Sprint naar content
Report a Vulnerability to Fontys (Responsible Disclosure / CVD)

Fontys Wall of Fame - CVD

Acknowledgements to all reporters acting in accordance with our Coordinated Vulnerability Disclosure (CVD) policy

Fontys is grateful to the following researchers who have responsibly disclosed vulnerabilities on systems and services used at our institute.

2026

  • Miguel Almeida Antune (-) 06-01-2026 - Application vulnerability

2025

  • Takshal Patel (-) 13-01-2025 - Information disclosure
  • Krrish Bajaj (-) 10-02-2025 - Social media username takeover vulnerability
  • Herry Poter herrypoter8866 (-) -17-02-2025 - Javascript
  • Naksh Raja (-) 14-04-2025 - Mismatched SSL Certificate
  • Naksh (-) 01-07-2025 - SSL Certificate - hostname
  • lolzpro766 (-) 27-10-2025 - SSH key

2024

  • Eelke Sneijders (Linkedin) 13-03-2024 - Information disclosure
  • Jasper Brouwer (LinkedIn??) 26-06-2024 - Missing App Service
  • root herrypoter8866 (LinkedIn??) 27-08-2024 - cors-misconfig
  • Kaloyan Andreev (LinkedIn??) 21-10-2024 - Disclosure information
  • Manas Harsh (-) 06-12-2024 - Exposure user data

2023

  • Matthijs Broeders (-) 17-03-2023 - Unauthorised access to url
  • Abhishrey Gupta (-) 27-03-2023 - Reflected XSS
  • Oussama Kasmi (-) 03-07-2023 - Reflected XSS
  • Rick Verdoes (-) 03-07-2023 - XSS
  • johnk3r (-) 05-07-2023 - XSS
  • KandarpDave (-) 17-07-2023 - Disclosure API key / admin panel
  • Asif Nawaz Minhas (LinkedIn) 16-11-2023 - Reflected XSS
  • Ruben Meeuwissen (LinkedIn) 21-12-2023 - Reflected XSS

2022

  • Sohaib (-) 12-01-2022 - Missing headers
  • Ivan Rimbow (-) 05-07-2022 - Access AD
  • Siebren Kraak (-) 12-12-2022 - Accounts not deleted

2021

  • Maarten Dekker (-) 12-01-2021 - Email spoofing
  • Robin van den Hurk (-) 16-04-2021 - Kwetsbaarheid FHICT systeem
  • Harinder Singh (-) 11-06-2021 - Open metrics information
  • Siddharth Mittal (-) 26-07-2021 - Disclosure information
  • Anas Sohail (-) 18-11-2021 - Broken link Hijacking

2020

  • Imran (-) 17-01-2020 - Same-Site Scripting
  • Gulhameed (-) 14-02-2020 - Same- Site Scripting
  • Ankita Jagadish Pawar (-) 04-03-2020 - XSS
  • Aamir Khan (-) 01-04-2020 - XSS
  • Pritam Mukherjee ( LinkedIn) 14-04-2020 - iFrame injection & XSS
  • Anurag Muley (-) 16-04-2020 - Email Spoofing
  • Robert Aaron (-) 23-04-2020 - Clickjacking
  • Ritik Chaddha (-) 04-05-2020 - XSS
  • Siddhesh Tungatkar (-) 06-05-2020 - Broken link Hijacking
  • Priyanka Bamne (-) 08-05-2020 - Disclosing details
  • Jaydeep Nasit (-) 20-05-2020 - XSS+html injection
  • Cheryl Maise Lobo (-) 25-05-2020 - API-key disclosure
  • Ayush Badheka (-) 19-06-2020 - Active mixed content
  • Rikesh Baniya (-) 13-07-2020 - XSS+html injection
  • Gawa Sharks (-) 14-07-2020 - Broken link Hijacking
  • Muhammad Julfikar Hyder (-) 07-08-2020 - Missing DNS / SPF
  • Saiful Islam (-) 10-08-2020 - Broken Authentication (token not expired)
  • Oussama (-) 10-08-2020 - Unauthenticated file read/deletion
  • Pranav Bhandari (-) 10-09-2020 - Path Traversal Vulnerability
  • Abdullah Al Mamun (-) 21-9-2020 - Disclosure data

2019

  • Ratnadip Gajbhiye (-) 10-01-2019 - Web Server Version Disclosure
  • Virendra Yadav (-) 06-03-2019 - Email Spoofing
  • Mohsin Ali (-) 08-03-2019 - Tabnabbing
  • Pethuraj M (-) 08-03-2019 - XSS
  • Ruben van Vreeland (-) 08-03-2019 - SQL injection
  • Gaurav Kumar (-) 11-03-2019 - Disclosing details
  • Kirtikumar Anandrao Ramchandani (-) 11-03-2019 - Preload HSTS
  • Chetan Tiwari (-) 11-03-2019 - Disclose information
  • Maham Farizul (-) 25-03-2019 - Prevent misissuance of a certificate
  • KhizarUl Haq (-) 14-04-2019 - SPF
  • Vasantha Kumar SP (-) 04-06-2019 - HTTP connections
  • Deep Yadav (-) 19-06-2019 - Disclosure information
  • Asif Hossain (-) 25-10-2019 - Same-Site Scripting
  • Ayan Saha (-) 12-12-2019 - Same-Site Scripting

2018

  • Kasper Karlsson (-) 20-03-2018 - One event page vulnerable for XSS
  • Navdeep Singh (-) 13-04-2018 25-09-2018 - XSS
  • Dhruv Mankad (-) 05-06-2018 - URL Obfuscation
  • Mohammed Israil (-) 25-06-2028 - Email Spoofing
  • Pal Patel (-) 27-06-2018 - Missing heading setting
  • Ninad Mathpati (-) 29-6-2018 - Clickjacking
  • Anil Vaghasiya (-) 02-07-2018 - Email Spoofing
  • Bijan Murmu (-) 23-07-2018 - Content-spoofing
  • Yassine Nafiai (-) 10-08-2018 - Email Spoofing
  • Mohammed Adam (-) 28-08-2018 - Clickjacking
  • Virendra Tiwari (-) 29-08-2018 - Clickjacking
  • Siddhant Vyas (-) 29-08-2018 - Clickjacking & Lenient SPF filtering
  • Pal Patel (-) 14-09-2018 - Missing heading setting
  • Hritik Sharma (-) 25-09-2018 - Clickjacking
  • Sahil Mehra (-) 27-09-2018 - Clickjacking
  • Shankar Acharya (-) 01-10-2018 - DNS misconfiguration & Configuration file disclosure
  • Vyshnav Nk (-) 03-10-2018 - Host header injection/redirection
  • Youssef Abyaa (-) 04-10-2018 - Reflected XSS