Hi I’m Mehmet Ince

Latests Blog Posts

View all posts

Disclosed Vulnerabilities

I’ve been in the vulnerability research field since 2004. Over the years, I’ve discovered and responsibly disclosed more than 300 vulnerabilities across a wide range of products and vendors. At this point, it’s almost impossible to keep track of all the CVE numbers I’ve accumulated — but I keep a personal index here.

Latest disclosed CVEs:

Heimdall DB CVE-2025-12486 | Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability
Tiki CVE-2025-34111 | Tiki Wiki <= 15.1 ELFinder Unauthenticated File Upload RCE
CryptoLog CVE-2025-34102 | CryptoLog Unauthenticated RCE via SQL Injection and Command Injection
Posthog CVE-2025-1522 | PostHog database_schema Server-Side Request Forgery Information Disclosure
Posthog CVE-2025-1520 | PostHog ClickHouse Table Functions SQL Injection Remote Code Execution
View all Disclosed CVEs →

Experience

PRODAFT

Chief Technology Officer
Jan 2021 – Present

VP, Threat Intelligence Products & Engineering
Jan 2018 – Jan 2021 · 3 yrs

Head of Offensive Security
Jan 2016 – Jan 2018 · 2 yrs

Principal Security Engineer & Platform Architect (Threat Intelligence)
Jan 2013 – Jan 2015 · 2 yrs

Lead Vulnerability Researcher & Security Software Engineer
Jan 2012 – Jan 2015 · 3 yrs

Co-Founder of PRODAFT
Jan 2012 – Present

SONY

Senior Vulnerability Researcher
Jan 2015 – Jan 2016

Private Security Consultant

Linux and System Security Consultant
Jan 2010 – Jan 2012 · 3 yrs

Independent Vulnerability Researcher

Discovered more than 300 vulnerabilities across a wide range of products and vendors.
Jan 2008 – Present

Talks

  • TEDx | The Risk Brought by the Digital World: Cyber ​​Attacks
  • TEDx | You Pressed Enter, Now You Can Sleep
  • Github | Best way to RCE: Command Injection
  • DEFCON AppSec Village | A Heaven for Hackers: Breaking Web Security
  • NahamCon | A Heaven for Hackers: Breaking Web Security Virtual Appliance
  • Hacktivity Breaking Log & SIEM Products