Maxim Masiutin
Software Developer | Cybersecurity Professional
Connect
- LinkedInProfessional profile and career history.
- GitHubOpen source projects and contributions.
- ORCIDResearcher identifier linking publications across platforms.
- Stack OverflowProgramming Q&A contributions.
- Root MeCybersecurity challenges and CTF platform.
- WikipediaContributor to English Wikipedia and other Wikimedia projects.
Projects
- Stockfish Top Authors and MethodsAnalysis of Stockfish chess engine contributors ranked by successful tests on Fishtest. Covers 6 years of development history with method definitions.
- FARM Archive (external)Archive of the Moldovan Automobile Federation (FARM) with motorsport regulations, competition protocols, and racing event documentation from 2007-2008.
Publications
- Alternative Androgen PathwaysWikiJournal of Medicine, 2023. DOI: 10.15347/WJM/2023.003
- Letter to the Editor: Adrenocortical Hormone Abnormalities in Chronic ProstatitisUrology (Elsevier), 2022. DOI: 10.1016/j.urology.2022.07.038
Tools
- List ConverterBrowser-based utility to convert newline-separated lists to comma-separated values.
TinyWeb Security Advisories
- TinyWeb MITRE CVE IndexComprehensive summary of all TinyWeb HTTP Server CVEs with CVSS scores, affected versions, and fix status.
- CVE-2026-29046 - HTTP Header Control Character Injection into CGI EnvironmentHeader control character injection into CGI environment variables. CVSS 8.8 High. Fixed in v2.04.
- CVE-2026-28497 - Integer Overflow / HTTP Request SmugglingInteger overflow in _Val allows Content-Length bypass and HTTP Request Smuggling. CVSS 8.7 High. Fixed in v2.03.
- CVE-2026-27633 - Unbounded Content-Length Memory ExhaustionMemory exhaustion via unbounded Content-Length processing. Fixed in v2.02.
- CVE-2026-27630 - Thread/Connection Exhaustion (Slowloris)Slowloris-style denial of service via thread/connection exhaustion. Fixed in v2.02.
- CVE-2026-27613 - CGI Parameter InjectionCGI parameter injection bypassing STRICT_CGI_PARAMS and EscapeShellParam. Fixed in v2.01.
- CVE-2026-22781 - CGI Command InjectionOS command injection via unsanitized CGI ISINDEX query parameters. CVSS 10.0 Critical. Fixed in v1.98.
- CVE-2024-34199 - Heap Buffer OverflowHeap-based buffer overflow in TCollector.Collect() causing DoS. CVSS 8.6 High. Fixed in v1.99.
- CVE-2024-5193 - CRLF InjectionHTTP header injection via URL-encoded CRLF in paths. CVSS 5.3 Medium. Fixed in v1.99.
- CVE-2004-2636 - Path Traversal / Source Code DisclosureCGI script source code disclosure via /cgi-bin/./script.pl bypass. CVSS 5.3 Medium. Fixed in v1.93.
- CVE-2003-1510 - Denial of Service via Null ByteCPU exhaustion via null byte in cgi-bin path. CVSS 7.5 High. Fixed in v1.93.
- CVE-2024-3677 ClarificationSecurity notice: CVE-2024-3677 (WordPress plugin XSS) does not affect TinyWeb HTTP Server.
FastMM4-AVX Security Advisories
- GHSA-3x29-6h9j-vcvm - FPU Stack Corruption in 32-bit Move ProceduresFPU stack corruption via dirty x87 state in legacy 32-bit move routines. CVSS 5.9 Medium. Fixed in FastMM4-AVX v1.0.10.