Hi I’m Mehmet Ince

Latests Blog Posts

View all posts

Disclosed Vulnerabilities

I’ve been in the vulnerability research field since 2004. Over the years, I’ve discovered and responsibly disclosed more than 300 vulnerabilities across a wide range of products and vendors. At this point, it’s almost impossible to keep track of all the CVE numbers I’ve accumulated — but I keep a personal index here.

Latest disclosed CVEs:

prompts.chat CVE-2026-22665 | Identity Confusion via Case-Sensitive Username Handling
prompts.chat CVE-2026-22664 | SSRF via Fal.ai Media Status Polling
prompts.chat CVE-2026-22663 | Authorization Bypass Information Disclosure
prompts.chat CVE-2026-22662 | Blind SSRF via media-generate
prompts.chat CVE-2026-22661 | Path Traversal via Skill File Handling
View all Disclosed CVEs →

Experience

PRODAFT

Chief Technology Officer
Jan 2021 – Present

VP, Threat Intelligence Products & Engineering
Jan 2018 – Jan 2021 · 3 yrs

Head of Offensive Security
Jan 2016 – Jan 2018 · 2 yrs

Principal Security Engineer & Platform Architect (Threat Intelligence)
Jan 2013 – Jan 2015 · 2 yrs

Lead Vulnerability Researcher & Security Software Engineer
Jan 2012 – Jan 2015 · 3 yrs

Co-Founder of PRODAFT
Jan 2012 – Present

SONY

Senior Vulnerability Researcher
Jan 2015 – Jan 2016

Private Security Consultant

Linux and System Security Consultant
Jan 2010 – Jan 2012 · 3 yrs

Independent Vulnerability Researcher

Discovered more than 300 vulnerabilities across a wide range of products and vendors.
Jan 2008 – Present

Talks

  • TEDx | The Risk Brought by the Digital World: Cyber ​​Attacks
  • TEDx | You Pressed Enter, Now You Can Sleep
  • Github | Best way to RCE: Command Injection
  • DEFCON AppSec Village | A Heaven for Hackers: Breaking Web Security
  • NahamCon | A Heaven for Hackers: Breaking Web Security Virtual Appliance
  • Hacktivity Breaking Log & SIEM Products