Llorenç Romà

Llorenç RomàSecurity Researcher — writing about security findings, personal projects, and IT.https://llori.me/en-usCVE-2026-48117 - Account Takeover via Pre-Registration Attack in DroneAware Nodehttps://llori.me/posts/droneaware-account-takeover-pre-registration/https://llori.me/posts/droneaware-account-takeover-pre-registration/A pre-registration flaw in DroneAware Node allowed silent account takeover — any user authenticating via Google SSO or email verification could have their account hijacked.Mon, 25 May 2026 00:00:00 GMTbug-findingresponsible-disclosureaccount-takeoverauthenticationcveSecurity ResearchHow Not to Enforce Device-Limited Contenthttps://llori.me/posts/how-not-to-protect-your-content/https://llori.me/posts/how-not-to-protect-your-content/A travel app sold device-limited content packages protected by PDF passwords and GPS track encryption. On a rooted Android device, both the password and the tracks were sitting in cleartext in a SQLite database.Sat, 02 May 2026 00:00:00 GMTbug-findingresponsible-disclosureandroiddrmmobile-securitySecurity Researchu5CMS: Session Forgery, Privilege Escalation, and RCEhttps://llori.me/posts/u5cms-security-findings/https://llori.me/posts/u5cms-security-findings/A static SAML nonce in u5CMS allowed any authenticated user to forge sessions as an administrator, leading to RCE. Two additional XSS and open redirect issues were patched in the same release.Tue, 10 Mar 2026 00:00:00 GMTbug-findingresponsible-disclosurerceprivilege-escalationsamlcmsSecurity ResearchGarmin MapShare: Insecure Link Design and User Data Privacy (Part 2)https://llori.me/posts/garmin-mapshare-insecure-link-design-part-2/https://llori.me/posts/garmin-mapshare-insecure-link-design-part-2/Password-protected MapShares had unauthenticated API endpoints allowing location requests and inReach messaging — plus guessable identifiers exposing public maps.Wed, 04 Feb 2026 00:00:00 GMTbug-findingresponsible-disclosureprivacygarminapi-securitySecurity ResearchGarmin inReach Security: Insecure Link Design and User Data Privacy (Part I)https://llori.me/posts/garmin-inreach-insecure-link-design/https://llori.me/posts/garmin-inreach-insecure-link-design/A privacy issue in Garmin inReach allowed enumeration of map URLs due to short, guessable identifiers — exposing messages, locations, and contact details.Mon, 12 Jan 2026 00:00:00 GMTbug-findingresponsible-disclosureprivacygarminSecurity Research