mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2026-05-06 15:05:24 +02:00
Code Issues Projects Releases Packages Wiki Activity

Auto Update 2026/05/01 18:52:56

Browse source
This commit is contained in:
motikan2010-bot 2026-05-02 03:52:56 +09:00
commit 12e18b68a7
82 changed files with 1183 additions and 1243 deletions
Download patch file Download diff file Expand all files Collapse all files

8
2013/CVE-2013-4786.json
View file

@ -14,10 +14,10 @@
"description": "CVE-2013-4786 Go exploitation tool",
"fork": false,
"created_at": "2023-10-23T20:01:37Z",
"updated_at": "2026-01-27T08:44:10Z",
"updated_at": "2026-05-01T14:54:01Z",
"pushed_at": "2025-11-18T23:23:15Z",
"stargazers_count": 40,
"watchers_count": 40,
"stargazers_count": 41,
"watchers_count": 41,
"has_discussions": false,
"forks_count": 4,
"allow_forking": true,
@ -28,7 +28,7 @@
"topics": [],
"visibility": "public",
"forks": 4,
"watchers": 40,
"watchers": 41,
"score": 0,
"subscribers_count": 3
}

4
2016/CVE-2016-15042.json
View file

@ -14,8 +14,8 @@
"description": "🛠️ Validate and demonstrate CVE-2016-15042 with a Dockerized lab for unauthenticated file uploads in WordPress file managers.",
"fork": false,
"created_at": "2023-10-23T05:54:10Z",
"updated_at": "2026-05-01T09:03:56Z",
"pushed_at": "2026-05-01T09:03:52Z",
"updated_at": "2026-05-01T15:58:09Z",
"pushed_at": "2026-05-01T15:58:05Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

2
2017/CVE-2017-20165.json
View file

@ -34,6 +34,6 @@
"forks": 15,
"watchers": 15,
"score": 0,
"subscribers_count": 11
"subscribers_count": 10
}
]

8
2017/CVE-2017-9822.json
View file

@ -14,10 +14,10 @@
"description": "[CVE-2017-9822] DotNetNuke Cookie Deserialization Remote Code Execution (RCE)",
"fork": false,
"created_at": "2020-08-28T12:45:44Z",
"updated_at": "2026-02-22T23:56:30Z",
"updated_at": "2026-05-01T16:31:22Z",
"pushed_at": "2020-08-30T00:27:40Z",
"stargazers_count": 21,
"watchers_count": 21,
"stargazers_count": 22,
"watchers_count": 22,
"has_discussions": false,
"forks_count": 4,
"allow_forking": true,
@ -30,7 +30,7 @@
],
"visibility": "public",
"forks": 4,
"watchers": 21,
"watchers": 22,
"score": 0,
"subscribers_count": 1
},

8
2018/CVE-2018-0114.json
View file

@ -14,10 +14,10 @@
"description": "This repository contains the POC of an exploit for node-jose < 0.11.0",
"fork": false,
"created_at": "2018-03-20T20:37:29Z",
"updated_at": "2024-08-12T19:37:06Z",
"updated_at": "2026-05-01T17:09:42Z",
"pushed_at": "2023-02-24T20:57:06Z",
"stargazers_count": 25,
"watchers_count": 25,
"stargazers_count": 26,
"watchers_count": 26,
"has_discussions": false,
"forks_count": 10,
"allow_forking": true,
@ -28,7 +28,7 @@
"topics": [],
"visibility": "public",
"forks": 10,
"watchers": 25,
"watchers": 26,
"score": 0,
"subscribers_count": 2
},

4
2019/CVE-2019-1040.json
View file

@ -179,8 +179,8 @@
"description": "The Windows Print Spooler privilege escalation vulnerability (CVE-2019-1040\/CVE-2019-1019) has been implemented as a Reflective DLL for penetration testing.",
"fork": false,
"created_at": "2025-12-06T19:56:12Z",
"updated_at": "2026-05-01T11:33:53Z",
"pushed_at": "2026-05-01T11:33:50Z",
"updated_at": "2026-05-01T18:11:56Z",
"pushed_at": "2026-05-01T18:11:51Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,

4
2020/CVE-2020-0610.json
View file

@ -58,8 +58,8 @@
"description": "🔍 Create a safe lab environment for testing CVE-2020-0610, a critical RCE vulnerability in Windows RD Gateway, with minimal disruption using DTLS techniques.",
"fork": false,
"created_at": "2025-09-04T13:21:35Z",
"updated_at": "2026-05-01T09:03:50Z",
"pushed_at": "2026-05-01T09:03:47Z",
"updated_at": "2026-05-01T15:58:04Z",
"pushed_at": "2026-05-01T15:58:00Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2020/CVE-2020-1472.json
View file

@ -2383,8 +2383,8 @@
"description": "Zerologon (CVE-2020-1472) Proof-of-Concept application - Critical Active Directory vulnerability exploitation tool.",
"fork": false,
"created_at": "2025-12-06T10:17:38Z",
"updated_at": "2026-05-01T12:05:17Z",
"pushed_at": "2026-05-01T12:05:12Z",
"updated_at": "2026-05-01T17:33:41Z",
"pushed_at": "2026-05-01T17:33:35Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,

4
2021/CVE-2021-33044.json
View file

@ -212,8 +212,8 @@
"description": "Chrome extension that uses vulnerabilities CVE-2021-33044 and CVE-2021-33045 to log in to Dahua cameras without authentication.",
"fork": false,
"created_at": "2026-03-28T17:42:44Z",
"updated_at": "2026-05-01T11:51:22Z",
"pushed_at": "2026-05-01T11:51:18Z",
"updated_at": "2026-05-01T17:33:17Z",
"pushed_at": "2026-05-01T17:33:13Z",
"stargazers_count": 3,
"watchers_count": 3,
"has_discussions": false,

20
2021/CVE-2021-4034.json
View file

@ -47,10 +47,10 @@
"description": "PoC for PwnKit: Local Privilege Escalation Vulnerability in polkits pkexec (CVE-2021-4034)",
"fork": false,
"created_at": "2022-01-26T00:56:36Z",
"updated_at": "2026-04-30T06:50:24Z",
"updated_at": "2026-05-01T15:10:35Z",
"pushed_at": "2023-05-04T19:24:39Z",
"stargazers_count": 1149,
"watchers_count": 1149,
"stargazers_count": 1150,
"watchers_count": 1150,
"has_discussions": false,
"forks_count": 318,
"allow_forking": true,
@ -65,7 +65,7 @@
],
"visibility": "public",
"forks": 318,
"watchers": 1149,
"watchers": 1150,
"score": 0,
"subscribers_count": 14
},
@ -150,10 +150,10 @@
"description": "Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation",
"fork": false,
"created_at": "2022-01-26T14:26:10Z",
"updated_at": "2026-04-24T01:05:16Z",
"updated_at": "2026-05-01T14:31:05Z",
"pushed_at": "2022-06-21T14:52:05Z",
"stargazers_count": 1300,
"watchers_count": 1300,
"stargazers_count": 1301,
"watchers_count": 1301,
"has_discussions": false,
"forks_count": 204,
"allow_forking": true,
@ -166,7 +166,7 @@
],
"visibility": "public",
"forks": 204,
"watchers": 1300,
"watchers": 1301,
"score": 0,
"subscribers_count": 13
},
@ -2050,8 +2050,8 @@
"description": "🚀 Enhance your penetration testing with PwnKit Helper, a simple tool for exploiting the CVE-2021-4034 vulnerability in pkexec for local privilege escalation.",
"fork": false,
"created_at": "2025-10-01T09:53:03Z",
"updated_at": "2026-05-01T09:11:40Z",
"pushed_at": "2026-05-01T09:11:36Z",
"updated_at": "2026-05-01T16:11:35Z",
"pushed_at": "2026-05-01T16:11:31Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,

4
2022/CVE-2022-0847.json
View file

@ -613,7 +613,7 @@
"stargazers_count": 5,
"watchers_count": 5,
"has_discussions": false,
"forks_count": 2,
"forks_count": 3,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -621,7 +621,7 @@
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 2,
"forks": 3,
"watchers": 5,
"score": 0,
"subscribers_count": 1

8
2022/CVE-2022-0995.json
View file

@ -14,10 +14,10 @@
"description": "CVE-2022-0995 exploit",
"fork": false,
"created_at": "2022-03-26T21:46:09Z",
"updated_at": "2026-03-23T04:48:34Z",
"updated_at": "2026-05-01T13:18:32Z",
"pushed_at": "2022-03-27T09:07:01Z",
"stargazers_count": 500,
"watchers_count": 500,
"stargazers_count": 501,
"watchers_count": 501,
"has_discussions": false,
"forks_count": 68,
"allow_forking": true,
@ -28,7 +28,7 @@
"topics": [],
"visibility": "public",
"forks": 68,
"watchers": 500,
"watchers": 501,
"score": 0,
"subscribers_count": 7
},

8
2022/CVE-2022-24125.json
View file

@ -14,10 +14,10 @@
"description": "Documentation and proof of concept code for CVE-2022-24125 and CVE-2022-24126.",
"fork": false,
"created_at": "2022-01-28T20:37:14Z",
"updated_at": "2026-04-26T21:03:07Z",
"updated_at": "2026-05-01T15:07:48Z",
"pushed_at": "2022-08-30T02:11:05Z",
"stargazers_count": 166,
"watchers_count": 166,
"stargazers_count": 167,
"watchers_count": 167,
"has_discussions": false,
"forks_count": 8,
"allow_forking": true,
@ -34,7 +34,7 @@
],
"visibility": "public",
"forks": 8,
"watchers": 166,
"watchers": 167,
"score": 0,
"subscribers_count": 4
}

8
2022/CVE-2022-32250.json
View file

@ -14,10 +14,10 @@
"description": null,
"fork": false,
"created_at": "2022-08-24T06:00:47Z",
"updated_at": "2026-04-30T21:47:47Z",
"updated_at": "2026-05-01T18:06:25Z",
"pushed_at": "2023-06-18T14:43:52Z",
"stargazers_count": 179,
"watchers_count": 179,
"stargazers_count": 180,
"watchers_count": 180,
"has_discussions": false,
"forks_count": 44,
"allow_forking": true,
@ -28,7 +28,7 @@
"topics": [],
"visibility": "public",
"forks": 44,
"watchers": 179,
"watchers": 180,
"score": 0,
"subscribers_count": 3
},

4
2022/CVE-2022-39227.json
View file

@ -89,8 +89,8 @@
"description": null,
"fork": false,
"created_at": "2026-04-27T23:32:48Z",
"updated_at": "2026-04-28T21:32:07Z",
"pushed_at": "2026-04-28T21:32:02Z",
"updated_at": "2026-05-01T16:59:59Z",
"pushed_at": "2026-05-01T16:59:54Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2023/CVE-2023-32434.json
View file

@ -47,8 +47,8 @@
"description": "oob_entry tfp0 kernel exploit for armv7 iOS (iOS 3.010.3.4), using CVE-2023-32434. We will publish a write-up detailing the methods in the coming weeks. 🐙",
"fork": false,
"created_at": "2025-08-13T09:19:29Z",
"updated_at": "2026-05-01T08:59:33Z",
"pushed_at": "2026-05-01T08:59:30Z",
"updated_at": "2026-05-01T15:53:44Z",
"pushed_at": "2026-05-01T15:53:39Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2023/CVE-2023-39910.json
View file

@ -66,8 +66,8 @@
"description": "🔒 Analyze the CVE-2023-39910 vulnerability in Libbitcoin Explorer to understand its impact on Bitcoin wallet security and protect your assets.",
"fork": false,
"created_at": "2026-01-07T14:24:08Z",
"updated_at": "2026-05-01T10:13:24Z",
"pushed_at": "2026-05-01T10:13:20Z",
"updated_at": "2026-05-01T18:09:30Z",
"pushed_at": "2026-05-01T18:09:26Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

12
2023/CVE-2023-42793.json
View file

@ -85,12 +85,12 @@
"description": "PoC of CVE-2023-42793",
"fork": false,
"created_at": "2023-10-05T18:12:25Z",
"updated_at": "2026-02-04T04:16:39Z",
"updated_at": "2026-05-01T18:13:59Z",
"pushed_at": "2023-10-11T11:40:05Z",
"stargazers_count": 8,
"watchers_count": 8,
"stargazers_count": 9,
"watchers_count": 9,
"has_discussions": false,
"forks_count": 2,
"forks_count": 3,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -98,8 +98,8 @@
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 8,
"forks": 3,
"watchers": 9,
"score": 0,
"subscribers_count": 1
},

66
2023/CVE-2023-44487.json
View file

@ -730,72 +730,6 @@
"score": 0,
"subscribers_count": 0
},
{
"id": 1171785047,
"name": "phoenix-h2",
"full_name": "dryfryce\/phoenix-h2",
"owner": {
"login": "dryfryce",
"id": 258849584,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/258849584?v=4",
"html_url": "https:\/\/github.com\/dryfryce",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/dryfryce\/phoenix-h2",
"description": "🔥 Phoenix — Rust HTTP\/2 stress testing & security research framework. CVE-2023-44487, CONTINUATION Flood, HPACK Bomb and more.",
"fork": false,
"created_at": "2026-03-03T15:54:14Z",
"updated_at": "2026-03-03T16:09:08Z",
"pushed_at": "2026-03-03T16:00:37Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1171789868,
"name": "phoenix-http2",
"full_name": "dryfryce\/phoenix-http2",
"owner": {
"login": "dryfryce",
"id": 258849584,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/258849584?v=4",
"html_url": "https:\/\/github.com\/dryfryce",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/dryfryce\/phoenix-http2",
"description": "Phoenix — Rust HTTP\/2 stress testing & attack simulation framework. CVE-2023-44487, CONTINUATION Flood, HPACK Bomb and more.",
"fork": false,
"created_at": "2026-03-03T16:00:15Z",
"updated_at": "2026-03-06T18:45:18Z",
"pushed_at": "2026-03-06T18:45:15Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1198247870,
"name": "HTTP-2-RapidReset-CVE-2023-44487-Testlab",

8
2023/CVE-2023-4911.json
View file

@ -47,10 +47,10 @@
"description": "PoC for CVE-2023-4911",
"fork": false,
"created_at": "2023-10-04T14:12:16Z",
"updated_at": "2026-05-01T02:46:15Z",
"updated_at": "2026-05-01T17:28:17Z",
"pushed_at": "2023-10-04T14:16:36Z",
"stargazers_count": 390,
"watchers_count": 390,
"stargazers_count": 391,
"watchers_count": 391,
"has_discussions": false,
"forks_count": 56,
"allow_forking": true,
@ -61,7 +61,7 @@
"topics": [],
"visibility": "public",
"forks": 56,
"watchers": 390,
"watchers": 391,
"score": 0,
"subscribers_count": 4
},

66
2023/CVE-2023-51385.json
View file

@ -230,6 +230,72 @@
"score": 0,
"subscribers_count": 1
},
{
"id": 738402073,
"name": "CVE-2023-51385",
"full_name": "uccu99\/CVE-2023-51385",
"owner": {
"login": "uccu99",
"id": 155516921,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/155516921?v=4",
"html_url": "https:\/\/github.com\/uccu99",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/uccu99\/CVE-2023-51385",
"description": null,
"fork": false,
"created_at": "2024-01-03T06:28:34Z",
"updated_at": "2024-01-03T06:28:35Z",
"pushed_at": "2024-01-03T06:28:35Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 738661198,
"name": "exploit-CVE-2023-51385",
"full_name": "julienbrs\/exploit-CVE-2023-51385",
"owner": {
"login": "julienbrs",
"id": 106234742,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/106234742?v=4",
"html_url": "https:\/\/github.com\/julienbrs",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/julienbrs\/exploit-CVE-2023-51385",
"description": null,
"fork": false,
"created_at": "2024-01-03T18:40:44Z",
"updated_at": "2024-01-03T18:40:44Z",
"pushed_at": "2024-01-03T18:41:24Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 738669696,
"name": "malicious-exploit-CVE-2023-51385",

8
2024/CVE-2024-0044.json
View file

@ -212,10 +212,10 @@
"description": "EvilDroid automates the exploitation of CVE-2024-0044, installing malicious payloads on a target device and extracting sensitive data. It features automated ADB connection checks, APK pushing, UID extraction, payload generation, and real-time progress updates, providing a seamless and professional user experience.",
"fork": false,
"created_at": "2024-08-04T13:14:10Z",
"updated_at": "2026-04-15T00:10:52Z",
"updated_at": "2026-05-01T15:02:29Z",
"pushed_at": "2025-09-06T12:15:24Z",
"stargazers_count": 28,
"watchers_count": 28,
"stargazers_count": 29,
"watchers_count": 29,
"has_discussions": false,
"forks_count": 15,
"allow_forking": true,
@ -226,7 +226,7 @@
"topics": [],
"visibility": "public",
"forks": 15,
"watchers": 28,
"watchers": 29,
"score": 0,
"subscribers_count": 2
},

4
2024/CVE-2024-0670.json
View file

@ -172,8 +172,8 @@
"description": "🔍 Exploit CVE-2024-0670 in CheckMK agents for local privilege escalation using a robust C++ tool designed for security professionals.",
"fork": false,
"created_at": "2026-01-08T01:32:09Z",
"updated_at": "2026-05-01T10:13:42Z",
"pushed_at": "2026-05-01T10:13:39Z",
"updated_at": "2026-05-01T18:09:45Z",
"pushed_at": "2026-05-01T18:09:41Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

8
2024/CVE-2024-1086.json
View file

@ -14,10 +14,10 @@
"description": "Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.",
"fork": false,
"created_at": "2024-03-20T21:16:41Z",
"updated_at": "2026-04-24T05:39:35Z",
"updated_at": "2026-05-01T14:32:21Z",
"pushed_at": "2024-04-17T16:09:54Z",
"stargazers_count": 2443,
"watchers_count": 2443,
"stargazers_count": 2444,
"watchers_count": 2444,
"has_discussions": false,
"forks_count": 332,
"allow_forking": true,
@ -34,7 +34,7 @@
],
"visibility": "public",
"forks": 332,
"watchers": 2443,
"watchers": 2444,
"score": 0,
"subscribers_count": 26
},

8
2024/CVE-2024-3183.json
View file

@ -14,10 +14,10 @@
"description": "POC for CVE-2024-3183 (FreeIPA Rosting)",
"fork": false,
"created_at": "2024-08-14T14:24:58Z",
"updated_at": "2026-04-30T08:45:54Z",
"updated_at": "2026-05-01T17:40:44Z",
"pushed_at": "2024-08-20T14:16:04Z",
"stargazers_count": 28,
"watchers_count": 28,
"stargazers_count": 29,
"watchers_count": 29,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@ -28,7 +28,7 @@
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 28,
"watchers": 29,
"score": 0,
"subscribers_count": 1
}

4
2024/CVE-2024-49113.json
View file

@ -19,7 +19,7 @@
"stargazers_count": 516,
"watchers_count": 516,
"has_discussions": false,
"forks_count": 120,
"forks_count": 119,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -27,7 +27,7 @@
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 120,
"forks": 119,
"watchers": 516,
"score": 0,
"subscribers_count": 5

4
2024/CVE-2024-51482.json
View file

@ -245,8 +245,8 @@
"description": "HackTheBox — CCTV (Easy\/Linux) | CVE-2024-51482 + SqlMap+ SSH Key + Root",
"fork": false,
"created_at": "2026-04-30T20:43:41Z",
"updated_at": "2026-04-30T20:44:43Z",
"pushed_at": "2026-04-30T20:44:38Z",
"updated_at": "2026-05-01T17:27:38Z",
"pushed_at": "2026-05-01T17:27:35Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2024/CVE-2024-56426.json
View file

@ -19,7 +19,7 @@
"stargazers_count": 6,
"watchers_count": 6,
"has_discussions": false,
"forks_count": 2,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -27,7 +27,7 @@
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 2,
"forks": 1,
"watchers": 6,
"score": 0,
"subscribers_count": 0

8
2025/CVE-2025-14847.json
View file

@ -14,8 +14,8 @@
"description": "🛠 Exploit the CVE-2025-14847 vulnerability in MongoDB to disclose sensitive heap memory using a Python script that analyzes responses for new leaked data.",
"fork": false,
"created_at": "2025-07-30T15:52:00Z",
"updated_at": "2026-05-01T10:19:46Z",
"pushed_at": "2026-05-01T10:19:42Z",
"updated_at": "2026-05-01T18:16:00Z",
"pushed_at": "2026-05-01T18:15:56Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
@ -1129,8 +1129,8 @@
"description": "🔍 Scan for MongoDB vulnerabilities with MongoBleed, a high-performance tool for detecting CVE-2025-14847 across large networks quickly and efficiently.",
"fork": false,
"created_at": "2026-01-14T06:05:44Z",
"updated_at": "2026-05-01T10:18:33Z",
"pushed_at": "2026-05-01T10:18:29Z",
"updated_at": "2026-05-01T18:14:53Z",
"pushed_at": "2026-05-01T18:14:49Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

8
2025/CVE-2025-21479.json
View file

@ -19,7 +19,7 @@
"stargazers_count": 237,
"watchers_count": 237,
"has_discussions": false,
"forks_count": 52,
"forks_count": 53,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -27,7 +27,7 @@
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 52,
"forks": 53,
"watchers": 237,
"score": 0,
"subscribers_count": 2
@ -52,7 +52,7 @@
"stargazers_count": 23,
"watchers_count": 23,
"has_discussions": false,
"forks_count": 5,
"forks_count": 6,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -60,7 +60,7 @@
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 5,
"forks": 6,
"watchers": 23,
"score": 0,
"subscribers_count": 1

8
2025/CVE-2025-2304.json
View file

@ -49,8 +49,8 @@
"description": null,
"fork": false,
"created_at": "2026-01-31T21:33:13Z",
"updated_at": "2026-04-30T13:01:33Z",
"pushed_at": "2026-01-31T22:10:44Z",
"updated_at": "2026-05-01T18:49:59Z",
"pushed_at": "2026-05-01T18:49:56Z",
"stargazers_count": 9,
"watchers_count": 9,
"has_discussions": false,
@ -412,8 +412,8 @@
"description": "🛠️ Exploit CVE-2025-2304 in Camaleon CMS easily with this Python script for privilege escalation, tested on version 2.9.0.",
"fork": false,
"created_at": "2026-02-14T20:01:20Z",
"updated_at": "2026-05-01T10:44:55Z",
"pushed_at": "2026-05-01T10:44:52Z",
"updated_at": "2026-05-01T18:40:51Z",
"pushed_at": "2026-05-01T18:40:48Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

8
2025/CVE-2025-24132.json
View file

@ -47,10 +47,10 @@
"description": "POC for CVE-2025-24132 (AirBourne). Currently just triggers the overflow and causes a crash",
"fork": false,
"created_at": "2026-02-03T03:25:44Z",
"updated_at": "2026-04-30T02:23:15Z",
"updated_at": "2026-05-01T14:56:07Z",
"pushed_at": "2026-03-03T00:58:12Z",
"stargazers_count": 5,
"watchers_count": 5,
"stargazers_count": 6,
"watchers_count": 6,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@ -61,7 +61,7 @@
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 5,
"watchers": 6,
"score": 0,
"subscribers_count": 2
}

8
2025/CVE-2025-24252.json
View file

@ -14,10 +14,10 @@
"description": "poc for CVE-2025-24252 & CVE-2025-24132",
"fork": false,
"created_at": "2025-04-29T22:12:52Z",
"updated_at": "2026-04-13T12:50:44Z",
"updated_at": "2026-05-01T17:02:59Z",
"pushed_at": "2026-01-08T13:22:11Z",
"stargazers_count": 161,
"watchers_count": 161,
"stargazers_count": 162,
"watchers_count": 162,
"has_discussions": false,
"forks_count": 29,
"allow_forking": true,
@ -28,7 +28,7 @@
"topics": [],
"visibility": "public",
"forks": 29,
"watchers": 161,
"watchers": 162,
"score": 0,
"subscribers_count": 5
},

8
2025/CVE-2025-30208.json
View file

@ -14,10 +14,10 @@
"description": "全网首发 CVE-2025-31125 CVE-2025-30208 CVE-2025-32395 Vite Scanner",
"fork": false,
"created_at": "2025-03-26T10:26:12Z",
"updated_at": "2026-04-03T01:24:26Z",
"updated_at": "2026-05-01T13:16:23Z",
"pushed_at": "2025-04-13T05:21:53Z",
"stargazers_count": 46,
"watchers_count": 46,
"stargazers_count": 47,
"watchers_count": 47,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -36,7 +36,7 @@
],
"visibility": "public",
"forks": 0,
"watchers": 46,
"watchers": 47,
"score": 0,
"subscribers_count": 1
},

4
2025/CVE-2025-31258.json
View file

@ -14,8 +14,8 @@
"description": "🔓 Explore CVE-2025-31258 with this PoC demonstrating partial sandbox escape using RemoteViewServices for practical 1-day security practice.",
"fork": false,
"created_at": "2020-06-23T15:20:11Z",
"updated_at": "2026-05-01T09:05:52Z",
"pushed_at": "2026-05-01T09:05:49Z",
"updated_at": "2026-05-01T16:00:29Z",
"pushed_at": "2026-05-01T16:00:25Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

8
2025/CVE-2025-31710.json
View file

@ -14,10 +14,10 @@
"description": "A method for CVE-2025-31710 and to connect to cmd_skt to obtain a root shell on unisoc unpatched models",
"fork": false,
"created_at": "2025-06-06T14:31:13Z",
"updated_at": "2026-05-01T12:09:42Z",
"updated_at": "2026-05-01T18:09:17Z",
"pushed_at": "2026-04-22T23:07:03Z",
"stargazers_count": 113,
"watchers_count": 113,
"stargazers_count": 115,
"watchers_count": 115,
"has_discussions": false,
"forks_count": 15,
"allow_forking": true,
@ -28,7 +28,7 @@
"topics": [],
"visibility": "public",
"forks": 15,
"watchers": 113,
"watchers": 115,
"score": 0,
"subscribers_count": 1
}

12
2025/CVE-2025-32463.json
View file

@ -645,8 +645,8 @@
"description": "Demonstrate CVE-2025-32463 with this PoC for sudo's chroot feature. Explore the exploit and its impact on vulnerable sudo versions. 🐱💻🔒",
"fork": false,
"created_at": "2025-07-04T18:20:09Z",
"updated_at": "2026-05-01T08:57:54Z",
"pushed_at": "2026-05-01T08:57:51Z",
"updated_at": "2026-05-01T15:52:07Z",
"pushed_at": "2026-05-01T15:52:03Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -1628,8 +1628,8 @@
"description": "🔍 Demonstrate the CVE-2025-32463 privilege-escalation flaw in sudo's chroot feature with this minimal, reproducible proof of concept environment.",
"fork": false,
"created_at": "2025-09-20T00:42:07Z",
"updated_at": "2026-05-01T09:07:13Z",
"pushed_at": "2026-05-01T09:07:10Z",
"updated_at": "2026-05-01T16:01:49Z",
"pushed_at": "2026-05-01T16:01:44Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
@ -1680,8 +1680,8 @@
"description": null,
"fork": false,
"created_at": "2025-09-20T02:01:08Z",
"updated_at": "2026-05-01T09:07:15Z",
"pushed_at": "2026-05-01T09:07:12Z",
"updated_at": "2026-05-01T16:01:45Z",
"pushed_at": "2026-05-01T16:01:42Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2025/CVE-2025-36911.json
View file

@ -294,8 +294,8 @@
"description": "🔍 Scan and research CVE-2025-36911 vulnerabilities with WPair, a specialized tool for Android built in Kotlin, ensuring your applications remain secure.",
"fork": false,
"created_at": "2026-01-29T01:59:47Z",
"updated_at": "2026-05-01T10:32:41Z",
"pushed_at": "2026-05-01T10:32:38Z",
"updated_at": "2026-05-01T18:28:28Z",
"pushed_at": "2026-05-01T18:28:24Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

16
2025/CVE-2025-48757.json
View file

@ -14,10 +14,10 @@
"description": "Claude Skill that audits your projects for RLS misconfigurations, exposed keys, auth bypasses, and storage vulnerabilities. 27 anti-patterns sourced from CVE-2025-48757 and 10 security studies. Safe for production.",
"fork": false,
"created_at": "2026-03-15T14:49:30Z",
"updated_at": "2026-04-30T08:42:59Z",
"updated_at": "2026-05-01T14:00:45Z",
"pushed_at": "2026-04-30T08:42:55Z",
"stargazers_count": 12,
"watchers_count": 12,
"stargazers_count": 13,
"watchers_count": 13,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@ -44,7 +44,7 @@
],
"visibility": "public",
"forks": 1,
"watchers": 12,
"watchers": 13,
"score": 0,
"subscribers_count": 0
},
@ -63,10 +63,10 @@
"description": "Senior-CSO security audit skill for vibe-coded apps. 22-check audit anchored to real 2026 incidents (Moltbook, Lovable CVE-2025-48757). Drop-in Claude Code skill.",
"fork": false,
"created_at": "2026-05-01T11:13:52Z",
"updated_at": "2026-05-01T11:28:25Z",
"updated_at": "2026-05-01T14:04:38Z",
"pushed_at": "2026-05-01T11:28:22Z",
"stargazers_count": 0,
"watchers_count": 0,
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -77,7 +77,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 0
}

4
2025/CVE-2025-48804.json
View file

@ -14,8 +14,8 @@
"description": "PoC\/downgrade attack for CVE-2025-48804 (found by Microsoft STORM)",
"fork": false,
"created_at": "2026-04-30T13:05:30Z",
"updated_at": "2026-04-30T14:04:26Z",
"pushed_at": "2026-04-30T14:04:08Z",
"updated_at": "2026-05-01T14:50:01Z",
"pushed_at": "2026-05-01T14:49:57Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2025/CVE-2025-49144.json
View file

@ -251,8 +251,8 @@
"description": null,
"fork": false,
"created_at": "2025-09-19T17:17:19Z",
"updated_at": "2026-05-01T09:07:03Z",
"pushed_at": "2026-05-01T09:07:00Z",
"updated_at": "2026-05-01T16:01:42Z",
"pushed_at": "2026-05-01T16:01:38Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,

8
2025/CVE-2025-49844.json
View file

@ -14,8 +14,8 @@
"description": "🔍 Explore and test the CVE-2025-49844 (RediShell) vulnerability in Redis with this practical lab environment for secure education and research.",
"fork": false,
"created_at": "2019-04-13T07:51:09Z",
"updated_at": "2026-05-01T09:27:40Z",
"pushed_at": "2026-05-01T09:27:37Z",
"updated_at": "2026-05-01T16:48:39Z",
"pushed_at": "2026-05-01T16:48:35Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
@ -66,8 +66,8 @@
"description": "🚨 Exploit the CVE-2025-49844 Redis Lua interpreter UAF vulnerability to execute arbitrary shellcode and gain persistent backdoor access.",
"fork": false,
"created_at": "2022-04-06T09:27:39Z",
"updated_at": "2026-05-01T09:28:34Z",
"pushed_at": "2026-05-01T09:28:31Z",
"updated_at": "2026-05-01T16:50:34Z",
"pushed_at": "2026-05-01T16:50:30Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,

4
2025/CVE-2025-52915.json
View file

@ -19,7 +19,7 @@
"stargazers_count": 711,
"watchers_count": 711,
"has_discussions": false,
"forks_count": 106,
"forks_count": 107,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -36,7 +36,7 @@
"vulnerable-driver"
],
"visibility": "public",
"forks": 106,
"forks": 107,
"watchers": 711,
"score": 0,
"subscribers_count": 18

8
2025/CVE-2025-54068.json
View file

@ -14,10 +14,10 @@
"description": "A tool designed to exploit CVE-2025-54068 and Remote Command Execution if the APP_KEY of the Livewire project is known.",
"fork": false,
"created_at": "2025-12-23T09:54:54Z",
"updated_at": "2026-05-01T00:48:09Z",
"updated_at": "2026-05-01T12:53:14Z",
"pushed_at": "2026-02-17T10:05:49Z",
"stargazers_count": 134,
"watchers_count": 134,
"stargazers_count": 135,
"watchers_count": 135,
"has_discussions": false,
"forks_count": 31,
"allow_forking": true,
@ -28,7 +28,7 @@
"topics": [],
"visibility": "public",
"forks": 31,
"watchers": 134,
"watchers": 135,
"score": 0,
"subscribers_count": 0
},

4
2025/CVE-2025-5419.json
View file

@ -14,8 +14,8 @@
"description": "🛡️ Analyze CVE-2025-5419 to exploit an uninitialized read vulnerability in V8 for arbitrary read\/write access within the sandbox environment.",
"fork": false,
"created_at": "2023-01-25T04:41:49Z",
"updated_at": "2026-05-01T10:43:00Z",
"pushed_at": "2026-05-01T10:42:57Z",
"updated_at": "2026-05-01T18:38:43Z",
"pushed_at": "2026-05-01T18:38:40Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2025/CVE-2025-54253.json
View file

@ -67,8 +67,8 @@
"description": "🐙 CVE-2025-54253 exploit demo for Adobe AEM Forms on JEE: OGNL injection to RCE with PoC, Python 3.10 exploit code, reproducer and mitigation guidance.",
"fork": false,
"created_at": "2025-08-17T22:04:33Z",
"updated_at": "2026-05-01T09:01:05Z",
"pushed_at": "2026-05-01T09:01:00Z",
"updated_at": "2026-05-01T15:55:22Z",
"pushed_at": "2026-05-01T15:55:17Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,

4
2025/CVE-2025-54424.json
View file

@ -53,8 +53,8 @@
"description": "CVE-2025-54424: 1Panel TLS client cert bypass enables RCE via forged CN 'panel_client' using a bundled scanning and exploitation tool. Affected: <= v2.0.5. 🔐",
"fork": false,
"created_at": "2025-08-14T05:16:16Z",
"updated_at": "2026-05-01T09:00:30Z",
"pushed_at": "2026-05-01T09:00:27Z",
"updated_at": "2026-05-01T15:54:34Z",
"pushed_at": "2026-05-01T15:54:31Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,

92
2025/CVE-2025-55182.json
View file

@ -14,8 +14,8 @@
"description": "🔍 Demonstrate CVE-2025-55182, a critical vulnerability in React Server Components allowing unauthenticated arbitrary code execution.",
"fork": false,
"created_at": "2021-09-18T02:04:33Z",
"updated_at": "2026-05-01T10:03:41Z",
"pushed_at": "2026-05-01T10:03:38Z",
"updated_at": "2026-05-01T17:57:25Z",
"pushed_at": "2026-05-01T17:57:20Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -66,8 +66,8 @@
"description": "🔍 Scan for CVE-2025-55182 risks in React Server Components with this non-intrusive tool that helps detect critical vulnerabilities in your applications.",
"fork": false,
"created_at": "2022-06-17T10:19:10Z",
"updated_at": "2026-05-01T10:02:41Z",
"pushed_at": "2026-05-01T10:02:37Z",
"updated_at": "2026-05-01T17:56:55Z",
"pushed_at": "2026-05-01T17:56:52Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -151,8 +151,8 @@
"description": "🔍 Detect vulnerabilities CVE-2025-55182 and CVE-2025-66478 in Next.js apps with this reliable command-line scanner.",
"fork": false,
"created_at": "2023-11-27T18:17:43Z",
"updated_at": "2026-05-01T10:03:20Z",
"pushed_at": "2026-05-01T10:03:16Z",
"updated_at": "2026-05-01T17:57:03Z",
"pushed_at": "2026-05-01T17:56:59Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
@ -203,8 +203,8 @@
"description": "🚨 Exploit CVE-2025-55182, a critical RCE vulnerability in React Server Components for Next.js apps; enables testing for prototype pollution risks.",
"fork": false,
"created_at": "2024-04-24T02:36:56Z",
"updated_at": "2026-05-01T10:03:57Z",
"pushed_at": "2026-05-01T10:03:54Z",
"updated_at": "2026-05-01T17:58:32Z",
"pushed_at": "2026-05-01T17:58:28Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
@ -251,8 +251,8 @@
"description": "🚨 Exploit and scan for CVE-2025-55182, a critical React\/Next.js vulnerability enabling remote code execution through prototype pollution techniques.",
"fork": false,
"created_at": "2024-05-28T16:48:51Z",
"updated_at": "2026-05-01T10:02:31Z",
"pushed_at": "2026-05-01T10:02:28Z",
"updated_at": "2026-05-01T17:56:56Z",
"pushed_at": "2026-05-01T17:56:52Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
@ -303,8 +303,8 @@
"description": null,
"fork": false,
"created_at": "2024-11-29T12:32:19Z",
"updated_at": "2026-05-01T10:03:47Z",
"pushed_at": "2026-05-01T10:03:43Z",
"updated_at": "2026-05-01T17:57:44Z",
"pushed_at": "2026-05-01T17:57:41Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -352,8 +352,8 @@
"description": "🛠️ Exploit CVE-2025-55182 effortlessly with this GUI tool for vulnerability detection, command execution, and Shell reverse connections.",
"fork": false,
"created_at": "2025-04-21T22:04:31Z",
"updated_at": "2026-05-01T10:06:48Z",
"pushed_at": "2026-05-01T10:06:44Z",
"updated_at": "2026-05-01T18:01:40Z",
"pushed_at": "2026-05-01T18:01:36Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -406,8 +406,8 @@
"description": "🚨 Exploit CVE-2025-55182 to demonstrate RCE in React Server Functions, highlighting risks from insecure prototype references in Next.js applications.",
"fork": false,
"created_at": "2025-06-06T16:34:46Z",
"updated_at": "2026-05-01T10:02:59Z",
"pushed_at": "2026-05-01T10:02:54Z",
"updated_at": "2026-05-01T17:57:18Z",
"pushed_at": "2026-05-01T17:57:14Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -458,8 +458,8 @@
"description": "⚠️ Explore a vulnerable environment to test security scanners against the CVE-2025-55182 RCE flaw in React Server Components and Next.js applications.",
"fork": false,
"created_at": "2025-07-15T18:33:34Z",
"updated_at": "2026-05-01T10:03:58Z",
"pushed_at": "2026-05-01T10:03:55Z",
"updated_at": "2026-05-01T17:58:23Z",
"pushed_at": "2026-05-01T17:58:20Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
@ -1247,10 +1247,10 @@
"description": "High Fidelity Detection Mechanism for RSC\/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)",
"fork": false,
"created_at": "2025-12-04T06:55:04Z",
"updated_at": "2026-05-01T07:36:31Z",
"updated_at": "2026-05-01T13:25:05Z",
"pushed_at": "2025-12-07T04:16:46Z",
"stargazers_count": 2437,
"watchers_count": 2437,
"stargazers_count": 2436,
"watchers_count": 2436,
"has_discussions": false,
"forks_count": 267,
"allow_forking": true,
@ -1261,7 +1261,7 @@
"topics": [],
"visibility": "public",
"forks": 267,
"watchers": 2437,
"watchers": 2436,
"score": 0,
"subscribers_count": 13
},
@ -2965,7 +2965,7 @@
"stargazers_count": 61,
"watchers_count": 61,
"has_discussions": false,
"forks_count": 18,
"forks_count": 17,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -2973,7 +2973,7 @@
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 18,
"forks": 17,
"watchers": 61,
"score": 0,
"subscribers_count": 1
@ -4176,12 +4176,12 @@
"description": "RSC\/Next.js RCE Vulnerability Detector & PoC Chrome Extension CVE-2025-55182 & CVE-2025-66478",
"fork": false,
"created_at": "2025-12-06T00:36:16Z",
"updated_at": "2026-04-29T19:26:14Z",
"updated_at": "2026-05-01T17:53:45Z",
"pushed_at": "2025-12-06T01:27:19Z",
"stargazers_count": 312,
"watchers_count": 312,
"stargazers_count": 311,
"watchers_count": 311,
"has_discussions": false,
"forks_count": 59,
"forks_count": 58,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -4189,8 +4189,8 @@
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 59,
"watchers": 312,
"forks": 58,
"watchers": 311,
"score": 0,
"subscribers_count": 5
},
@ -5308,7 +5308,7 @@
"stargazers_count": 245,
"watchers_count": 245,
"has_discussions": false,
"forks_count": 60,
"forks_count": 59,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -5316,7 +5316,7 @@
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 60,
"forks": 59,
"watchers": 245,
"score": 0,
"subscribers_count": 3
@ -12284,8 +12284,8 @@
"description": "🛡️ Explore CVE-2025-55182, a critical RCE vulnerability in React's Flight Protocol, demonstrating exploitation techniques and mitigation strategies.",
"fork": false,
"created_at": "2025-12-24T14:48:19Z",
"updated_at": "2026-05-01T10:02:35Z",
"pushed_at": "2026-05-01T10:02:31Z",
"updated_at": "2026-05-01T17:56:41Z",
"pushed_at": "2026-05-01T17:56:38Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -12369,8 +12369,8 @@
"description": "🚨 Identify and address CVE-2025-55182, a critical React Server vulnerability allowing remote code execution without authentication.",
"fork": false,
"created_at": "2025-12-24T18:44:51Z",
"updated_at": "2026-05-01T10:01:46Z",
"pushed_at": "2026-05-01T10:01:42Z",
"updated_at": "2026-05-01T17:56:54Z",
"pushed_at": "2026-05-01T17:56:50Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -12418,8 +12418,8 @@
"description": "🚨 Demonstrate CVE-2025-55182, a critical React vulnerability allowing remote code execution via prototype chain pollution in `react-server-dom-webpack@19.0.0`.",
"fork": false,
"created_at": "2025-12-24T18:48:07Z",
"updated_at": "2026-05-01T10:01:54Z",
"pushed_at": "2026-05-01T10:01:50Z",
"updated_at": "2026-05-01T17:56:56Z",
"pushed_at": "2026-05-01T17:56:52Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -12503,8 +12503,8 @@
"description": "🔍 Exploit CVE-2025-55182 in Next.js with this versatile tool for security research, featuring advanced payloads and WAF bypass techniques.",
"fork": false,
"created_at": "2025-12-25T19:28:28Z",
"updated_at": "2026-05-01T10:03:52Z",
"pushed_at": "2026-05-01T10:03:48Z",
"updated_at": "2026-05-01T17:57:48Z",
"pushed_at": "2026-05-01T17:57:44Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -12705,8 +12705,8 @@
"description": "⚡ Discover and exploit CVE-2025-55182 with this PoC, offering reliable remote code execution tests for React Server Components in Next.js.",
"fork": false,
"created_at": "2025-12-26T22:26:55Z",
"updated_at": "2026-05-01T10:03:29Z",
"pushed_at": "2026-05-01T10:03:26Z",
"updated_at": "2026-05-01T17:58:10Z",
"pushed_at": "2026-05-01T17:58:06Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -12975,8 +12975,8 @@
"description": "🛡️ Scan and assess vulnerabilities in Next.js\/Waku with the CVE-2025-55182-Scanner, combining static and dynamic analysis for robust security.",
"fork": false,
"created_at": "2026-01-02T01:28:57Z",
"updated_at": "2026-05-01T10:08:44Z",
"pushed_at": "2026-05-01T10:08:40Z",
"updated_at": "2026-05-01T18:04:29Z",
"pushed_at": "2026-05-01T18:04:24Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
@ -13496,8 +13496,8 @@
"description": "🔍 Exploit CVE-2025-55182 vulnerabilities in Next.js and React with this efficient framework for rapid testing and assessment.",
"fork": false,
"created_at": "2026-01-08T16:28:04Z",
"updated_at": "2026-05-01T10:14:50Z",
"pushed_at": "2026-05-01T10:14:46Z",
"updated_at": "2026-05-01T18:10:35Z",
"pushed_at": "2026-05-01T18:10:31Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,

4
2025/CVE-2025-55184.json
View file

@ -289,8 +289,8 @@
"description": "🛠️ Test and validate the CVE-2025-55184 vulnerability in React Server Components to enhance your application's security against denial-of-service attacks.",
"fork": false,
"created_at": "2026-01-02T05:04:03Z",
"updated_at": "2026-05-01T10:09:12Z",
"pushed_at": "2026-05-01T10:09:08Z",
"updated_at": "2026-05-01T18:04:43Z",
"pushed_at": "2026-05-01T18:04:38Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,

4
2025/CVE-2025-58434.json
View file

@ -424,8 +424,8 @@
"description": null,
"fork": false,
"created_at": "2026-05-01T11:10:29Z",
"updated_at": "2026-05-01T12:36:39Z",
"pushed_at": "2026-05-01T12:36:34Z",
"updated_at": "2026-05-01T15:40:01Z",
"pushed_at": "2026-05-01T15:39:57Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2025/CVE-2025-59287.json
View file

@ -200,8 +200,8 @@
"description": "🔍 Analyze WSUS deserialization behavior to enhance security, generate reports, and identify configuration weaknesses in your infrastructure.",
"fork": false,
"created_at": "2026-01-29T02:16:04Z",
"updated_at": "2026-05-01T10:32:43Z",
"pushed_at": "2026-05-01T10:32:39Z",
"updated_at": "2026-05-01T18:28:32Z",
"pushed_at": "2026-05-01T18:28:28Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

33
2025/CVE-2025-59528.json
View file

@ -130,5 +130,38 @@
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1226660887,
"name": "CVE-2025-59528-PoC",
"full_name": "mananispiwpiw\/CVE-2025-59528-PoC",
"owner": {
"login": "mananispiwpiw",
"id": 69857679,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/69857679?v=4",
"html_url": "https:\/\/github.com\/mananispiwpiw",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/mananispiwpiw\/CVE-2025-59528-PoC",
"description": null,
"fork": false,
"created_at": "2026-05-01T17:20:57Z",
"updated_at": "2026-05-01T17:31:43Z",
"pushed_at": "2026-05-01T17:31:40Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

4
2025/CVE-2025-61882.json
View file

@ -14,8 +14,8 @@
"description": "🔍 Detect vulnerabilities CVE-2025-61882 and CVE-2025-61884 in Oracle E-Business Suite to help secure your systems from potential remote code execution threats.",
"fork": false,
"created_at": "2025-03-04T15:38:32Z",
"updated_at": "2026-05-01T09:26:05Z",
"pushed_at": "2026-05-01T09:26:02Z",
"updated_at": "2026-05-01T16:47:30Z",
"pushed_at": "2026-05-01T16:47:25Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2025/CVE-2025-6554.json
View file

@ -179,8 +179,8 @@
"description": "🔍 Demonstrate and validate the `addressof` and `fakeobj` primitives in the V8 sandbox for advanced security research on CVE-2025-6554.",
"fork": false,
"created_at": "2025-08-10T21:07:43Z",
"updated_at": "2026-05-01T09:56:48Z",
"pushed_at": "2026-05-01T09:56:45Z",
"updated_at": "2026-05-01T17:48:18Z",
"pushed_at": "2026-05-01T17:48:14Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,

4
2025/CVE-2025-66478.json
View file

@ -14,8 +14,8 @@
"description": "🔧 Fix vulnerable versions in Next.js and React RSC apps with one command to secure against CVE-2025-66478. Improve your app's safety effortlessly.",
"fork": false,
"created_at": "2025-10-01T07:40:09Z",
"updated_at": "2026-05-01T10:04:27Z",
"pushed_at": "2026-05-01T10:04:23Z",
"updated_at": "2026-05-01T17:58:54Z",
"pushed_at": "2026-05-01T17:58:50Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2025/CVE-2025-68921.json
View file

@ -47,8 +47,8 @@
"description": "🔍 Identify and understand the local privilege escalation vulnerability (CVE-2025-68921) in Nahimic audio software, impacting many gaming laptops.",
"fork": false,
"created_at": "2026-01-24T21:00:41Z",
"updated_at": "2026-05-01T10:28:59Z",
"pushed_at": "2026-05-01T10:28:56Z",
"updated_at": "2026-05-01T18:25:33Z",
"pushed_at": "2026-05-01T18:25:29Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

12
2025/CVE-2025-8088.json
View file

@ -187,10 +187,10 @@
"description": "Advanced WinRAR Path Traversal Exploit Tool for CVE-2025-8088",
"fork": false,
"created_at": "2025-08-14T00:36:24Z",
"updated_at": "2026-04-09T19:04:40Z",
"updated_at": "2026-05-01T15:57:26Z",
"pushed_at": "2025-08-18T21:16:45Z",
"stargazers_count": 54,
"watchers_count": 54,
"stargazers_count": 55,
"watchers_count": 55,
"has_discussions": false,
"forks_count": 16,
"allow_forking": true,
@ -211,7 +211,7 @@
],
"visibility": "public",
"forks": 16,
"watchers": 54,
"watchers": 55,
"score": 0,
"subscribers_count": 0
},
@ -838,8 +838,8 @@
"description": "🛠 Exploit CVE-2025-8088 with this Python tool to generate malicious WinRAR archives that ensure payload persistence in Windows startup folders.",
"fork": false,
"created_at": "2025-12-20T13:52:21Z",
"updated_at": "2026-05-01T09:58:20Z",
"pushed_at": "2026-05-01T09:58:17Z",
"updated_at": "2026-05-01T17:50:36Z",
"pushed_at": "2026-05-01T17:50:29Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,

4
2025/CVE-2025-8110.json
View file

@ -146,8 +146,8 @@
"description": "🔍 Detect improper symbolic link handling in Gogs' PutContents API, exposing local code execution risks for versions 0.13.3 and earlier.",
"fork": false,
"created_at": "2025-12-31T13:25:07Z",
"updated_at": "2026-05-01T10:08:10Z",
"pushed_at": "2026-05-01T10:08:06Z",
"updated_at": "2026-05-01T18:03:28Z",
"pushed_at": "2026-05-01T18:03:25Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2025/CVE-2025-9074.json
View file

@ -14,8 +14,8 @@
"description": "🚀 Exploit CVE-2025-9074 with this Docker escape framework, simplifying API vulnerabilities and enhancing security testing for developers and researchers.",
"fork": false,
"created_at": "2024-06-19T23:21:41Z",
"updated_at": "2026-05-01T10:09:51Z",
"pushed_at": "2026-05-01T10:09:47Z",
"updated_at": "2026-05-01T18:05:44Z",
"pushed_at": "2026-05-01T18:05:40Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

35
2026/CVE-2026-0628.json
View file

@ -1,35 +0,0 @@
[
{
"id": 1146636584,
"name": "Dissecting-CVE-2026-0628-Chromium-Extension-Privilege-Escalation",
"full_name": "sastraadiwiguna-purpleeliteteaming\/Dissecting-CVE-2026-0628-Chromium-Extension-Privilege-Escalation",
"owner": {
"login": "sastraadiwiguna-purpleeliteteaming",
"id": 248769097,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/248769097?v=4",
"html_url": "https:\/\/github.com\/sastraadiwiguna-purpleeliteteaming",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/sastraadiwiguna-purpleeliteteaming\/Dissecting-CVE-2026-0628-Chromium-Extension-Privilege-Escalation",
"description": "Origin CyberAnatomy Spoofing via Malicious WebView - Dissecting CVE-2026-0628 Chromium Extension Privilege Escalation This research provides a comprehensive technical dissection of CVE-2026-0628, a high-severity privilege escalation vulnerability (CVSS v3.1: 8.8) in Chromium's WebView policy enforcement mechanism. ",
"fork": false,
"created_at": "2026-01-31T12:31:00Z",
"updated_at": "2026-01-31T14:07:45Z",
"pushed_at": "2026-01-31T12:35:20Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 0
}
]

4
2026/CVE-2026-0828.json
View file

@ -14,8 +14,8 @@
"description": "🛠 Exploit and control Windows processes using CVE-2025-70795 and CVE-2026-0828 with driver-based termination tools.",
"fork": false,
"created_at": "2024-04-20T04:18:24Z",
"updated_at": "2026-05-01T10:53:59Z",
"pushed_at": "2026-05-01T10:53:56Z",
"updated_at": "2026-05-01T18:50:15Z",
"pushed_at": "2026-05-01T18:50:11Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,

35
2026/CVE-2026-1457.json
View file

@ -1,35 +0,0 @@
[
{
"id": 1146419073,
"name": "CVE-2026-1457",
"full_name": "ii4gsp\/CVE-2026-1457",
"owner": {
"login": "ii4gsp",
"id": 150011478,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/150011478?v=4",
"html_url": "https:\/\/github.com\/ii4gsp",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/ii4gsp\/CVE-2026-1457",
"description": "CVE-2026-1457 is an authenticated buffer overflow vulnerability in the web API of TP-Link VIGI C385 V1. This vulnerability allows authenticated attackers to perform remote code execution (RCE).",
"fork": false,
"created_at": "2026-01-31T04:11:25Z",
"updated_at": "2026-01-31T04:11:46Z",
"pushed_at": "2026-01-31T04:11:42Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

68
2026/CVE-2026-20805.json
View file

@ -1,68 +0,0 @@
[
{
"id": 1146478346,
"name": "-SCTT-2026-33-0002-DWM-Visual-Field-Singularity",
"full_name": "SimoesCTT\/-SCTT-2026-33-0002-DWM-Visual-Field-Singularity",
"owner": {
"login": "SimoesCTT",
"id": 94452709,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/94452709?v=4",
"html_url": "https:\/\/github.com\/SimoesCTT",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/SimoesCTT\/-SCTT-2026-33-0002-DWM-Visual-Field-Singularity",
"description": "### 📡 Theoretical Classification **ID:** SCTT-2026-33-0002 **Researcher:** Americo Simoes (SimoesCTT) **Physics:** Theorem 4.2 - Turbulent Phase Transition (TPT) **Constant:** α = 0.0302011 **Target:** Desktop Window Manager (dwm.exe) \/ Windows Graphics Component **Obsoletes:** CVE-2026-20805 & CVE-2026-20871 (Visual-Latch Patches)",
"fork": false,
"created_at": "2026-01-31T06:40:56Z",
"updated_at": "2026-01-31T06:45:09Z",
"pushed_at": "2026-01-31T06:45:05Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1146483268,
"name": "SCTT-2026-33-0002-DWM-Visual-Field-Singularity",
"full_name": "SimoesCTT\/SCTT-2026-33-0002-DWM-Visual-Field-Singularity",
"owner": {
"login": "SimoesCTT",
"id": 94452709,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/94452709?v=4",
"html_url": "https:\/\/github.com\/SimoesCTT",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/SimoesCTT\/SCTT-2026-33-0002-DWM-Visual-Field-Singularity",
"description": "Microsoft just patched CVE-2026-20805 and CVE-2026-20871 in January 2026 to stop \"Information Disclosure\" and \"Use-After-Free\" bugs in DWM. They think they've secured the \"Visual Boundary.\" We are about to prove that a 33-layer resonance can turn those visual buffers into a liquid pipeline for SCTT-2026-33-0002.",
"fork": false,
"created_at": "2026-01-31T06:52:17Z",
"updated_at": "2026-01-31T07:01:00Z",
"pushed_at": "2026-01-31T07:00:56Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

8
2026/CVE-2026-20841.json
View file

@ -14,8 +14,8 @@
"description": "🛠 Demonstrate remote code execution in Windows Notepad via markdown links exploiting unsecured URL protocols.",
"fork": false,
"created_at": "2024-09-22T12:19:06Z",
"updated_at": "2026-05-01T10:53:08Z",
"pushed_at": "2026-05-01T10:53:04Z",
"updated_at": "2026-05-01T18:49:15Z",
"pushed_at": "2026-05-01T18:49:12Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
@ -412,8 +412,8 @@
"description": "🛠 Demonstrate remote code execution in Windows Notepad versions below 11.2510 using the CVE-2026-20841 proof of concept.",
"fork": false,
"created_at": "2026-02-26T05:21:28Z",
"updated_at": "2026-05-01T10:52:08Z",
"pushed_at": "2026-05-01T10:52:04Z",
"updated_at": "2026-05-01T18:48:13Z",
"pushed_at": "2026-05-01T18:48:09Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

66
2026/CVE-2026-21509.json
View file

@ -1,70 +1,4 @@
[
{
"id": 1146434087,
"name": "CTT-NFS-Vortex-RCE",
"full_name": "SimoesCTT\/CTT-NFS-Vortex-RCE",
"owner": {
"login": "SimoesCTT",
"id": 94452709,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/94452709?v=4",
"html_url": "https:\/\/github.com\/SimoesCTT",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/SimoesCTT\/CTT-NFS-Vortex-RCE",
"description": "New Physics Disclosure This repository contains a full weaponized exploit for **CVE-2026-21509**, targeting the Windows Network File System (NFSv4.1) kernel-mode driver (`nfssvr.sys`). ",
"fork": false,
"created_at": "2026-01-31T04:52:13Z",
"updated_at": "2026-02-08T22:29:34Z",
"pushed_at": "2026-01-31T04:57:20Z",
"stargazers_count": 3,
"watchers_count": 3,
"has_discussions": false,
"forks_count": 3,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 3,
"watchers": 3,
"score": 0,
"subscribers_count": 0
},
{
"id": 1146561861,
"name": "SCTT-2026-33-0007-The-OLE-Vortex-Laminar-Bypass-",
"full_name": "SimoesCTT\/SCTT-2026-33-0007-The-OLE-Vortex-Laminar-Bypass-",
"owner": {
"login": "SimoesCTT",
"id": 94452709,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/94452709?v=4",
"html_url": "https:\/\/github.com\/SimoesCTT",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/SimoesCTT\/SCTT-2026-33-0007-The-OLE-Vortex-Laminar-Bypass-",
"description": "Microsoft just released emergency patches for CVE-2026-21509, a zero-day in the Office Suite that bypasses OLE\/COM mitigations when a user simply opens a file. They think their \"Service-side change\" for Office 2021+ is a solid wall. ",
"fork": false,
"created_at": "2026-01-31T09:50:23Z",
"updated_at": "2026-01-31T16:08:36Z",
"pushed_at": "2026-01-31T09:58:19Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 1,
"score": 0,
"subscribers_count": 0
},
{
"id": 1147401424,
"name": "CTT-MICROSOFT-OFFICE-OLE-MANIFOLD-BYPASS-CVE-2026-21509",

33
2026/CVE-2026-21858.json
View file

@ -41,39 +41,6 @@
"score": 0,
"subscribers_count": 2
},
{
"id": 1146309368,
"name": "CVE-2026-21858",
"full_name": "Alhakim88\/CVE-2026-21858",
"owner": {
"login": "Alhakim88",
"id": 116581267,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/116581267?v=4",
"html_url": "https:\/\/github.com\/Alhakim88",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/Alhakim88\/CVE-2026-21858",
"description": "Hack",
"fork": false,
"created_at": "2026-01-30T22:38:06Z",
"updated_at": "2026-01-30T22:40:24Z",
"pushed_at": "2026-01-30T22:40:21Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1154962690,
"name": "CVE-2026-21858",

35
2026/CVE-2026-22807.json
View file

@ -1,35 +0,0 @@
[
{
"id": 1146590691,
"name": "CVE-2026-22807_Range",
"full_name": "otakuliu\/CVE-2026-22807_Range",
"owner": {
"login": "otakuliu",
"id": 154051816,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/154051816?v=4",
"html_url": "https:\/\/github.com\/otakuliu",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/otakuliu\/CVE-2026-22807_Range",
"description": "CVE-2026-22807的靶场",
"fork": false,
"created_at": "2026-01-31T10:52:29Z",
"updated_at": "2026-01-31T10:55:50Z",
"pushed_at": "2026-01-31T10:55:47Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

49
2026/CVE-2026-2406.json
View file

@ -14,8 +14,8 @@
"description": "🔍 Analyze and detect CVE-2026-2406 vulnerabilities in Telnet to enhance security and prevent unauthorized access with this professional research engine.",
"fork": false,
"created_at": "2025-04-16T07:20:12Z",
"updated_at": "2026-05-01T10:42:17Z",
"pushed_at": "2026-05-01T10:42:13Z",
"updated_at": "2026-05-01T18:39:23Z",
"pushed_at": "2026-05-01T18:39:19Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -44,51 +44,6 @@
"score": 0,
"subscribers_count": 1
},
{
"id": 1145881675,
"name": "Terrminus-CVE-2026-2406",
"full_name": "ridpath\/Terrminus-CVE-2026-2406",
"owner": {
"login": "ridpath",
"id": 1102933,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/1102933?v=4",
"html_url": "https:\/\/github.com\/ridpath",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/ridpath\/Terrminus-CVE-2026-2406",
"description": " AsyncIO Scanner & Exploitation Framework for CVE-2026-24061 (Telnet NEW_ENVIRON Auth Bypass). Features high-concurrency discovery, passive fingerprinting, and authorized root shell escalation",
"fork": false,
"created_at": "2026-01-30T10:33:34Z",
"updated_at": "2026-04-09T10:42:42Z",
"pushed_at": "2026-01-30T20:26:46Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [
"cve-2026-24061",
"cybersecurity-tools",
"pentesting-tools",
"privelage-escalation",
"python-asyncio",
"rce",
"red-teaming",
"red-teaming-tools",
"telnet-exploit",
"telnet-scanner",
"vulnerability-scanners"
],
"visibility": "public",
"forks": 0,
"watchers": 2,
"score": 0,
"subscribers_count": 0
},
{
"id": 1156104900,
"name": "hyu164.github.io",

124
2026/CVE-2026-24061.json
View file

@ -74,118 +74,6 @@
"score": 0,
"subscribers_count": 0
},
{
"id": 1141454492,
"name": "Twenty-Three-Scanner",
"full_name": "madfxr\/Twenty-Three-Scanner",
"owner": {
"login": "madfxr",
"id": 30550561,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/30550561?v=4",
"html_url": "https:\/\/github.com\/madfxr",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/madfxr\/Twenty-Three-Scanner",
"description": "CVE-2026-24061 - GNU InetUtils Telnetd Remote Authentication Bypass",
"fork": false,
"created_at": "2026-01-24T21:47:29Z",
"updated_at": "2026-04-13T07:15:24Z",
"pushed_at": "2026-01-31T00:49:53Z",
"stargazers_count": 4,
"watchers_count": 4,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [
"cve-2026-24061",
"ethical-hacking",
"exploit",
"gnu",
"inetutils",
"linux",
"offensive-security",
"poc",
"python",
"rce",
"red-team",
"telnetd"
],
"visibility": "public",
"forks": 0,
"watchers": 4,
"score": 0,
"subscribers_count": 0
},
{
"id": 1146350782,
"name": "telnet-inetutils-auth-bypass-CVE-2026-24061",
"full_name": "0xXyc\/telnet-inetutils-auth-bypass-CVE-2026-24061",
"owner": {
"login": "0xXyc",
"id": 42036798,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/42036798?v=4",
"html_url": "https:\/\/github.com\/0xXyc",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/0xXyc\/telnet-inetutils-auth-bypass-CVE-2026-24061",
"description": "This is a simple PoC that allows you to highlight the severity of the ongoing and actively exploited Telnet bug that is going on right now. Why people are still using Telnet... beyond me.",
"fork": false,
"created_at": "2026-01-31T00:41:11Z",
"updated_at": "2026-04-26T23:36:56Z",
"pushed_at": "2026-01-31T00:43:09Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1146360267,
"name": "CVE-2026-24061",
"full_name": "buzz075\/CVE-2026-24061",
"owner": {
"login": "buzz075",
"id": 139185174,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/139185174?v=4",
"html_url": "https:\/\/github.com\/buzz075",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/buzz075\/CVE-2026-24061",
"description": "Scanner for CVE-2026-24061",
"fork": false,
"created_at": "2026-01-31T01:10:23Z",
"updated_at": "2026-01-31T01:13:37Z",
"pushed_at": "2026-01-31T01:13:34Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1147490725,
"name": "CVE-2026-24061_POC",
@ -306,8 +194,8 @@
"description": "🚨 Exploit CVE-2026-24061, a critical remote authentication bypass in GNU inetutils-telnetd, for instant root shell access without authentication.",
"fork": false,
"created_at": "2026-02-03T19:46:10Z",
"updated_at": "2026-05-01T10:38:07Z",
"pushed_at": "2026-05-01T10:38:04Z",
"updated_at": "2026-05-01T18:34:37Z",
"pushed_at": "2026-05-01T18:34:33Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -794,10 +682,10 @@
"description": "scanner\/exploiter CVE-2026-24061 & CVE-2026-32746",
"fork": false,
"created_at": "2026-03-26T12:52:57Z",
"updated_at": "2026-04-10T00:31:58Z",
"updated_at": "2026-05-01T15:43:28Z",
"pushed_at": "2026-03-26T13:36:38Z",
"stargazers_count": 4,
"watchers_count": 4,
"stargazers_count": 5,
"watchers_count": 5,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
@ -808,7 +696,7 @@
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 4,
"watchers": 5,
"score": 0,
"subscribers_count": 0
},

8
2026/CVE-2026-24294.json
View file

@ -14,10 +14,10 @@
"description": "CVE-2026-24294 PoC",
"fork": false,
"created_at": "2026-04-30T04:31:14Z",
"updated_at": "2026-04-30T08:37:43Z",
"updated_at": "2026-05-01T16:24:28Z",
"pushed_at": "2026-04-30T04:35:37Z",
"stargazers_count": 1,
"watchers_count": 1,
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -28,7 +28,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 1,
"watchers": 2,
"score": 0,
"subscribers_count": 0
}

35
2026/CVE-2026-2461.json
View file

@ -1,35 +0,0 @@
[
{
"id": 1146330916,
"name": "CVE-2026-2461-poc",
"full_name": "destiny-creates\/CVE-2026-2461-poc",
"owner": {
"login": "destiny-creates",
"id": 40739698,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/40739698?v=4",
"html_url": "https:\/\/github.com\/destiny-creates",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/destiny-creates\/CVE-2026-2461-poc",
"description": "POC in python for CVE-2026-2461",
"fork": false,
"created_at": "2026-01-30T23:38:17Z",
"updated_at": "2026-01-30T23:41:29Z",
"pushed_at": "2026-01-30T23:41:25Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

35
2026/CVE-2026-24841.json
View file

@ -1,35 +0,0 @@
[
{
"id": 1146408012,
"name": "CVE-2026-24841_Range",
"full_name": "otakuliu\/CVE-2026-24841_Range",
"owner": {
"login": "otakuliu",
"id": 154051816,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/154051816?v=4",
"html_url": "https:\/\/github.com\/otakuliu",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/otakuliu\/CVE-2026-24841_Range",
"description": "CVE-2026-24841仿真靶场用来模拟真实环境适合搭建Dokploy报错而无法搭建的",
"fork": false,
"created_at": "2026-01-31T03:40:00Z",
"updated_at": "2026-01-31T03:43:02Z",
"pushed_at": "2026-01-31T03:42:58Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

66
2026/CVE-2026-24858.json
View file

@ -1,70 +1,4 @@
[
{
"id": 1145674135,
"name": "-CTT-NSP-Convergent-Time-Theory---Network-Stack-Projection-CVE-2026-24858-",
"full_name": "SimoesCTT\/-CTT-NSP-Convergent-Time-Theory---Network-Stack-Projection-CVE-2026-24858-",
"owner": {
"login": "SimoesCTT",
"id": 94452709,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/94452709?v=4",
"html_url": "https:\/\/github.com\/SimoesCTT",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/SimoesCTT\/-CTT-NSP-Convergent-Time-Theory---Network-Stack-Projection-CVE-2026-24858-",
"description": " A Proof-of-Concept demonstrating the application of 3D Navier-Stokes CTT formulations to packet flow optimization and defensive bypass.",
"fork": false,
"created_at": "2026-01-30T04:27:24Z",
"updated_at": "2026-01-30T16:36:46Z",
"pushed_at": "2026-01-30T16:36:42Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1146557505,
"name": "SCTT-2026-33-0004-FortiCloud-SSO-Identity-Singularity",
"full_name": "SimoesCTT\/SCTT-2026-33-0004-FortiCloud-SSO-Identity-Singularity",
"owner": {
"login": "SimoesCTT",
"id": 94452709,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/94452709?v=4",
"html_url": "https:\/\/github.com\/SimoesCTT",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/SimoesCTT\/SCTT-2026-33-0004-FortiCloud-SSO-Identity-Singularity",
"description": "While Fortinet's January 27, 2026 mitigation for **CVE-2026-24858** focuses on blocking specific accounts like `cloud-noc@mail.io`, it fails to address the **Temporal Vulnerability** of the SAML state machine. ",
"fork": false,
"created_at": "2026-01-31T09:41:04Z",
"updated_at": "2026-01-31T09:47:07Z",
"pushed_at": "2026-01-31T09:47:04Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1154722180,
"name": "cve-2026-24858",

35
2026/CVE-2026-25126.json
View file

@ -1,35 +0,0 @@
[
{
"id": 1146515749,
"name": "CVE-2026-25126",
"full_name": "Jvr2022\/CVE-2026-25126",
"owner": {
"login": "Jvr2022",
"id": 109031036,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/109031036?v=4",
"html_url": "https:\/\/github.com\/Jvr2022",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/Jvr2022\/CVE-2026-25126",
"description": "CVE-2026-25126 Proof-of-Concept demonstrating vote count manipulation in PolarLearn due to improper runtime validation of the forum vote direction parameter. Published after upstream patch release.",
"fork": false,
"created_at": "2026-01-31T08:07:44Z",
"updated_at": "2026-01-31T09:03:26Z",
"pushed_at": "2026-01-31T08:09:19Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 0
}
]

35
2026/CVE-2026-25211.json
View file

@ -1,35 +0,0 @@
[
{
"id": 1146925319,
"name": "Llama-Stack-0.4.0rc3-local-CVE-2026-25211",
"full_name": "mbanyamer\/Llama-Stack-0.4.0rc3-local-CVE-2026-25211",
"owner": {
"login": "mbanyamer",
"id": 213306745,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/213306745?v=4",
"html_url": "https:\/\/github.com\/mbanyamer",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/mbanyamer\/Llama-Stack-0.4.0rc3-local-CVE-2026-25211",
"description": null,
"fork": false,
"created_at": "2026-01-31T22:42:09Z",
"updated_at": "2026-02-20T10:41:33Z",
"pushed_at": "2026-01-31T22:43:28Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

24
2025/CVE-2025-34036.json → 2026/CVE-2026-29905.json
View file

@ -1,21 +1,21 @@
[
{
"id": 1041241262,
"name": "cve-2025-34036",
"full_name": "Prabhukiran161\/cve-2025-34036",
"id": 1192852197,
"name": "CVE",
"full_name": "Stalin-143\/CVE",
"owner": {
"login": "Prabhukiran161",
"id": 121723732,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121723732?v=4",
"html_url": "https:\/\/github.com\/Prabhukiran161",
"login": "Stalin-143",
"id": 161853795,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/161853795?v=4",
"html_url": "https:\/\/github.com\/Stalin-143",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/Prabhukiran161\/cve-2025-34036",
"description": null,
"html_url": "https:\/\/github.com\/Stalin-143\/CVE",
"description": "CVE-2026-29905",
"fork": false,
"created_at": "2025-08-20T07:37:02Z",
"updated_at": "2025-08-20T07:37:11Z",
"pushed_at": "2025-08-20T07:37:08Z",
"created_at": "2026-03-26T16:15:08Z",
"updated_at": "2026-05-01T18:51:57Z",
"pushed_at": "2026-05-01T18:51:53Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

8
2026/CVE-2026-30368.json
View file

@ -14,10 +14,10 @@
"description": "CVE-2026-30368 proof of concept",
"fork": false,
"created_at": "2026-04-22T03:40:06Z",
"updated_at": "2026-04-28T20:46:28Z",
"updated_at": "2026-05-01T14:11:37Z",
"pushed_at": "2026-04-26T22:34:05Z",
"stargazers_count": 14,
"watchers_count": 14,
"stargazers_count": 15,
"watchers_count": 15,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
@ -28,7 +28,7 @@
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 14,
"watchers": 15,
"score": 0,
"subscribers_count": 2
}

707
2026/CVE-2026-31431.json
View file

File diff suppressed because it is too large Load diff

8
2026/CVE-2026-34159.json
View file

@ -14,10 +14,10 @@
"description": "0 Click RCE exploit for CVE-2026-34159 Lama.cpp RPC server",
"fork": false,
"created_at": "2026-04-23T21:14:21Z",
"updated_at": "2026-04-30T03:45:18Z",
"updated_at": "2026-05-01T14:46:02Z",
"pushed_at": "2026-04-23T22:44:29Z",
"stargazers_count": 24,
"watchers_count": 24,
"stargazers_count": 25,
"watchers_count": 25,
"has_discussions": false,
"forks_count": 10,
"allow_forking": true,
@ -28,7 +28,7 @@
"topics": [],
"visibility": "public",
"forks": 10,
"watchers": 24,
"watchers": 25,
"score": 0,
"subscribers_count": 0
}

256
2026/CVE-2026-41940.json
View file

@ -14,10 +14,10 @@
"description": "CVE-2026-41940 latest cPanel & WHM 0day - 70 million websites are possible to expose by Chirag Artani",
"fork": false,
"created_at": "2026-04-29T17:44:32Z",
"updated_at": "2026-05-01T10:48:19Z",
"updated_at": "2026-05-01T17:19:49Z",
"pushed_at": "2026-04-29T17:55:20Z",
"stargazers_count": 21,
"watchers_count": 21,
"stargazers_count": 22,
"watchers_count": 22,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
@ -28,7 +28,7 @@
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 21,
"watchers": 22,
"score": 0,
"subscribers_count": 0
},
@ -47,10 +47,10 @@
"description": "Post-Exploitation Session Validation Tool for CVE-2026-41940",
"fork": false,
"created_at": "2026-04-29T23:11:15Z",
"updated_at": "2026-04-29T23:26:47Z",
"updated_at": "2026-05-01T17:19:55Z",
"pushed_at": "2026-04-29T23:26:44Z",
"stargazers_count": 0,
"watchers_count": 0,
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,
"forks_count": 3,
"allow_forking": true,
@ -61,7 +61,7 @@
"topics": [],
"visibility": "public",
"forks": 3,
"watchers": 0,
"watchers": 2,
"score": 0,
"subscribers_count": 0
},
@ -80,12 +80,12 @@
"description": null,
"fork": false,
"created_at": "2026-04-30T02:38:37Z",
"updated_at": "2026-05-01T10:48:28Z",
"updated_at": "2026-05-01T18:38:09Z",
"pushed_at": "2026-04-30T02:47:37Z",
"stargazers_count": 18,
"watchers_count": 18,
"stargazers_count": 20,
"watchers_count": 20,
"has_discussions": false,
"forks_count": 11,
"forks_count": 12,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -93,8 +93,8 @@
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 11,
"watchers": 18,
"forks": 12,
"watchers": 20,
"score": 0,
"subscribers_count": 0
},
@ -146,10 +146,10 @@
"description": "CVE-2026-41940",
"fork": false,
"created_at": "2026-04-30T07:29:23Z",
"updated_at": "2026-05-01T09:41:53Z",
"updated_at": "2026-05-01T15:03:37Z",
"pushed_at": "2026-04-30T07:05:29Z",
"stargazers_count": 4,
"watchers_count": 4,
"stargazers_count": 5,
"watchers_count": 5,
"has_discussions": false,
"forks_count": 5,
"allow_forking": true,
@ -160,7 +160,7 @@
"topics": [],
"visibility": "public",
"forks": 5,
"watchers": 4,
"watchers": 5,
"score": 0,
"subscribers_count": 0
},
@ -179,7 +179,7 @@
"description": "CVE-2026-41940利用工具go并发检测python利用",
"fork": false,
"created_at": "2026-04-30T07:43:32Z",
"updated_at": "2026-04-30T07:55:38Z",
"updated_at": "2026-05-01T15:56:04Z",
"pushed_at": "2026-04-30T07:55:34Z",
"stargazers_count": 0,
"watchers_count": 0,
@ -212,12 +212,12 @@
"description": "High fidelity scanner for CVE-2026-41940 (cPanel & WHM authentication bypass)",
"fork": false,
"created_at": "2026-04-30T08:11:23Z",
"updated_at": "2026-05-01T12:37:40Z",
"updated_at": "2026-05-01T15:58:52Z",
"pushed_at": "2026-04-30T08:22:31Z",
"stargazers_count": 39,
"watchers_count": 39,
"stargazers_count": 47,
"watchers_count": 47,
"has_discussions": false,
"forks_count": 12,
"forks_count": 15,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -225,8 +225,8 @@
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 12,
"watchers": 39,
"forks": 15,
"watchers": 47,
"score": 0,
"subscribers_count": 1
},
@ -317,10 +317,10 @@
"description": "Detection, mitigation, and reverse-engineering tooling for CVE-2026-41940 (SessionScribe): the cPanel\/WHM unauthenticated session-forgery vulnerability disclosed 2026-04-28. Defense-in-depth active mitigation shim, ModSec rule pack, remote probe, on-host IOC scanner, and per-tier RE snapshot collector. GPL v2.",
"fork": false,
"created_at": "2026-04-30T14:32:43Z",
"updated_at": "2026-05-01T04:10:59Z",
"pushed_at": "2026-05-01T04:10:55Z",
"stargazers_count": 2,
"watchers_count": 2,
"updated_at": "2026-05-01T18:51:13Z",
"pushed_at": "2026-05-01T18:50:58Z",
"stargazers_count": 4,
"watchers_count": 4,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -345,7 +345,7 @@
],
"visibility": "public",
"forks": 0,
"watchers": 2,
"watchers": 4,
"score": 0,
"subscribers_count": 0
},
@ -529,10 +529,10 @@
"description": "A security research tool for detecting and analyzing cPanel\/WHM services and their authentication behavior. Designed for authorized testing and educational purposes only.",
"fork": false,
"created_at": "2026-05-01T01:34:33Z",
"updated_at": "2026-05-01T12:30:32Z",
"updated_at": "2026-05-01T16:12:01Z",
"pushed_at": "2026-05-01T01:40:04Z",
"stargazers_count": 1,
"watchers_count": 1,
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -543,7 +543,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 1,
"watchers": 2,
"score": 0,
"subscribers_count": 0
},
@ -562,10 +562,10 @@
"description": "Advanced cPanel & WHM Security Scanner for CVE-2026-41940. with mass Shodan discovery",
"fork": false,
"created_at": "2026-05-01T01:47:24Z",
"updated_at": "2026-05-01T09:45:00Z",
"updated_at": "2026-05-01T17:42:08Z",
"pushed_at": "2026-05-01T01:59:17Z",
"stargazers_count": 1,
"watchers_count": 1,
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -576,7 +576,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 1,
"watchers": 2,
"score": 0,
"subscribers_count": 0
},
@ -738,8 +738,41 @@
"description": "CVE-2026-41940 — cPanel & WHM Authentication Bypass via Session-File CRLF Injection",
"fork": false,
"created_at": "2026-05-01T12:09:26Z",
"updated_at": "2026-05-01T12:10:36Z",
"updated_at": "2026-05-01T18:51:04Z",
"pushed_at": "2026-05-01T12:10:32Z",
"stargazers_count": 48,
"watchers_count": 48,
"has_discussions": false,
"forks_count": 8,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 8,
"watchers": 48,
"score": 0,
"subscribers_count": 0
},
{
"id": 1226559584,
"name": "CVE-2026-41940",
"full_name": "Christian93111\/CVE-2026-41940",
"owner": {
"login": "Christian93111",
"id": 135021882,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/135021882?v=4",
"html_url": "https:\/\/github.com\/Christian93111",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/Christian93111\/CVE-2026-41940",
"description": "cPanel\/WHM Authentication Bypass PoC",
"fork": false,
"created_at": "2026-05-01T14:57:03Z",
"updated_at": "2026-05-01T15:03:24Z",
"pushed_at": "2026-05-01T15:03:20Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -755,5 +788,150 @@
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1226564226,
"name": "cpanelscanner",
"full_name": "0dev1337\/cpanelscanner",
"owner": {
"login": "0dev1337",
"id": 215357210,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/215357210?v=4",
"html_url": "https:\/\/github.com\/0dev1337",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/0dev1337\/cpanelscanner",
"description": "Cpanel Scanner For CVE-2026-41940 ",
"fork": false,
"created_at": "2026-05-01T15:03:17Z",
"updated_at": "2026-05-01T16:33:10Z",
"pushed_at": "2026-05-01T16:33:06Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1226588950,
"name": "CVE-2026-41940-cPanel-Auth-Bypass-Exploit",
"full_name": "kmaruthisrikar\/CVE-2026-41940-cPanel-Auth-Bypass-Exploit",
"owner": {
"login": "kmaruthisrikar",
"id": 204547299,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/204547299?v=4",
"html_url": "https:\/\/github.com\/kmaruthisrikar",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/kmaruthisrikar\/CVE-2026-41940-cPanel-Auth-Bypass-Exploit",
"description": null,
"fork": false,
"created_at": "2026-05-01T15:37:31Z",
"updated_at": "2026-05-01T17:30:15Z",
"pushed_at": "2026-05-01T17:30:10Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1226593295,
"name": "CVE-2026-41940",
"full_name": "Jenderal92\/CVE-2026-41940",
"owner": {
"login": "Jenderal92",
"id": 59664965,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/59664965?v=4",
"html_url": "https:\/\/github.com\/Jenderal92",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/Jenderal92\/CVE-2026-41940",
"description": "Bulk scanner and mass exploitation tool for CVE-2026-41940 on cPanel\/WHM, built for automated target validation and high-speed multi-threaded execution.",
"fork": false,
"created_at": "2026-05-01T15:43:28Z",
"updated_at": "2026-05-01T18:23:07Z",
"pushed_at": "2026-05-01T18:22:01Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [
"bug-bounty",
"cpanel-exploit",
"cve",
"cve-2026-41940",
"cybersecurity",
"etichalhacking",
"penetration-testing",
"python",
"vulnerability",
"whm-exploit",
"zero-day",
"zero-day-exploit"
],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1226624260,
"name": "poc-cpanel-cve-2026-41940",
"full_name": "XsanFlip\/poc-cpanel-cve-2026-41940",
"owner": {
"login": "XsanFlip",
"id": 192573173,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/192573173?v=4",
"html_url": "https:\/\/github.com\/XsanFlip",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/XsanFlip\/poc-cpanel-cve-2026-41940",
"description": null,
"fork": false,
"created_at": "2026-05-01T16:27:38Z",
"updated_at": "2026-05-01T18:17:35Z",
"pushed_at": "2026-05-01T16:35:37Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 0
}
]

41
2026/CVE-2026-42167.json
View file

@ -14,10 +14,10 @@
"description": "POCs to demonstrate CVE-2026-42167 in ProFTPD",
"fork": false,
"created_at": "2026-04-28T14:35:46Z",
"updated_at": "2026-04-30T23:20:12Z",
"updated_at": "2026-05-01T14:48:23Z",
"pushed_at": "2026-04-29T16:20:20Z",
"stargazers_count": 17,
"watchers_count": 17,
"stargazers_count": 18,
"watchers_count": 18,
"has_discussions": false,
"forks_count": 4,
"allow_forking": true,
@ -28,7 +28,7 @@
"topics": [],
"visibility": "public",
"forks": 4,
"watchers": 17,
"watchers": 18,
"score": 0,
"subscribers_count": 0
},
@ -64,5 +64,38 @@
"watchers": 2,
"score": 0,
"subscribers_count": 0
},
{
"id": 1226502457,
"name": "CVE-2026-42167-PoC",
"full_name": "Sl4cK0TH\/CVE-2026-42167-PoC",
"owner": {
"login": "Sl4cK0TH",
"id": 190696389,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/190696389?v=4",
"html_url": "https:\/\/github.com\/Sl4cK0TH",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/Sl4cK0TH\/CVE-2026-42167-PoC",
"description": "Pre-Auth RCE in ProFTPD via mod_sql is_escaped_text() bypass (CVE-2026-42167)",
"fork": false,
"created_at": "2026-05-01T13:36:47Z",
"updated_at": "2026-05-01T15:47:44Z",
"pushed_at": "2026-05-01T15:47:40Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

108
README.md
View file

@ -22,13 +22,6 @@
- [EQSTLab/CVE-2026-0603](https://github.com/EQSTLab/CVE-2026-0603)
### CVE-2026-0628 (2026-01-06)
<code>Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)
</code>
- [sastraadiwiguna-purpleeliteteaming/Dissecting-CVE-2026-0628-Chromium-Extension-Privilege-Escalation](https://github.com/sastraadiwiguna-purpleeliteteaming/Dissecting-CVE-2026-0628-Chromium-Extension-Privilege-Escalation)
### CVE-2026-0651 (2026-02-10)
<code>A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP servers handling of GET requests. The server performs path normalization before fully decoding URL encoded input and falls back to using the raw path when normalization fails. An attacker can exploit this logic flaw by supplying crafted, URL encoded traversal sequences that bypass directory restrictions and allow access to files outside the intended web root. \n\nSuccessful exploitation may allow authenticated attackers to get disclosure of sensitive system files and credentials, while unauthenticated attackers may gain access to non-sensitive static assets.
@ -215,13 +208,6 @@
- [lukasz-rybak/CVE-2026-1434](https://github.com/lukasz-rybak/CVE-2026-1434)
### CVE-2026-1457 (2026-01-29)
<code>An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.
</code>
- [ii4gsp/CVE-2026-1457](https://github.com/ii4gsp/CVE-2026-1457)
### CVE-2026-1459 (2026-02-24)
<code>A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.7)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on an affected device.
@ -358,7 +344,6 @@
### CVE-2026-2406
- [hyu164/Terrminus-CVE-2026-2406](https://github.com/hyu164/Terrminus-CVE-2026-2406)
- [ridpath/Terrminus-CVE-2026-2406](https://github.com/ridpath/Terrminus-CVE-2026-2406)
- [hyu164/hyu164.github.io](https://github.com/hyu164/hyu164.github.io)
### CVE-2026-2413 (2026-03-11)
@ -380,13 +365,6 @@
- [D3b0j33t/CVE-2026-2441-PoC](https://github.com/D3b0j33t/CVE-2026-2441-PoC)
- [fartlover37/CVE-2026-2441-PoC](https://github.com/fartlover37/CVE-2026-2441-PoC)
### CVE-2026-2461 (2026-03-16)
<code>Mattermost Plugins versions &lt;=11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559
</code>
- [destiny-creates/CVE-2026-2461-poc](https://github.com/destiny-creates/CVE-2026-2461-poc)
### CVE-2026-2472 (2026-02-20)
<code>Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data.
@ -1067,14 +1045,6 @@
- [Somisomair/CVE-2026-20698-PF_ROUTE-Heap-Overflow](https://github.com/Somisomair/CVE-2026-20698-PF_ROUTE-Heap-Overflow)
### CVE-2026-20805 (2026-01-13)
<code>Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.
</code>
- [SimoesCTT/-SCTT-2026-33-0002-DWM-Visual-Field-Singularity](https://github.com/SimoesCTT/-SCTT-2026-33-0002-DWM-Visual-Field-Singularity)
- [SimoesCTT/SCTT-2026-33-0002-DWM-Visual-Field-Singularity](https://github.com/SimoesCTT/SCTT-2026-33-0002-DWM-Visual-Field-Singularity)
### CVE-2026-20817 (2026-01-13)
<code>Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
@ -1141,8 +1111,6 @@
<code>Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
</code>
- [SimoesCTT/CTT-NFS-Vortex-RCE](https://github.com/SimoesCTT/CTT-NFS-Vortex-RCE)
- [SimoesCTT/SCTT-2026-33-0007-The-OLE-Vortex-Laminar-Bypass-](https://github.com/SimoesCTT/SCTT-2026-33-0007-The-OLE-Vortex-Laminar-Bypass-)
- [SimoesCTT/CTT-MICROSOFT-OFFICE-OLE-MANIFOLD-BYPASS-CVE-2026-21509](https://github.com/SimoesCTT/CTT-MICROSOFT-OFFICE-OLE-MANIFOLD-BYPASS-CVE-2026-21509)
- [decalage2/detect_CVE-2026-21509](https://github.com/decalage2/detect_CVE-2026-21509)
- [kaizensecurity/CVE-2026-21509](https://github.com/kaizensecurity/CVE-2026-21509)
@ -1248,7 +1216,6 @@
</code>
- [Chocapikk/CVE-2026-21858](https://github.com/Chocapikk/CVE-2026-21858)
- [Alhakim88/CVE-2026-21858](https://github.com/Alhakim88/CVE-2026-21858)
- [EQSTLab/CVE-2026-21858](https://github.com/EQSTLab/CVE-2026-21858)
- [0xBlackash/CVE-2026-21858](https://github.com/0xBlackash/CVE-2026-21858)
- [bamov970/CVE-2026-21858](https://github.com/bamov970/CVE-2026-21858)
@ -1413,13 +1380,6 @@
- [wcnmwcis/CVE-2026-22777](https://github.com/wcnmwcis/CVE-2026-22777)
### CVE-2026-22807 (2026-01-21)
<code>vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face `auto_map` dynamic modules during model resolution without gating on `trust_remote_code`, allowing attacker-controlled Python code in a model repo/path to execute at server startup. An attacker who can influence the model repo/path (local directory or remote Hugging Face repo) can achieve arbitrary code execution on the vLLM host during model load. This happens before any request handling and does not require API access. Version 0.14.0 fixes the issue.
</code>
- [otakuliu/CVE-2026-22807_Range](https://github.com/otakuliu/CVE-2026-22807_Range)
### CVE-2026-22812 (2026-01-12)
<code>OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.
@ -1610,9 +1570,6 @@
- [midox008/CVE-2026-24061](https://github.com/midox008/CVE-2026-24061)
- [0p5cur/CVE-2026-24061-POC](https://github.com/0p5cur/CVE-2026-24061-POC)
- [madfxr/Twenty-Three-Scanner](https://github.com/madfxr/Twenty-Three-Scanner)
- [0xXyc/telnet-inetutils-auth-bypass-CVE-2026-24061](https://github.com/0xXyc/telnet-inetutils-auth-bypass-CVE-2026-24061)
- [buzz075/CVE-2026-24061](https://github.com/buzz075/CVE-2026-24061)
- [X-croot/CVE-2026-24061_POC](https://github.com/X-croot/CVE-2026-24061_POC)
- [SeptembersEND/CVE--2026-24061](https://github.com/SeptembersEND/CVE--2026-24061)
- [ibrahmsql/CVE-2026-24061-PoC](https://github.com/ibrahmsql/CVE-2026-24061-PoC)
@ -1722,13 +1679,6 @@
- [poxsky/CVE-2026-24516-DigitalOcean-RCE](https://github.com/poxsky/CVE-2026-24516-DigitalOcean-RCE)
- [poxsky/CVE-2026-24516-DigitalOcean-RCE.](https://github.com/poxsky/CVE-2026-24516-DigitalOcean-RCE.)
### CVE-2026-24841 (2026-01-28)
<code>Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection vulnerability exists in Dokploy's WebSocket endpoint `/docker-container-terminal`. The `containerId` and `activeWay` parameters are directly interpolated into shell commands without sanitization, allowing authenticated attackers to execute arbitrary commands on the host server. Version 0.26.6 fixes the issue.
</code>
- [otakuliu/CVE-2026-24841_Range](https://github.com/otakuliu/CVE-2026-24841_Range)
### CVE-2026-24854 (2026-01-30)
<code>ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint `/PaddleNumEditor.php` in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL injection through the `PerID` parameter. Version 6.7.2 contains a patch for the issue.
@ -1741,8 +1691,6 @@
<code>An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
</code>
- [SimoesCTT/-CTT-NSP-Convergent-Time-Theory---Network-Stack-Projection-CVE-2026-24858-](https://github.com/SimoesCTT/-CTT-NSP-Convergent-Time-Theory---Network-Stack-Projection-CVE-2026-24858-)
- [SimoesCTT/SCTT-2026-33-0004-FortiCloud-SSO-Identity-Singularity](https://github.com/SimoesCTT/SCTT-2026-33-0004-FortiCloud-SSO-Identity-Singularity)
- [gagaltotal/cve-2026-24858](https://github.com/gagaltotal/cve-2026-24858)
### CVE-2026-25047 (2026-01-29)
@ -1788,13 +1736,6 @@
- [yahiahamza/CVE-2026-25099](https://github.com/yahiahamza/CVE-2026-25099)
### CVE-2026-25126 (2026-01-29)
<code>PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route (`POST /api/v1/forum/vote`) trusts the JSON bodys `direction` value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings (e.g., `&quot;x&quot;`) as `direction`. Downstream (`VoteServer`) treats any non-`&quot;up&quot;` and non-`null` value as a downvote and persists the invalid value in `votes_data`. This can be exploited to bypass intended business logic. Version 0-PRERELEASE-15 fixes the vulnerability.
</code>
- [Jvr2022/CVE-2026-25126](https://github.com/Jvr2022/CVE-2026-25126)
### CVE-2026-25130 (2026-01-30)
<code>Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via `subprocess.Popen()` with `shell=True`, allowing attackers to execute arbitrary commands on the host system. The `find_file()` tool executes without requiring user approval because find is considered a &quot;safe&quot; pre-approved command. This means an attacker can achieve Remote Code Execution (RCE) by injecting malicious arguments (like -exec) into the args parameter, completely bypassing any human-in-the-loop safety mechanisms. Commit e22a1220f764e2d7cf9da6d6144926f53ca01cde contains a fix.
@ -1816,13 +1757,6 @@
- [MichaelAdamGroberman/CVE-2026-25197](https://github.com/MichaelAdamGroberman/CVE-2026-25197)
### CVE-2026-25211 (2026-01-30)
<code>Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log.
</code>
- [mbanyamer/Llama-Stack-0.4.0rc3-local-CVE-2026-25211](https://github.com/mbanyamer/Llama-Stack-0.4.0rc3-local-CVE-2026-25211)
### CVE-2026-25232 (2026-02-19)
<code>Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches (including the default branch) by sending a direct POST request, completely bypassing the branch protection mechanism. This vulnerability in the DeleteBranchPost function eenables privilege escalation from Write to Admin level, allowing low-privilege users to perform dangerous operations that should be restricted to administrators only. Although Git Hook layer correctly prevents protected branch deletion via SSH push, the web interface deletion operation does not trigger Git Hooks, resulting in complete bypass of protection mechanisms. In oder to exploit this vulnerability, attackers must have write permissions to the target repository, protected branches configured to the target repository and access to the Gogs web interface. This issue has been fixed in version 0.14.1.
@ -2610,6 +2544,13 @@
- [amanyadav78/CVE-2026-29861](https://github.com/amanyadav78/CVE-2026-29861)
### CVE-2026-29905 (2026-03-26)
<code>Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (DoS) via a malformed image upload. The application fails to properly validate the return value of the PHP getimagesize() function. When the system attempts to process this file for metadata or thumbnail generation, it triggers a fatal TypeError.
</code>
- [Stalin-143/CVE](https://github.com/Stalin-143/CVE)
### CVE-2026-29909 (2026-03-30)
<code>MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials.
@ -2891,7 +2832,6 @@
- [rio128128/copy-fail-CVE-2026-31431](https://github.com/rio128128/copy-fail-CVE-2026-31431)
- [shadowabi/CVE-2026-31431-CopyFail-Universal-LPE](https://github.com/shadowabi/CVE-2026-31431-CopyFail-Universal-LPE)
- [slauger/CVE-2026-31431](https://github.com/slauger/CVE-2026-31431)
- [TikoTikTok/copy-fail-cve-2026-31431](https://github.com/TikoTikTok/copy-fail-cve-2026-31431)
- [Webhosting4U/Copy-Fail_Detect_and_mitigate_CVE-2026-31431](https://github.com/Webhosting4U/Copy-Fail_Detect_and_mitigate_CVE-2026-31431)
- [gmeghnag/TEST-CVE-2026-31431](https://github.com/gmeghnag/TEST-CVE-2026-31431)
- [Percivalll/Copy-Fail-CVE-2026-31431-Kubernetes-PoC](https://github.com/Percivalll/Copy-Fail-CVE-2026-31431-Kubernetes-PoC)
@ -2974,7 +2914,19 @@
- [beatbeast007/Linux-CopyFail-C-Version-CVE-2026-31431](https://github.com/beatbeast007/Linux-CopyFail-C-Version-CVE-2026-31431)
- [sbeteta42/CVE-2026-31431_je_sappelle_RoOt](https://github.com/sbeteta42/CVE-2026-31431_je_sappelle_RoOt)
- [rvizx/CVE-2026-31431](https://github.com/rvizx/CVE-2026-31431)
- [Danford2017/Copy-Fail---CVE-2026-31431](https://github.com/Danford2017/Copy-Fail---CVE-2026-31431)
- [Silent0x0/Copy-Fail---CVE-2026-31431](https://github.com/Silent0x0/Copy-Fail---CVE-2026-31431)
- [SpenserCai/copy_fail](https://github.com/SpenserCai/copy_fail)
- [bedros-p/kopy-fail-CVE-2026-31431](https://github.com/bedros-p/kopy-fail-CVE-2026-31431)
- [povzayd/CVE-2026-31431](https://github.com/povzayd/CVE-2026-31431)
- [sebinxavi/cve-checker-2026](https://github.com/sebinxavi/cve-checker-2026)
- [mlazzarotto/copy-fail-CVE-2026-31431-mitigation-ansible-playbook](https://github.com/mlazzarotto/copy-fail-CVE-2026-31431-mitigation-ansible-playbook)
- [ExploitEoom/CVE-2026-31431](https://github.com/ExploitEoom/CVE-2026-31431)
- [ben-slates/CVE-2026-31431-Exploit](https://github.com/ben-slates/CVE-2026-31431-Exploit)
- [sercuritycyber/COPY-FAIL-CVE-2026-31431](https://github.com/sercuritycyber/COPY-FAIL-CVE-2026-31431)
- [bootsareme/copyfail-deconstructed](https://github.com/bootsareme/copyfail-deconstructed)
- [mrunalp/block-copyfail](https://github.com/mrunalp/block-copyfail)
- [1amBa7Man/Linux-copy-fail-CVE-2026-31431](https://github.com/1amBa7Man/Linux-copy-fail-CVE-2026-31431)
- [Lyutoon/CopyFail-Experiment](https://github.com/Lyutoon/CopyFail-Experiment)
### CVE-2026-31802 (2026-03-09)
@ -3995,17 +3947,23 @@
- [Lutfifakee-Project/CVE-2026-41940](https://github.com/Lutfifakee-Project/CVE-2026-41940)
- [NULL200OK/cve-2026-41940-tool](https://github.com/NULL200OK/cve-2026-41940-tool)
- [ynsmroztas/cPanelSniper](https://github.com/ynsmroztas/cPanelSniper)
- [Christian93111/CVE-2026-41940](https://github.com/Christian93111/CVE-2026-41940)
- [0dev1337/cpanelscanner](https://github.com/0dev1337/cpanelscanner)
- [kmaruthisrikar/CVE-2026-41940-cPanel-Auth-Bypass-Exploit](https://github.com/kmaruthisrikar/CVE-2026-41940-cPanel-Auth-Bypass-Exploit)
- [Jenderal92/CVE-2026-41940](https://github.com/Jenderal92/CVE-2026-41940)
- [XsanFlip/poc-cpanel-cve-2026-41940](https://github.com/XsanFlip/poc-cpanel-cve-2026-41940)
### CVE-2026-42141
- [H4zaz/CVE-2026-42141-xibo-ssrf](https://github.com/H4zaz/CVE-2026-42141-xibo-ssrf)
### CVE-2026-42167 (2026-04-28)
<code>mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).
<code>mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).
</code>
- [ZeroPathAI/proftpd-CVE-2026-42167-poc](https://github.com/ZeroPathAI/proftpd-CVE-2026-42167-poc)
- [dinosn/proftpd-CVE-2026-42167-analysis](https://github.com/dinosn/proftpd-CVE-2026-42167-analysis)
- [Sl4cK0TH/CVE-2026-42167-PoC](https://github.com/Sl4cK0TH/CVE-2026-42167-PoC)
### CVE-2026-42208
- [imjdl/CVE-2026-42208_lab](https://github.com/imjdl/CVE-2026-42208_lab)
@ -9574,13 +9532,6 @@
- [HackerTyperAbuser/CVE-2025-34030-PoC](https://github.com/HackerTyperAbuser/CVE-2025-34030-PoC)
### CVE-2025-34036 (2025-06-24)
<code>An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called &quot;Cross Web Server&quot; that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When the server processes a request to /language/[lang]/index.html, it uses the [lang] input unsafely in a tar extraction command without proper escaping. This allows an unauthenticated remote attacker to inject shell commands and achieve arbitrary command execution as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
</code>
- [Prabhukiran161/cve-2025-34036](https://github.com/Prabhukiran161/cve-2025-34036)
### CVE-2025-34037 (2025-06-24)
<code>An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization, allowing unauthenticated attackers to inject shell commands. This vulnerability was reported to be exploited in the wild by the &quot;TheMoon&quot; worm  in 2014 to deploy a MIPS ELF payload, enabling arbitrary code execution on the router. Additionally, this vulnerability may affect other Linksys products to include, but not limited to, WAG/WAP/WES/WET/WRT-series router models and Wireless-N access points and routers. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
@ -13248,6 +13199,7 @@
- [vanhari/CVE-2025-59528](https://github.com/vanhari/CVE-2025-59528)
- [maradonam18/-CVE-2025-59528-PoC](https://github.com/maradonam18/-CVE-2025-59528-PoC)
- [r3nsi15/Flowise-RCE-CVE-2025-59528](https://github.com/r3nsi15/Flowise-RCE-CVE-2025-59528)
- [mananispiwpiw/CVE-2025-59528-PoC](https://github.com/mananispiwpiw/CVE-2025-59528-PoC)
### CVE-2025-59532 (2025-09-22)
@ -33890,8 +33842,6 @@
- [tpirate/cve-2023-44487-POC](https://github.com/tpirate/cve-2023-44487-POC)
- [ReGeLePuMa/HTTP-2-Rapid-Reset-DDos](https://github.com/ReGeLePuMa/HTTP-2-Rapid-Reset-DDos)
- [sastraadiwiguna-purpleeliteteaming/DDoS-Purple-Teaming-Offensive-Multi-Vector-7-Tier-Defensive-Holistic-Blueprint-](https://github.com/sastraadiwiguna-purpleeliteteaming/DDoS-Purple-Teaming-Offensive-Multi-Vector-7-Tier-Defensive-Holistic-Blueprint-)
- [dryfryce/phoenix-h2](https://github.com/dryfryce/phoenix-h2)
- [dryfryce/phoenix-http2](https://github.com/dryfryce/phoenix-http2)
- [TLevente20/HTTP-2-RapidReset-CVE-2023-44487-Testlab](https://github.com/TLevente20/HTTP-2-RapidReset-CVE-2023-44487-Testlab)
- [galletitaconpate/CVE-2023-44487](https://github.com/galletitaconpate/CVE-2023-44487)
@ -35448,6 +35398,8 @@
- [LtmThink/CVE-2023-51385_test](https://github.com/LtmThink/CVE-2023-51385_test)
- [WLaoDuo/CVE-2023-51385_poc-test](https://github.com/WLaoDuo/CVE-2023-51385_poc-test)
- [power1314520/CVE-2023-51385_test](https://github.com/power1314520/CVE-2023-51385_test)
- [uccu99/CVE-2023-51385](https://github.com/uccu99/CVE-2023-51385)
- [julienbrs/exploit-CVE-2023-51385](https://github.com/julienbrs/exploit-CVE-2023-51385)
- [julienbrs/malicious-exploit-CVE-2023-51385](https://github.com/julienbrs/malicious-exploit-CVE-2023-51385)
- [Sonicrrrr/CVE-2023-51385](https://github.com/Sonicrrrr/CVE-2023-51385)
- [farliy-hacker/CVE-2023-51385](https://github.com/farliy-hacker/CVE-2023-51385)