Hello friend!
My name is João Marono, but I’m also known as r0n0. I hope you enjoy my research!
Vulnerabilities Found
- Telecom company in Portugal: Bypassing a captcha to get valid phone numbers for the platform.(#Bug Bounty)
- Apache Superset: CVE-2025-27696 - Vulnerability in import function allows for a low privileged user to get ownership of resources.
- Flask App Builder: CVE-2025-32962 - open redirect vulnerability using HTTP host injection
Event Wins
- CTF Bsides Lisbon 2024(team pwn_of_b4c4lh4u)
