Skip to content
View Le1a's full-sized avatar
127 followers · 88 following

Achievements

Achievement: QuickdrawAchievement: Pull SharkAchievement: Starstruck

Achievements

Achievement: QuickdrawAchievement: Pull SharkAchievement: Starstruck

Block or report Le1a

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Le1a/README.md

Hey 👋 I'm Le1a

Retired CTFer · Security Researcher

Experience

  • Feb 2026 – Present: JD.com — Security Engineer
  • May 2023 – Jan 2026: ThreatBook — Security Researcher

Selected CVEs

CVE Product Type
CVE-2023-34747 UJCMS File Upload
CVE-2024-45627 Apache Linkis File Read
CVE-2025-25347 QingLong Panel RCE
CVE-2025-28044 ECShop RCE
CVE-2025-48999 DataEase RCE
CVE-2025-49001 DataEase Auth Bypass
CVE-2025-49002 DataEase RCE
CVE-2025-6507 h2o-3 File Read & RCE
CVE-2025-6544 h2o-3 File Read & RCE
CVE-2025-53004 DataEase RCE
CVE-2025-53005 DataEase RCE
CVE-2025-57773 DataEase File Write
CVE-2025-29847 Apache Linkis File Read

Pinned Loading

  1. CVE-2023-33246 CVE-2023-33246 Public

    Apache RocketMQ 远程代码执行漏洞(CVE-2023-33246) Exploit

    82 5

  2. LokiPool LokiPool Public

    一个使用Rust编写的SOCKS5代理池管理工具,能够自动测速、管理多个代理服务器,提供高效稳定的匿名代理服务。

    Rust 80 13

  3. JarLibsConsolidator JarLibsConsolidator Public

    一个IDEA插件:一键收集项目中所有jar包依赖的工具插件。遍历项目目录收集所有jar文件,复制到all-in-one文件夹,并自动添加为项目库。

    Kotlin 50 1