About
Learn more about his
Expert Cyber Security Consultant & Back-End Developer
Tağmaç started to learn software at a young age, turned this hobby into a business and started to earn money during his secondary school years by working freelance.
Tağmaç, who went deeper into the software languages, found vulnerabilities on the projects he wrote and started researching how to close these vulnerabilities and stepped into Cyber Security.
He found his first vulnerability at the age of 13, in a web application he developed himself. Tağmaç, who wanted to improve himself in this field, started to do security research. It found and reported vulnerabilities in many web/mobile, browser plug-ins and computer software. Sometimes when him get bored, it finds security vulnerabilities in some open source applications and prepares exploitation code and presents them on the platform called Exploit-DB.
Tağmaç, who likes to challenge, learn programming languages that he does not know, develop new projects with those programming languages, and constantly learn something new, continues to do new tests and research on more than 10 servers of his own at home.
He still works as a vulnerability researcher in his spare time.
- Birthday: 15 January
- Website: tagmachan.com
- City: Ankara, TURKEY
- Degree: Master
- Email: [email protected]
- Freelance: Available
Developed Projects
Vulnerabilities Found in Enterprise Products
Programming Language that Basically knows
Developed Exploit Codes
Total CVEs
Skills
Resume
Check His Resume
Summary
He has spent 9+ years working on Development, Server Installation, Network Configuration and Cyber Security. According to his place, the blue team took part in the red team according to his place.
- Web Application [ Black-Gray-White Box ] Pentest
- Mobil Application [ Black-Gray-White Box ] Pentest
- Network Application [ Black-Gray-White Box ] Pentest
- Microservice Application [ Black-Gray-White Box ] Pentest
- Cloud [ Black-Gray-White Box ] Pentest
- Television and Television Application BlackBox Pentest
- EDR Bypass
- Windows/Linux/CentOS Server Configuration & Management
- Network Firewall Configuration & Management
- Web Firewall Configuration & Management & Testing
- Malware Analysis
- SIEM Configuration & Management
- BackEnd Development
Education
Master's Degree in Cyber Security
2023 - 2025
Ahmet Yesevi University
Management Information Systems
2018 - 2023
Anadolu University
Computer Programming
2013 - 2015
Cumhuriyet University
Professional Experience
Senior Cyber Security Consultant
2022 - Present
Presidency of the Republic of Türkiye Cumhuriyeti
- Red Teaming Service
- Development
Cyber Security Consultant & Backend Developer
2023 - 2024
beIN Media Group
- Red Teaming Service
- Development
Senior Cyber Security Expert
2022 - Present
BilgeAdam Technology
- Red Teaming Service
- Consulting
Cyber Security Expert & Backend Developer
2018 - 2022
beIN Media Group
- Red Teaming Service
- BackEnd Development
- Full-Stack Development
Cyber Security Researcher & Backend Development
2015 - 2018
FreeLancer
- Red Teaming Service
- BackEnd Development
- Full-Stack Development
Cyber Security Researcher & IT Consultant
2013 - 2015
Cumhuriyet University
- Red Teaming Service
- Server Installation, Management, Configuration
- VMesxi Management
- Network Configuration & Management
Exploits & Projects
Source Code Repository
| Type | Name | Category | Description | Date |
|---|---|---|---|---|
| CVE-2025-69460 - Simple Image Gallery 1.0 - Remote Code Execution (Unauthenticated) - Exploit Code | Exploit | CVE-2025-69460: Unauthenticated Remote Code Execution (RCE) vulnerability in Simple Image Gallery 1.0. Zero-day discovery and exploit by Tağmaç 'Tagoletta'. | Wed Jan 21 2026 | |
| CVE-2025-69459 - Movie Rating System 1.0 - Broken Access Control (Admin Account Creation) - Exploit Code | Exploit | CVE-2025-69459: Broken Access Control vulnerability allowing Admin Account Creation in Movie Rating System 1.0. Zero-day discovery and exploit by Tağmaç 'Tagoletta'. | Wed Jan 21 2026 | |
| CVE-2025-69458 - Movie Rating System 1.0 - SQL Injection to RCE (Unauthenticated) - Exploit Code | Exploit | CVE-2025-69458: Unauthenticated SQL Injection to Remote Code Execution (RCE) vulnerability in Movie Rating System 1.0. Zero-day discovery and exploit by Tağmaç 'Tagoletta'. | Wed Jan 21 2026 | |
| CVE-2025-69457 - Responsive Tourism Website 3.1 - Remote Code Execution (Unauthenticated) - Exploit Code | Exploit | CVE-2025-69457: Unauthenticated Remote Code Execution (RCE) vulnerability in Responsive Tourism Website 3.1. Zero-day discovery and exploit by Tağmaç 'Tagoletta'. | Wed Jan 21 2026 | |
| CVE-2023-38890 – Online Shopping Portal 3.1 Remote Code Execution - Exploit Code | Exploit | CVE-2023-38890: Unauthenticated SQL Injection to Remote Code Execution (RCE) vulnerability in Online Shopping Portal 3.1. Zero-day discovery and exploit by Tağmaç 'Tagoletta'. | Wed Jan 21 2026 | |
| Daily CVE Reporter | Project | Daily CVE Reporter is an automated security tool designated to keep researchers updated on the latest vulnerabilities. It fetches new CVEs from the National Vulnerability Database every 24 hours, automatically detects if a Proof of Concept (PoC) exploit exists, and presents the data in a clean, interactive HTML report. | Tue Dec 30 2025 | |
| Daily AbuseIP Collector | Project | The Daily AbuseIP Collector is a .NET 9.0 console application designed to run as a background service within a Docker container. Its primary purpose is to automatically fetch, filter, and store a list of abusive IP addresses from a public blocklist into a MongoDB database. | Sun Dec 15 2024 | |
| Traffic Offense Management System 1.0 - SQLi to Remote Code Execution (RCE) (Unauthenticated) - Exploit Code | Exploit | Zero-Day Exploit Code for Traffic Offense Management System RCE. | Wed Aug 18 2021 |
Blog
His Works
CVE-2025-69460 – Simple Image Gallery 1.0 - Remote Code Execution (Unauthenticated)
Wed Jan 21 2026CVE-2025-69460: Unauthenticated Remote Code Execution (RCE) vulnerability in Simple Image Gallery 1.0. Zero-day discovery and exploit by Tağmaç 'Tagoletta'.
CVE-2025-69457 – Responsive Tourism Website 3.1 - Remote Code Execution (Unauthenticated)
Wed Jan 21 2026CVE-2025-69457: Unauthenticated Remote Code Execution (RCE) vulnerability in Responsive Tourism Website 3.1. Zero-day discovery and exploit by Tağmaç 'Tagoletta'.
CVE-2023-38890 – Online Shopping Portal 3.1 Remote Code Execution
Wed Jan 21 2026CVE-2023-38890: Unauthenticated SQL Injection to Remote Code Execution (RCE) vulnerability in Online Shopping Portal 3.1. Zero-day discovery and exploit by Tağmaç 'Tagoletta'.
CVE-2025-69458 – Movie Rating System 1.0 - SQL Injection to RCE (Unauthenticated)
Wed Jan 21 2026CVE-2025-69458: Unauthenticated SQL Injection to Remote Code Execution (RCE) vulnerability in Movie Rating System 1.0. Zero-day discovery and exploit by Tağmaç 'Tagoletta'.
CVE-2025-69459 – Movie Rating System 1.0 - Broken Access Control
Wed Jan 21 2026CVE-2025-69459: Broken Access Control vulnerability allowing Admin Account Creation in Movie Rating System 1.0. Zero-day discovery and exploit by Tağmaç 'Tagoletta'.
Building a Compact Cyber Security Home Lab with Proxmox
Mon Dec 08 2025Turning a modest notebook into a powerhouse running Tor, Exploit Dev, Docker, and OPNsense environments.