LAST UPDATED: JANUARY 2026
Responsible Disclosure Hall of Fame
Responsible Disclosure Hall of Fame
At Pescheck, we deeply value the contributions of ethical hackers and security researchers who help us improve the safety and reliability of our platform.
The individuals listed below have responsibly disclosed vulnerabilities to us and helped make Pescheck safer for everyone. We appreciate their time, effort, and dedication.
Want to report a vulnerability?
Please read our Responsible Disclosure Policy and follow the steps outlined there.
⭐ Honored Researchers
Sheldon Angelo Menezes
LinkedIn: Sheldon Angelo Menezes
- Unauthenticated User Enumeration in SSO Detection Endpoint
Haris Ragavendra
LinkedIn: Haris Ragavendra
- Application-level resource exhaustion via unrestricted input on support endpoint.
Delbert Giovanni
LinkedIn: Delbert Giovanni
- Stored Cross-Site Scripting (XSS) via unsanitized Email field.
Naguru Babji
LinkedIn: Naguru Babji
- Lack of rate limiting on password reset endpoint leading to email flooding.
Ritanshu Sharma
LinkedIn: Ritanshu Sharma
- Improper Invitation Validation Enables Unauthorized Users to Join Any Organisation
Team-DisclosureX Cybrgen
LinkedIn: Cybrgen Limited
- Rate Limit Bypass via Race Condition — Mass Webhook Creation
Yadnesh Chavhan
LinkedIn: Yadnesh Chavhan
- Password change did not terminate existing sessions.
Pathan Aslam
LinkedIn: Pathan Aslam
- No rate limiting / brute-force protection on login endpoint.
Biswajeet Ray
LinkedIn: Biswajeet Ray
- PHP Info Disclosure — Sensitive PHP Configuration Exposed on mail.pescheck.io
Pushpraj Patil
LinkedIn: Pushpraj Patil
- Race Condition — Multiple Organizations Creation with Same Details Leads to Restriction Bypass
Rajvinder Singh Pawar
LinkedIn: Rajvinder Singh Pawar
- Race Condition in Email Addition Functionality
Sanjay Jogi
LinkedIn: Sanjay Jogi
- Rate limiting observation on resend verification endpoint
Naitik Gupta
LinkedIn: Naitik Gupta
- Unsanitized org name allowed attacker-controlled clickable URLs
- Rate limiting bypass on email invitations via case-variant addresses
Akshay Shelke
LinkedIn: Akshay Shelke
- Lack of password confirmation when disabling Two-Factor Authentication
Naeem P
LinkedIn: Naeem P
- Improper server-side validation of Terms & Conditions acceptance across multiple endpoints
4osp3l
X (Twitter): @4osp3l
- Arbitrary HTML injection in webhook functionality allowing HTML/JS execution
Harshvardhan Kumavat
LinkedIn: Harshvardhan Kumavat
- Authentication bypass via unverified secondary email
Michał Biesiada
LinkedIn: Michał Biesiada
- Logic flaw allowing unverified secondary email to block legitimate registration
Yash K Jare
LinkedIn: Yash K Jare
- No rate limit on “Add Webhook” feature
- Weak password policy allowed easily guessable passwords
Praveen Jha
LinkedIn: Praveen Jha
- Missing rate limiting on password reset endpoint allowed email flooding
Ajay Saxena
LinkedIn: Ajay Saxena
- Email verification bypass allowed login without activation
Nikhil Singh Rajput
LinkedIn: Nikhil Singh Rajput
- Stored XSS via email input
- Sensitive data exposure via web archive
- Missing rate limiting on support system
A Sai Vardhan
LinkedIn: A Sai Vardhan
- Password reset token reuse
- Terms & Conditions acceptance bypass
Vedant Tanaji Vhatkar
LinkedIn: Vedant Tanaji Vhatkar
- Password reset session handling issue
- Rate limiting on account deletion flow
- Error-state session restoration in password reset
🙏 Recognition & Appreciation
We don’t have an official bug bounty program yet, but we do like to recognize and thank those who go the extra mile to help us improve.
Every researcher listed here has contributed to making the internet a safer place, and we’re grateful for their responsible approach to security research.
Thank you for helping us protect our users and their data.
