Sneh Bavarva
WHOAMI

I build security automation, offensive tooling, and practical cloud defense workflows.

I’ll graduate from University of Maryland, College Park in May 2026, completing my Master’s in Cybersecurity and a Graduate Certificate in Cloud Engineering.

I’m looking for full-time Security Engineering, IR/SOC, or AppSec roles, and I’m open to relocating.

My work focuses on building and automating security systems, especially around log analysis, threat modeling, incident triage, and AI-assisted security workflows.

I also write technical blogs, contribute to open-source security tools, and build projects that simulate real-world attacks and defensive response.

View Projects → Get in Touch →
11 CVEs AI x AppSec x Cloud x D&R
OSCP OSCP CRTO CRTO BSCP BSCP GSEC GSEC CDSA CDSA AWS SAA AWS SAA 0day.digest live 4 Featured Projects Latest Technical Blogs CloudSentinel SOAR + EDR Open to Security Engineering roles

Featured Projects

SOAR EDR Emulation

Emulating adversary techniques and automating D&R with LimaCharlie, Tines and Slack

Automation LimaCharlie Tines
Learn More →

burplabs

Automated python package for portswigger labs

Python burplabs Portswigger
Learn More →

CloudSentinel

AI-powered AWS security scanner that chains misconfigurations into attack paths

AWS AI Attack Paths
Learn More →

0day.digest

Automated threat-intelligence feed with review-gated AI publishing workflow

Threat Intel Python GitHub Actions
Learn More →
View All Projects →

CVEs

CVE-2026-47140 Critical 10.0

vm2 — NodeVM denylist bypass via process + inspector/promises → host RCE. Refs: heise.de, securityonline.

CVE-2026-47407 Critical 9.4

PraisonAI Platform — cross-workspace IDOR + members can self-promote to admin/owner via unprotected member-management routes.

CVE-2026-47394 High 8.7

PraisonAI — unauthenticated arbitrary file read via MCP workflow.show / workflow.validate / deploy.validate handlers.

CVE-2026-47139 High 8.6

vm2 — NodeVM network deny bypass via internal _http_client / _http_server escapes the network policy.

CVE-2026-33220 Medium 6.8

Weblate — JS localization CDN add-on allows arbitrary local file read outside the repository.

CVE-2025-46203 Medium 6.5

Unifiedtransform v2.0 — broken access control on /students/edit/{id} lets students/teachers modify any student record.

CVE-2025-46204 Medium 6.5

Unifiedtransform v2.0 — broken access control on /course/edit/{id} lets any user modify course data.

CVE-2026-33440 Medium 5.0

Weblate — authenticated SSRF via redirect bypass of ALLOWED_ASSET_DOMAINS in screenshot URL uploads.

CVE-2026-33171 Medium 4.3

Statamic — authenticated LFI in file dictionary fieldtype reads arbitrary .json/.yaml/.csv from server.

CVE-2026-47141 Medium

vm2 — NodeVM observability builtins leak host process metadata and in-flight HTTP request data.

CVE-2026-33624 Low 2.1

Parse Server — MFA recovery code single-use bypass via concurrent login requests.

Honors & Involvement

Black Hat 2025 Scholarship winner / 1 of 8 global recipients fwd:cloudsec 2025 Cloud security scholarship winner Anthropic x UMD Claude Builder Club Hackathon judge / Apr. 2026 Amazon x HackerOne CTF Top 3 placement / Oct. 2025 HTB Season 8 Global Rank 144 / Jun.-Aug. 2025 Other CTF Placements Boot-up Top 50 / Smiley Top 70 / Break The Syntax Top 40 / BSidesSF Top 5 / FTF Top 5%

Certifications

Qualys VMDR
Qualys VMDR & CSAM
May 2026
GSEC
GSEC
April 2026
CRTO
CRTO
March 2026
GFACT
GFACT
Feb 2026
BSCP
BSCP
July 2025
AWS
SAA
April 2025
CDSA
CDSA
March 2025
OSCP
OSCP
July 2024
Google
Google Cert
Sept 2023
eJPT
eJPTv2
May 2023
CEH
CEH
Feb 2023

Publications

Original Research
Enhancing OSINT Practices with Eye-Sint: A Multi-Module Intelligence Tool October 2023
SQLI Attack: An Approach using ML and Hybrid Techniques September 2023

Latest from Medium

View Medium Blogs → View New Blogs →