Muhammad Waseem

Bug Bounty Hunter

Top 1000 worldwide • 100+ companies secured

Top 1000 Hackers Badge
Official Top 1000 Hackers Badge

★ Top 1000 Hackers on Bugcrowd

Ranked among the elite security researchers worldwide

View My Profile →

About

Muhammad Waseem — Elite bug bounty hunter and red teamer with expertise in web application security, API testing, and vulnerability research. Passionate about making the internet safer through ethical hacking and responsible disclosure.

Companies I've Secured

Trusted by Fortune 500 companies and leading tech organizations worldwide

Security Research & Writeups

In-depth analysis of critical vulnerabilities and security research findings

Advanced Ninja Tables LFI Vulnerability

Critical WordPress LFI

Deep dive into a critical Local File Inclusion vulnerability in Ninja Tables WordPress plugin (versions <4.1.9). Complete exploitation walkthrough including payload crafting, file system access techniques, and comprehensive remediation strategies for WordPress administrators.

View Complete Analysis

CVE-2025-29927 Middleware Bypass

High CVSS 8.2 Next.js

Professional security research demonstrating authentication bypass in Next.js middleware configurations. Detailed proof-of-concept showing how crafted HTTP headers exploit subrequest handling to bypass authentication mechanisms and access restricted content.

Read PoC Research

Advanced IDOR in Banking API

Critical $7,500 Banking

Comprehensive analysis of a sophisticated Insecure Direct Object Reference vulnerability discovered in a major banking application's API. Detailed methodology, exploitation techniques, and the security impact on financial data integrity.

Research in Progress

Get in Touch

Here are my profiles:

📧 muhammadwaseem3@wearehackerone.com

Bug Bounty Platforms

I work on platforms Bugcrowd, Intigriti and HackerOne:

🔗 Bugcrowd Profile - Top 1000 Hacker

🔗 HackerOne Profile

🔗 Intigriti Profile

Professional Profiles

🔗 LinkedIn Profile

🔗 GitHub Profile