Léo Grambert

Software Developer & Security Researcher

France

Software Developer with 8 years of experience. Currently exploring cybersecurity through vulnerability research, CTF competitions, and open-source security tools.

01 // Project_Registry

Open-source security tools, vulnerability research, and software engineering projects.

Loading contributions...

Less

Featured

oss-oopssec-store

The first security CTF lab built with React and Next.js. Open you browser and start hacking.

12 28 2.6k 17.6k

Repository Website

Featured

cyber-bot

Threat intelligence platform: RSS aggregation, NVD CVE tracking, ENISA EUVD, databreaches, ...

3 1 175.3k 591

Repository Website

Featured

hate-crimes-map

This project aims to visualize hate crime data to bring visibility to crimes that are often invisible or normalized by society.

3 43 33

Repository Website

Featured

crack-hash

A fast, multi-threaded hash cracking tool written in Rust. This tool performs dictionary attacks against hashed passwords.

2 29 13

Repository

02 // CVE_Discoveries

Vulnerabilities identified through independent security research and responsible disclosure.

CVE-2026-32255

Published: MAR_19_2026

High_8.6

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch() server-side, and returns the full response body. An unauthenticated attacker can use this to make HTTP requests from the server to internal services, cloud metadata endpoints, or private network resources. This issue has been fixed in version 0.5.5. To workaround this issue, block or restrict access to /api/download/attatchment at the reverse proxy level (nginx, Cloudflare, etc.).

github.com github.com github.com

03 // Proof_of_Concepts

Published exploit proof-of-concept repositories.

CVE-2026-32255

This repository contains a proof of concept (POC) for CVE-2026-32255, a high-severity Server-Side Request Forgery (SSRF) vulnerability in Kan, an open-source project management tool.

2 711 views

CVE-2025-55182

This repository contains a POC of CVE-2025-55182, a critical (CVSS score 10.0) pre-authentication remote code execution vulnerability affecting React Server Components, also known as React2Shell.

12 3 forks 3.5k views

CVE-2025-29927

This repository contains a POC and an exploit script for CVE-2025-29927, a critical vulnerability in Next.js that allows attackers to bypass authorization checks implemented in middleware.

6 3 forks 1.1k views

04 // OSS_Contributions

Open source projects I've contributed to.

42.5k

usebruno/ bruno

Opensource IDE For Exploring and Testing API's (lightweight alternative to Postman/Insomnia)

JavaScript MIT 2.3k

6.8k

infoslack/ awesome-web-hacking

A list of web application security

MIT 1.3k

4.6k

kanbn/ kan

The open source Trello alternative.

TypeScript AGPL-3.0 301

1.3k

OWASP/ www-community

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

HTML 824

OWASP/ www-project-vulnerable-web-applications-directory

The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

HTML CC-BY-SA-4.0 45

05 // Publications

Articles, writeups, TryHackMe rooms, and content published elsewhere.

MCP Tool Poisoning

MCP Tool Poisoning is an indirect prompt injection attack targeting AI agents that connect to external tool servers via the Model Context Protocol (MCP).

Article OWASP 2026-03-26

06 // Technical_Stack

Programming Languages

JavaScript TypeScript Python PHP Ruby

Web Frameworks

React Next.js Node.js FastAPI Ruby on Rails Symfony Hapi.js

Security

Vulnerability Research CVE Analysis CTF Challenges Web Application Security

DevOps & Tools

Git CI/CD Docker Linux Shell Scripting

07 // Certificate_Archive

Training courses and online certifications.

118 certificates indexed

Analyze and manage IT risks Mar 2026
Everything You Need to Know About Computer Networks in Just a Few Hours Feb 2026
Secure your Data with Cryptography Feb 2026
Raise Cybersecurity Awareness Effectively Feb 2026
Secure your Network with VPNs and Firewalls Feb 2026
Conduct Your Cybersecurity Monitoring Feb 2026
Discover the Basics of Digital Security Feb 2026
Discover the World of Cybersecurity Feb 2026
Try Hack Me - Advent of Cyber 2025 Dec 2025
Try Hack Me - Security Engineer Sep 2025
Try Hack Me - Web Fundamentals Feb 2025
Try Hack Me - Jr Penetration Tester Jan 2025
Try Hack Me - Advent of Cyber 2024 Dec 2024
Try Hack Me - Complete Beginner Nov 2024
Try Hack Me - Cyber Security 101 Nov 2024
Try Hack Me - Introduction to Cyber Security Sep 2024
Try Hack Me - Pre Security Aug 2024
Ethical Hacking: Social Engineering Aug 2024
OWASP Top 10 Nov 2023
Security for Developers Nov 2023
Ethical Hacking: the Complete Course Oct 2023
Use ChatGPT to improve your productivity May 2023
Ethereum and Solidity: The Complete Developer's Guide Mar 2023
Discover the world of Information Systems Sep 2022
Get started with Linux Jul 2022
Simulate network architectures with GNS3 May 2022
Design your TCP/IP network May 2022
Draw up a functional specification Apr 2022
Design a clickable interface Apr 2022
Set up your front-end environment Apr 2022
Discover the jobs of developer Apr 2022
Develop your soft skills Apr 2022
Use the Redux state manager to manage the state of your applications Apr 2022
Use design patterns in JavaScript Apr 2022
Learn how to use the command line in a terminal Apr 2022
Manage code with Git and GitHub Mar 2022
Create a complete React application Mar 2022
Get started with React Jan 2022
Manage your time efficiently Jan 2022
Create responsive websites with Bootstrap 4 Dec 2021
Create modern CSS animations Dec 2021
Code an accessible website with HTML & CSS Nov 2021
Test your Front End applications with JavaScript Nov 2021
Debug your website interface Oct 2021
Write the technical documentation for your project Oct 2021
Test the interface of your site Oct 2021
Create a web application with Vue.js Oct 2021
Adopt REST APIs for your web projects Sep 2021
Go full stack with Node.js, Express and MongoDB Aug 2021
Write JavaScript for the web Jul 2021
Design accessible web content Jul 2021
Learn to program with JavaScript Jul 2021
Simplify CSS with Sass Jun 2021
Increase your traffic with natural referencing (SEO) Jun 2021
Optimize the referencing of your site (SEO) by improving its technical performance Jun 2021
Secure your web applications with OWASP May 2021
Learn to learn Feb 2021
The stages of the Mentor's life Feb 2021
Learn about Python for data analysis Apr 2020
Ultra-fast applications with Node.js Feb 2020
Perfect your agile project management Feb 2019
Understanding Bitcoin and the Blockchain Feb 2019
Discover the cloud with Amazon Web Services Feb 2019
Manage your project with a Scrum team Feb 2019
Continue with Ruby on Rails Jan 2019
Set up an information monitoring system Jan 2019
Learn about agile project management Oct 2018
Get started with Ruby on Rails Oct 2018
Discover the agility posture Oct 2018
Put the UX approach into practice Sep 2018
Discover the world of cybersecurity_0 Sep 2018
Start programming with Ruby Aug 2018
React and Redux in practice Jun 2018
Really understand Javascript May 2018
Build a web application with React.js Apr 2018
UX design: discover the basics! Jan 2018
Learn about Design Thinking Jan 2018
Speak in public Dec 2017
Make a database with UML Nov 2017
Use REST APIs in your web projects Oct 2017
Manage your IT project easily! Sep 2017
Start software analysis with UML Sep 2017
Improve your skills in Python Aug 2017
Discover how the algorithms work Aug 2017
Discover object-oriented programming with Python Aug 2017
Animate a Twitter community Aug 2017
Start your project with Python Jul 2017
Launch your freelance activity Jun 2017
Succeed in your emailing campaign with MailChimp May 2017
Digital Marketing Fundamentals (Digital Active) Mar 2017
Develop your website with the Symfony framework Dec 2016
Manage and pilot a multimedia project Nov 2016
Organize your multimedia project Nov 2016
Draw up the specifications for a digital project Oct 2016
Simplify your JavaScript development with jQuery Sep 2016
Introduction to jQuery Aug 2016
Big Data: Intelligence, Products and Markets in the Age of Big Analytics Jul 2016
Become an auto-entrepreneur Jul 2016
Build modern and beautiful websites with WordPress Jun 2016
Create your professional website with WordPress Jun 2016
Create interactive web pages with JavaScript Jun 2016
Manage your databases with MySQL Jun 2016
Big Data is transforming my life and the lives of businesses Jun 2016
Learn how to frame a multimedia project May 2016
Create your first website with WordPress Apr 2016
Design your website with PHP and MySQL Apr 2016
Understanding Big Data through movies Mar 2016
Discover the basics of project management Mar 2016
Learn how to surf the Internet safely Mar 2016
Control the use of your personal data Mar 2016
Take back control with Linux! Mar 2016
Web Integrator Mar 2016
Get started with Bootstrap Mar 2016
Manage your code with Git and GitHub Mar 2016
Discover CMS solutions Feb 2016
Learn to code with JavaScript Feb 2016
Understanding the Web Feb 2016
Learn how to create your website with HTML5 and CSS3 Feb 2016