #DEFCON33 may feel like a “hacker holiday,” but the CVE conveyor belt never stops.
Out of the 249 newly published CVEs, the highest EPSS in the set is 0.09475 — CVE-2025-47188 — with a CRITICAL CVSS score.
Volerion gives it a contextual risk score of 3.6/10, factoring in real-world usage and internet exposure of the affected products.
The ecosystem doesn’t take time off — and neither does Volerion’s AI-driven analysis, turning raw CVEs into actionable, prioritized risk.
#DEFCON #CVE
CVE-2025-54576 is quite cool. It's so easy to make your web app vulnerable to this. You would expect `skip_auth_routes` to match routes only, but meanwhile it was comparing against `GetRequestURI`. Fixed in v7.11.0 by comparing against `GetRequestPath`.
👉https://t.co/C5LfDUB7L4
@RepoFlex Someone decided that it's best to just squeeze everything into the description 😮💨.
😂The award for best NVD CVE description goes to...
.@VolerionSec writes consistent length summaries. For example, the one from above: https://t.co/gTa3k8Ie97
"in various models" is so much better than listing all 50 vulnerable versions in the description. We have a products tab for the actual affected products and versions.
The largest description award goes to https://t.co/hn9bjMc4vF, but https://t.co/o1w8BCBLLC is quite funny too. Who actually reads these?
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers