From a11ca73943315121265ae96e254a32a65c632add Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Wed, 6 May 2026 03:54:24 +0900 Subject: [PATCH] Auto Update 2026/05/05 18:54:24 --- 2014/CVE-2014-0160.json | 8 +- 2016/CVE-2016-15042.json | 4 +- 2017/CVE-2017-1000486.json | 8 +- 2017/CVE-2017-5638.json | 8 +- 2018/CVE-2018-14634.json | 8 +- 2019/CVE-2019-1040.json | 4 +- 2019/CVE-2019-2215.json | 8 +- 2020/CVE-2020-0610.json | 4 +- 2020/CVE-2020-0796.json | 4 +- 2020/CVE-2020-1472.json | 4 +- 2021/CVE-2021-1732.json | 8 +- 2021/CVE-2021-21315.json | 8 +- 2021/CVE-2021-22911.json | 8 +- 2021/CVE-2021-27905.json | 8 +- 2021/CVE-2021-33044.json | 4 +- 2021/CVE-2021-3493.json | 8 +- 2021/CVE-2021-3560.json | 8 +- 2021/CVE-2021-4034.json | 12 +- 2021/CVE-2021-42278.json | 16 +- 2021/CVE-2021-44228.json | 12 +- 2022/CVE-2022-1026.json | 8 +- 2022/CVE-2022-22954.json | 8 +- 2022/CVE-2022-22963.json | 33 ++ 2022/CVE-2022-22965.json | 8 +- 2022/CVE-2022-25636.json | 33 ++ 2022/CVE-2022-29464.json | 8 +- 2023/CVE-2023-24278.json | 10 +- 2023/CVE-2023-32434.json | 4 +- 2023/CVE-2023-34843.json | 8 +- 2023/CVE-2023-45612.json | 33 -- 2023/CVE-2023-47268.json | 33 ++ 2024/CVE-2024-1086.json | 2 +- 2024/CVE-2024-23222.json | 4 +- 2024/CVE-2024-2961.json | 8 +- 2024/CVE-2024-30088.json | 4 +- 2024/CVE-2024-36401.json | 8 +- 2024/CVE-2024-4577.json | 8 +- 2024/CVE-2024-56426.json | 2 +- 2025/CVE-2025-1097.json | 8 +- 2025/CVE-2025-14847.json | 4 +- 2025/CVE-2025-2304.json | 12 +- 2025/CVE-2025-24071.json | 8 +- 2025/CVE-2025-24203.json | 8 +- 2025/CVE-2025-24257.json | 4 +- 2025/CVE-2025-30208.json | 4 +- 2025/CVE-2025-31200.json | 4 +- 2025/CVE-2025-31258.json | 4 +- 2025/CVE-2025-32463.json | 12 +- 2025/CVE-2025-33073.json | 8 +- 2025/CVE-2025-36911.json | 4 +- 2025/CVE-2025-49144.json | 4 +- 2025/CVE-2025-49844.json | 8 +- 2025/CVE-2025-52915.json | 10 +- 2025/CVE-2025-5419.json | 4 +- 2025/CVE-2025-54253.json | 4 +- 2025/CVE-2025-54424.json | 4 +- 2025/CVE-2025-55182.json | 56 +- 2025/CVE-2025-55184.json | 4 +- 2025/CVE-2025-59287.json | 4 +- 2025/CVE-2025-61882.json | 4 +- 2025/CVE-2025-62215.json | 12 +- 2025/CVE-2025-6554.json | 4 +- 2025/CVE-2025-65857.json | 12 +- 2025/CVE-2025-66398.json | 4 +- 2025/CVE-2025-66478.json | 4 +- 2025/CVE-2025-68921.json | 4 +- 2025/CVE-2025-69256.json | 4 +- 2025/CVE-2025-69985.json | 4 +- 2025/CVE-2025-70795.json | 4 +- 2025/CVE-2025-8088.json | 4 +- 2026/CVE-2026-0828.json | 4 +- 2026/CVE-2026-1581.json | 35 -- 2026/CVE-2026-20841.json | 8 +- 2026/CVE-2026-21385.json | 4 +- 2026/CVE-2026-21852.json | 66 --- 2026/CVE-2026-21902.json | 35 -- 2026/CVE-2026-22679.json | 2 +- 2026/CVE-2026-23842.json | 42 -- 2026/CVE-2026-23918.json | 76 ++- 2026/CVE-2026-2406.json | 4 +- 2026/CVE-2026-24061.json | 37 +- 2026/CVE-2026-24072.json | 35 ++ 2026/CVE-2026-24291.json | 4 +- 2026/CVE-2026-2441.json | 37 +- 2026/CVE-2026-2472.json | 61 +-- 2026/CVE-2026-25643.json | 4 +- ...VE-2026-25940.json => CVE-2026-26114.json} | 22 +- 2026/CVE-2026-26268.json | 35 ++ 2026/CVE-2026-2749.json | 35 -- 2026/CVE-2026-27579.json | 42 -- 2026/CVE-2026-28372.json | 33 -- 2026/CVE-2026-29000.json | 33 ++ 2026/CVE-2026-2991.json | 4 +- 2026/CVE-2026-31431.json | 484 +++++++++++++----- 2026/CVE-2026-31717.json | 4 +- 2026/CVE-2026-31802.json | 4 +- 2026/CVE-2026-32223.json | 2 +- 2026/CVE-2026-3395.json | 68 --- 2026/CVE-2026-34621.json | 12 +- 2026/CVE-2026-35031.json | 2 +- 2026/CVE-2026-3854.json | 33 ++ 2026/CVE-2026-41285.json | 35 ++ 2026/CVE-2026-41940.json | 44 +- 2026/CVE-2026-42281.json | 13 +- 2026/CVE-2026-42879.json | 35 ++ 2026/CVE-2026-6508.json | 35 ++ README.md | 119 +++-- 107 files changed, 1164 insertions(+), 996 deletions(-) delete mode 100644 2026/CVE-2026-1581.json delete mode 100644 2026/CVE-2026-21902.json delete mode 100644 2026/CVE-2026-23842.json create mode 100644 2026/CVE-2026-24072.json rename 2026/{CVE-2026-25940.json => CVE-2026-26114.json} (58%) create mode 100644 2026/CVE-2026-26268.json delete mode 100644 2026/CVE-2026-2749.json delete mode 100644 2026/CVE-2026-27579.json delete mode 100644 2026/CVE-2026-3395.json create mode 100644 2026/CVE-2026-41285.json create mode 100644 2026/CVE-2026-42879.json create mode 100644 2026/CVE-2026-6508.json diff --git a/2014/CVE-2014-0160.json b/2014/CVE-2014-0160.json index acfb742966..d126cca280 100644 --- a/2014/CVE-2014-0160.json +++ b/2014/CVE-2014-0160.json @@ -14,10 +14,10 @@ "description": "A checker (site and tool) for CVE-2014-0160", "fork": false, "created_at": "2014-04-07T23:03:09Z", - "updated_at": "2026-05-05T02:36:48Z", + "updated_at": "2026-05-05T14:13:23Z", "pushed_at": "2021-02-24T09:17:24Z", - "stargazers_count": 2408, - "watchers_count": 2408, + "stargazers_count": 2390, + "watchers_count": 2390, "has_discussions": false, "forks_count": 454, "allow_forking": true, @@ -28,7 +28,7 @@ "topics": [], "visibility": "public", "forks": 454, - "watchers": 2408, + "watchers": 2390, "score": 0, "subscribers_count": 107 }, diff --git a/2016/CVE-2016-15042.json b/2016/CVE-2016-15042.json index 11f76dc0f9..a97f14e4fc 100644 --- a/2016/CVE-2016-15042.json +++ b/2016/CVE-2016-15042.json @@ -14,8 +14,8 @@ "description": "🛠️ Validate and demonstrate CVE-2016-15042 with a Dockerized lab for unauthenticated file uploads in WordPress file managers.", "fork": false, "created_at": "2023-10-23T05:54:10Z", - "updated_at": "2026-05-05T10:07:37Z", - "pushed_at": "2026-05-05T10:07:33Z", + "updated_at": "2026-05-05T17:40:13Z", + "pushed_at": "2026-05-05T17:40:09Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2017/CVE-2017-1000486.json b/2017/CVE-2017-1000486.json index 74c2c110cb..0ff8f00c8a 100644 --- a/2017/CVE-2017-1000486.json +++ b/2017/CVE-2017-1000486.json @@ -146,10 +146,10 @@ "description": "exploit for CVE-2017-1000486 vulnerability with SOCKS proxy support", "fork": false, "created_at": "2022-09-09T23:09:40Z", - "updated_at": "2026-04-28T15:46:05Z", + "updated_at": "2026-05-05T15:50:47Z", "pushed_at": "2023-04-18T14:03:27Z", - "stargazers_count": 18, - "watchers_count": 18, + "stargazers_count": 19, + "watchers_count": 19, "has_discussions": false, "forks_count": 3, "allow_forking": true, @@ -169,7 +169,7 @@ ], "visibility": "public", "forks": 3, - "watchers": 18, + "watchers": 19, "score": 0, "subscribers_count": 2 }, diff --git a/2017/CVE-2017-5638.json b/2017/CVE-2017-5638.json index b8c6be17ec..613338d6f4 100644 --- a/2017/CVE-2017-5638.json +++ b/2017/CVE-2017-5638.json @@ -455,10 +455,10 @@ "description": "An exploit for Apache Struts CVE-2017-5638", "fork": false, "created_at": "2017-03-12T02:02:25Z", - "updated_at": "2026-04-07T10:35:23Z", + "updated_at": "2026-05-05T15:52:41Z", "pushed_at": "2018-05-21T18:33:26Z", - "stargazers_count": 440, - "watchers_count": 440, + "stargazers_count": 441, + "watchers_count": 441, "has_discussions": false, "forks_count": 134, "allow_forking": true, @@ -475,7 +475,7 @@ ], "visibility": "public", "forks": 134, - "watchers": 440, + "watchers": 441, "score": 0, "subscribers_count": 21 }, diff --git a/2018/CVE-2018-14634.json b/2018/CVE-2018-14634.json index 02334c49e7..fc41832dce 100644 --- a/2018/CVE-2018-14634.json +++ b/2018/CVE-2018-14634.json @@ -14,10 +14,10 @@ "description": "proof-of-concept (PoC) for linux dists based on Debian, CentOS and RedHat - exploit 1", "fork": false, "created_at": "2018-10-08T18:12:03Z", - "updated_at": "2024-10-30T17:51:54Z", + "updated_at": "2026-05-05T15:52:30Z", "pushed_at": "2018-10-09T16:44:32Z", - "stargazers_count": 6, - "watchers_count": 6, + "stargazers_count": 7, + "watchers_count": 7, "has_discussions": false, "forks_count": 11, "allow_forking": true, @@ -28,7 +28,7 @@ "topics": [], "visibility": "public", "forks": 11, - "watchers": 6, + "watchers": 7, "score": 0, "subscribers_count": 0 } diff --git a/2019/CVE-2019-1040.json b/2019/CVE-2019-1040.json index fbec644b31..37f19fe379 100644 --- a/2019/CVE-2019-1040.json +++ b/2019/CVE-2019-1040.json @@ -179,8 +179,8 @@ "description": "The Windows Print Spooler privilege escalation vulnerability (CVE-2019-1040\/CVE-2019-1019) has been implemented as a Reflective DLL for penetration testing.", "fork": false, "created_at": "2025-12-06T19:56:12Z", - "updated_at": "2026-05-05T11:46:21Z", - "pushed_at": "2026-05-05T11:46:17Z", + "updated_at": "2026-05-05T18:15:06Z", + "pushed_at": "2026-05-05T18:15:01Z", "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, diff --git a/2019/CVE-2019-2215.json b/2019/CVE-2019-2215.json index 0c2d1d5f81..6719b1a6d0 100644 --- a/2019/CVE-2019-2215.json +++ b/2019/CVE-2019-2215.json @@ -47,10 +47,10 @@ "description": "Temproot for Pixel 2 and Pixel 2 XL via CVE-2019-2215", "fork": false, "created_at": "2019-10-14T17:27:37Z", - "updated_at": "2026-04-11T12:32:01Z", + "updated_at": "2026-05-05T15:52:20Z", "pushed_at": "2019-10-15T01:04:08Z", - "stargazers_count": 132, - "watchers_count": 132, + "stargazers_count": 133, + "watchers_count": 133, "has_discussions": false, "forks_count": 53, "allow_forking": true, @@ -61,7 +61,7 @@ "topics": [], "visibility": "public", "forks": 53, - "watchers": 132, + "watchers": 133, "score": 0, "subscribers_count": 8 }, diff --git a/2020/CVE-2020-0610.json b/2020/CVE-2020-0610.json index 5a73a8baea..e6d3bf4c07 100644 --- a/2020/CVE-2020-0610.json +++ b/2020/CVE-2020-0610.json @@ -58,8 +58,8 @@ "description": "🔍 Create a safe lab environment for testing CVE-2020-0610, a critical RCE vulnerability in Windows RD Gateway, with minimal disruption using DTLS techniques.", "fork": false, "created_at": "2025-09-04T13:21:35Z", - "updated_at": "2026-05-05T10:07:26Z", - "pushed_at": "2026-05-05T10:07:22Z", + "updated_at": "2026-05-05T17:40:03Z", + "pushed_at": "2026-05-05T17:39:59Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2020/CVE-2020-0796.json b/2020/CVE-2020-0796.json index daaab2cdcb..0f1d35ba79 100644 --- a/2020/CVE-2020-0796.json +++ b/2020/CVE-2020-0796.json @@ -2984,8 +2984,8 @@ "description": null, "fork": false, "created_at": "2026-04-23T09:39:37Z", - "updated_at": "2026-05-01T03:39:30Z", - "pushed_at": "2026-05-01T03:39:27Z", + "updated_at": "2026-05-05T13:01:27Z", + "pushed_at": "2026-05-05T13:01:10Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2020/CVE-2020-1472.json b/2020/CVE-2020-1472.json index d191d6353f..13c8e4f619 100644 --- a/2020/CVE-2020-1472.json +++ b/2020/CVE-2020-1472.json @@ -2383,8 +2383,8 @@ "description": "Zerologon (CVE-2020-1472) Proof-of-Concept application - Critical Active Directory vulnerability exploitation tool.", "fork": false, "created_at": "2025-12-06T10:17:38Z", - "updated_at": "2026-05-05T11:41:58Z", - "pushed_at": "2026-05-05T11:41:54Z", + "updated_at": "2026-05-05T17:52:08Z", + "pushed_at": "2026-05-05T17:51:43Z", "stargazers_count": 2, "watchers_count": 2, "has_discussions": false, diff --git a/2021/CVE-2021-1732.json b/2021/CVE-2021-1732.json index 63081a8ae1..d18bc555e2 100644 --- a/2021/CVE-2021-1732.json +++ b/2021/CVE-2021-1732.json @@ -14,10 +14,10 @@ "description": "CVE-2021-1732 Exploit", "fork": false, "created_at": "2021-03-05T02:11:10Z", - "updated_at": "2026-01-25T22:24:20Z", + "updated_at": "2026-05-05T13:51:13Z", "pushed_at": "2021-03-05T03:10:26Z", - "stargazers_count": 421, - "watchers_count": 421, + "stargazers_count": 422, + "watchers_count": 422, "has_discussions": false, "forks_count": 127, "allow_forking": true, @@ -28,7 +28,7 @@ "topics": [], "visibility": "public", "forks": 127, - "watchers": 421, + "watchers": 422, "score": 0, "subscribers_count": 6 }, diff --git a/2021/CVE-2021-21315.json b/2021/CVE-2021-21315.json index 11a0f6a77a..4087206b51 100644 --- a/2021/CVE-2021-21315.json +++ b/2021/CVE-2021-21315.json @@ -14,10 +14,10 @@ "description": "CVE 2021-21315 PoC", "fork": false, "created_at": "2021-03-01T18:52:41Z", - "updated_at": "2026-02-05T03:16:09Z", + "updated_at": "2026-05-05T15:51:49Z", "pushed_at": "2021-06-09T13:27:20Z", - "stargazers_count": 159, - "watchers_count": 159, + "stargazers_count": 160, + "watchers_count": 160, "has_discussions": false, "forks_count": 26, "allow_forking": true, @@ -41,7 +41,7 @@ ], "visibility": "public", "forks": 26, - "watchers": 159, + "watchers": 160, "score": 0, "subscribers_count": 8 }, diff --git a/2021/CVE-2021-22911.json b/2021/CVE-2021-22911.json index 6f70592a19..55c252fcc9 100644 --- a/2021/CVE-2021-22911.json +++ b/2021/CVE-2021-22911.json @@ -14,10 +14,10 @@ "description": "Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1", "fork": false, "created_at": "2021-06-05T15:05:01Z", - "updated_at": "2026-03-28T18:38:28Z", + "updated_at": "2026-05-05T15:51:27Z", "pushed_at": "2023-06-11T08:47:04Z", - "stargazers_count": 59, - "watchers_count": 59, + "stargazers_count": 60, + "watchers_count": 60, "has_discussions": false, "forks_count": 8, "allow_forking": true, @@ -28,7 +28,7 @@ "topics": [], "visibility": "public", "forks": 8, - "watchers": 59, + "watchers": 60, "score": 0, "subscribers_count": 1 }, diff --git a/2021/CVE-2021-27905.json b/2021/CVE-2021-27905.json index 0978dc3b28..212edd4499 100644 --- a/2021/CVE-2021-27905.json +++ b/2021/CVE-2021-27905.json @@ -80,10 +80,10 @@ "description": "[CVE-2021-27905] Apache Solr ReplicationHandler Server Side Request Forgery (SSRF)", "fork": false, "created_at": "2021-08-10T07:49:47Z", - "updated_at": "2025-04-02T14:32:02Z", + "updated_at": "2026-05-05T15:52:49Z", "pushed_at": "2021-08-10T08:52:16Z", - "stargazers_count": 5, - "watchers_count": 5, + "stargazers_count": 6, + "watchers_count": 6, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -96,7 +96,7 @@ ], "visibility": "public", "forks": 1, - "watchers": 5, + "watchers": 6, "score": 0, "subscribers_count": 1 }, diff --git a/2021/CVE-2021-33044.json b/2021/CVE-2021-33044.json index 77db192949..49f76995ae 100644 --- a/2021/CVE-2021-33044.json +++ b/2021/CVE-2021-33044.json @@ -212,8 +212,8 @@ "description": "Chrome extension that uses vulnerabilities CVE-2021-33044 and CVE-2021-33045 to log in to Dahua cameras without authentication.", "fork": false, "created_at": "2026-03-28T17:42:44Z", - "updated_at": "2026-05-05T11:45:42Z", - "pushed_at": "2026-05-05T11:45:38Z", + "updated_at": "2026-05-05T18:19:26Z", + "pushed_at": "2026-05-05T18:19:22Z", "stargazers_count": 3, "watchers_count": 3, "has_discussions": false, diff --git a/2021/CVE-2021-3493.json b/2021/CVE-2021-3493.json index 89355825b6..bb925fd943 100644 --- a/2021/CVE-2021-3493.json +++ b/2021/CVE-2021-3493.json @@ -14,10 +14,10 @@ "description": "Ubuntu OverlayFS Local Privesc", "fork": false, "created_at": "2021-04-19T20:07:01Z", - "updated_at": "2026-05-01T19:33:23Z", + "updated_at": "2026-05-05T15:51:11Z", "pushed_at": "2024-04-02T02:48:18Z", - "stargazers_count": 442, - "watchers_count": 442, + "stargazers_count": 443, + "watchers_count": 443, "has_discussions": false, "forks_count": 137, "allow_forking": true, @@ -28,7 +28,7 @@ "topics": [], "visibility": "public", "forks": 137, - "watchers": 442, + "watchers": 443, "score": 0, "subscribers_count": 4 }, diff --git a/2021/CVE-2021-3560.json b/2021/CVE-2021-3560.json index 5e7e81e291..5975aefbb1 100644 --- a/2021/CVE-2021-3560.json +++ b/2021/CVE-2021-3560.json @@ -47,10 +47,10 @@ "description": "CVE-2021-3560 Local PrivEsc Exploit", "fork": false, "created_at": "2021-06-11T14:28:43Z", - "updated_at": "2026-03-14T19:11:18Z", + "updated_at": "2026-05-05T15:53:35Z", "pushed_at": "2021-06-12T17:48:38Z", - "stargazers_count": 81, - "watchers_count": 81, + "stargazers_count": 82, + "watchers_count": 82, "has_discussions": false, "forks_count": 12, "allow_forking": true, @@ -67,7 +67,7 @@ ], "visibility": "public", "forks": 12, - "watchers": 81, + "watchers": 82, "score": 0, "subscribers_count": 3 }, diff --git a/2021/CVE-2021-4034.json b/2021/CVE-2021-4034.json index 80aba22e4e..7087fcd6f0 100644 --- a/2021/CVE-2021-4034.json +++ b/2021/CVE-2021-4034.json @@ -150,10 +150,10 @@ "description": "Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation", "fork": false, "created_at": "2022-01-26T14:26:10Z", - "updated_at": "2026-05-05T00:25:11Z", + "updated_at": "2026-05-05T15:52:31Z", "pushed_at": "2022-06-21T14:52:05Z", - "stargazers_count": 1304, - "watchers_count": 1304, + "stargazers_count": 1305, + "watchers_count": 1305, "has_discussions": false, "forks_count": 204, "allow_forking": true, @@ -166,7 +166,7 @@ ], "visibility": "public", "forks": 204, - "watchers": 1304, + "watchers": 1305, "score": 0, "subscribers_count": 13 }, @@ -2050,8 +2050,8 @@ "description": "🚀 Enhance your penetration testing with PwnKit Helper, a simple tool for exploiting the CVE-2021-4034 vulnerability in pkexec for local privilege escalation.", "fork": false, "created_at": "2025-10-01T09:53:03Z", - "updated_at": "2026-05-05T10:23:53Z", - "pushed_at": "2026-05-05T10:23:49Z", + "updated_at": "2026-05-05T17:52:27Z", + "pushed_at": "2026-05-05T17:52:23Z", "stargazers_count": 2, "watchers_count": 2, "has_discussions": false, diff --git a/2021/CVE-2021-42278.json b/2021/CVE-2021-42278.json index 771ed8360e..71b1a9471e 100644 --- a/2021/CVE-2021-42278.json +++ b/2021/CVE-2021-42278.json @@ -14,10 +14,10 @@ "description": "Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user ", "fork": false, "created_at": "2021-12-11T15:10:30Z", - "updated_at": "2026-04-29T04:31:03Z", + "updated_at": "2026-05-05T15:53:22Z", "pushed_at": "2022-07-10T22:23:13Z", - "stargazers_count": 1055, - "watchers_count": 1055, + "stargazers_count": 1056, + "watchers_count": 1056, "has_discussions": false, "forks_count": 193, "allow_forking": true, @@ -33,7 +33,7 @@ ], "visibility": "public", "forks": 193, - "watchers": 1055, + "watchers": 1056, "score": 0, "subscribers_count": 22 }, @@ -52,10 +52,10 @@ "description": "Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user ", "fork": false, "created_at": "2021-12-13T10:28:12Z", - "updated_at": "2026-04-30T21:53:51Z", + "updated_at": "2026-05-05T15:53:16Z", "pushed_at": "2023-01-29T03:31:27Z", - "stargazers_count": 998, - "watchers_count": 998, + "stargazers_count": 999, + "watchers_count": 999, "has_discussions": false, "forks_count": 133, "allow_forking": true, @@ -66,7 +66,7 @@ "topics": [], "visibility": "public", "forks": 133, - "watchers": 998, + "watchers": 999, "score": 0, "subscribers_count": 12 }, diff --git a/2021/CVE-2021-44228.json b/2021/CVE-2021-44228.json index 52dc0ac601..feaf8a54d0 100644 --- a/2021/CVE-2021-44228.json +++ b/2021/CVE-2021-44228.json @@ -9988,10 +9988,10 @@ "description": "Generic Scanner for Apache log4j RCE CVE-2021-44228", "fork": false, "created_at": "2021-12-22T09:15:47Z", - "updated_at": "2026-04-11T10:13:26Z", + "updated_at": "2026-05-05T13:55:01Z", "pushed_at": "2021-12-22T09:19:15Z", - "stargazers_count": 6, - "watchers_count": 6, + "stargazers_count": 7, + "watchers_count": 7, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -10002,7 +10002,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 6, + "watchers": 7, "score": 0, "subscribers_count": 1 }, @@ -13958,8 +13958,8 @@ "description": "Pentesting caja negra: Shellshock (CVE-2014-6271) + Log4Shell (CVE-2021-44228). Escalada a root. Informe ejecutivo y técnico", "fork": false, "created_at": "2026-05-05T06:59:35Z", - "updated_at": "2026-05-05T07:02:26Z", - "pushed_at": "2026-05-05T06:59:58Z", + "updated_at": "2026-05-05T18:17:05Z", + "pushed_at": "2026-05-05T18:17:01Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2022/CVE-2022-1026.json b/2022/CVE-2022-1026.json index c776f62ecc..45a4ed4fff 100644 --- a/2022/CVE-2022-1026.json +++ b/2022/CVE-2022-1026.json @@ -14,10 +14,10 @@ "description": "An unauthenticated data extraction vulnerability in Kyocera printers, which allows for recovery of cleartext address book and domain joined passwords", "fork": false, "created_at": "2023-03-15T14:23:41Z", - "updated_at": "2026-04-23T12:18:57Z", + "updated_at": "2026-05-05T13:33:59Z", "pushed_at": "2023-03-15T14:33:48Z", - "stargazers_count": 19, - "watchers_count": 19, + "stargazers_count": 20, + "watchers_count": 20, "has_discussions": false, "forks_count": 3, "allow_forking": true, @@ -28,7 +28,7 @@ "topics": [], "visibility": "public", "forks": 3, - "watchers": 19, + "watchers": 20, "score": 0, "subscribers_count": 2 }, diff --git a/2022/CVE-2022-22954.json b/2022/CVE-2022-22954.json index 02e98bb233..d7e7b2ad6a 100644 --- a/2022/CVE-2022-22954.json +++ b/2022/CVE-2022-22954.json @@ -710,10 +710,10 @@ "description": "VMware Workspace ONE Access and Identity Manager RCE via SSTI. CVE-2022-22954 - PoC SSTI * exploit+payload+shodan (ну набором)", "fork": false, "created_at": "2022-06-03T09:17:12Z", - "updated_at": "2023-03-13T03:53:28Z", + "updated_at": "2026-05-05T15:51:00Z", "pushed_at": "2022-06-03T09:18:37Z", - "stargazers_count": 4, - "watchers_count": 4, + "stargazers_count": 5, + "watchers_count": 5, "has_discussions": false, "forks_count": 2, "allow_forking": true, @@ -724,7 +724,7 @@ "topics": [], "visibility": "public", "forks": 2, - "watchers": 4, + "watchers": 5, "score": 0, "subscribers_count": 1 }, diff --git a/2022/CVE-2022-22963.json b/2022/CVE-2022-22963.json index eb1205d6e9..055571e6cb 100644 --- a/2022/CVE-2022-22963.json +++ b/2022/CVE-2022-22963.json @@ -949,5 +949,38 @@ "watchers": 0, "score": 0, "subscribers_count": 0 + }, + { + "id": 1229958575, + "name": "CVE-2022-22963", + "full_name": "cyberager\/CVE-2022-22963", + "owner": { + "login": "cyberager", + "id": 25870990, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/25870990?v=4", + "html_url": "https:\/\/github.com\/cyberager", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/cyberager\/CVE-2022-22963", + "description": "Simple exploit", + "fork": false, + "created_at": "2026-05-05T14:42:13Z", + "updated_at": "2026-05-05T15:15:46Z", + "pushed_at": "2026-05-05T15:11:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "has_pull_requests": true, + "pull_request_creation_policy": "all", + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-22965.json b/2022/CVE-2022-22965.json index b5c1a304fc..794bcd0183 100644 --- a/2022/CVE-2022-22965.json +++ b/2022/CVE-2022-22965.json @@ -138,10 +138,10 @@ "description": "Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit", "fork": false, "created_at": "2022-03-31T00:24:28Z", - "updated_at": "2026-04-25T23:07:12Z", + "updated_at": "2026-05-05T15:53:15Z", "pushed_at": "2022-08-04T18:26:18Z", - "stargazers_count": 325, - "watchers_count": 325, + "stargazers_count": 326, + "watchers_count": 326, "has_discussions": false, "forks_count": 239, "allow_forking": true, @@ -152,7 +152,7 @@ "topics": [], "visibility": "public", "forks": 239, - "watchers": 325, + "watchers": 326, "score": 0, "subscribers_count": 10 }, diff --git a/2022/CVE-2022-25636.json b/2022/CVE-2022-25636.json index 0eeb610193..cc38c343ac 100644 --- a/2022/CVE-2022-25636.json +++ b/2022/CVE-2022-25636.json @@ -97,5 +97,38 @@ "watchers": 20, "score": 0, "subscribers_count": 2 + }, + { + "id": 1230156513, + "name": "CVE-2022-25636_COPY-FAIL_ONE-LINE", + "full_name": "Eduardo2221\/CVE-2022-25636_COPY-FAIL_ONE-LINE", + "owner": { + "login": "Eduardo2221", + "id": 86635699, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/86635699?v=4", + "html_url": "https:\/\/github.com\/Eduardo2221", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/Eduardo2221\/CVE-2022-25636_COPY-FAIL_ONE-LINE", + "description": null, + "fork": false, + "created_at": "2026-05-05T18:24:56Z", + "updated_at": "2026-05-05T18:29:55Z", + "pushed_at": "2026-05-05T18:29:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "has_pull_requests": true, + "pull_request_creation_policy": "all", + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-29464.json b/2022/CVE-2022-29464.json index f4ee3f097d..31a91d0d98 100644 --- a/2022/CVE-2022-29464.json +++ b/2022/CVE-2022-29464.json @@ -254,10 +254,10 @@ "description": "😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.", "fork": false, "created_at": "2022-04-24T18:25:26Z", - "updated_at": "2025-11-28T06:40:45Z", + "updated_at": "2026-05-05T15:50:48Z", "pushed_at": "2023-05-23T03:42:31Z", - "stargazers_count": 27, - "watchers_count": 27, + "stargazers_count": 28, + "watchers_count": 28, "has_discussions": false, "forks_count": 10, "allow_forking": true, @@ -273,7 +273,7 @@ ], "visibility": "public", "forks": 10, - "watchers": 27, + "watchers": 28, "score": 0, "subscribers_count": 1 }, diff --git a/2023/CVE-2023-24278.json b/2023/CVE-2023-24278.json index 3bb5d8a22a..34fb68f1ff 100644 --- a/2023/CVE-2023-24278.json +++ b/2023/CVE-2023-24278.json @@ -11,10 +11,10 @@ "user_view_type": "public" }, "html_url": "https:\/\/github.com\/NeCr00\/CVE-2023-24278", - "description": "It was discovered two reflected cross site scripting (XSS) vulnerabilities in the Squidex open source headless CMS software. The Reflected Cross Site Scripting vulnerabilities affect all versions of Squidex prior to 7.4.0 and affect both authenticated and unauthenticated victim users.", + "description": "CVE-2023-24278 - Reflected XSS Vulnerabilities in Squidex", "fork": false, "created_at": "2024-12-23T13:10:47Z", - "updated_at": "2026-03-07T21:12:52Z", + "updated_at": "2026-05-05T15:41:05Z", "pushed_at": "2024-12-23T13:22:22Z", "stargazers_count": 3, "watchers_count": 3, @@ -25,7 +25,11 @@ "web_commit_signoff_required": false, "has_pull_requests": true, "pull_request_creation_policy": "all", - "topics": [], + "topics": [ + "cve", + "squidexcms", + "vulnerability" + ], "visibility": "public", "forks": 2, "watchers": 3, diff --git a/2023/CVE-2023-32434.json b/2023/CVE-2023-32434.json index 8f79d39349..24c642143f 100644 --- a/2023/CVE-2023-32434.json +++ b/2023/CVE-2023-32434.json @@ -47,8 +47,8 @@ "description": "oob_entry tfp0 kernel exploit for armv7 iOS (iOS 3.0–10.3.4), using CVE-2023-32434. We will publish a write-up detailing the methods in the coming weeks. 🐙", "fork": false, "created_at": "2025-08-13T09:19:29Z", - "updated_at": "2026-05-05T09:57:59Z", - "pushed_at": "2026-05-05T09:57:54Z", + "updated_at": "2026-05-05T17:29:25Z", + "pushed_at": "2026-05-05T17:29:20Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2023/CVE-2023-34843.json b/2023/CVE-2023-34843.json index d1327d3967..4b3dfbdf74 100644 --- a/2023/CVE-2023-34843.json +++ b/2023/CVE-2023-34843.json @@ -14,10 +14,10 @@ "description": "Public disclosure for CVE-2023-34843.", "fork": false, "created_at": "2023-06-27T20:45:32Z", - "updated_at": "2024-08-30T15:12:21Z", + "updated_at": "2026-05-05T14:46:25Z", "pushed_at": "2023-06-27T20:51:50Z", - "stargazers_count": 7, - "watchers_count": 7, + "stargazers_count": 8, + "watchers_count": 8, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -28,7 +28,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 7, + "watchers": 8, "score": 0, "subscribers_count": 1 } diff --git a/2023/CVE-2023-45612.json b/2023/CVE-2023-45612.json index 525ba2e18e..f550187186 100644 --- a/2023/CVE-2023-45612.json +++ b/2023/CVE-2023-45612.json @@ -1,37 +1,4 @@ [ - { - "id": 1064638326, - "name": "ktor-xxe-poc", - "full_name": "bbugdigger\/ktor-xxe-poc", - "owner": { - "login": "bbugdigger", - "id": 125513127, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/125513127?v=4", - "html_url": "https:\/\/github.com\/bbugdigger", - "user_view_type": "public" - }, - "html_url": "https:\/\/github.com\/bbugdigger\/ktor-xxe-poc", - "description": "Proof-of-Concept of CVE-2023-45612", - "fork": false, - "created_at": "2025-09-26T10:29:23Z", - "updated_at": "2026-01-11T13:54:15Z", - "pushed_at": "2025-09-26T18:05:15Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "has_pull_requests": true, - "pull_request_creation_policy": "all", - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0, - "subscribers_count": 0 - }, { "id": 1069201924, "name": "CVE-2023-45612-PoC", diff --git a/2023/CVE-2023-47268.json b/2023/CVE-2023-47268.json index 5432cfbb86..bc968d3bc9 100644 --- a/2023/CVE-2023-47268.json +++ b/2023/CVE-2023-47268.json @@ -1,4 +1,37 @@ [ + { + "id": 863663925, + "name": "CVE-2023-47268", + "full_name": "suce0155\/CVE-2023-47268", + "owner": { + "login": "suce0155", + "id": 149517309, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/149517309?v=4", + "html_url": "https:\/\/github.com\/suce0155", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/suce0155\/CVE-2023-47268", + "description": "PrusaSlicer Arbitrary Code Execution using .3mf", + "fork": false, + "created_at": "2024-09-26T17:28:05Z", + "updated_at": "2026-05-05T15:47:50Z", + "pushed_at": "2024-09-28T12:13:19Z", + "stargazers_count": 5, + "watchers_count": 5, + "has_discussions": false, + "forks_count": 1, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "has_pull_requests": true, + "pull_request_creation_policy": "all", + "topics": [], + "visibility": "public", + "forks": 1, + "watchers": 5, + "score": 0, + "subscribers_count": 0 + }, { "id": 935598432, "name": "Trickster-HTB", diff --git a/2024/CVE-2024-1086.json b/2024/CVE-2024-1086.json index 6946ce8c9c..0e2650eec9 100644 --- a/2024/CVE-2024-1086.json +++ b/2024/CVE-2024-1086.json @@ -351,7 +351,7 @@ "fork": false, "created_at": "2026-03-30T18:27:24Z", "updated_at": "2026-03-31T14:23:12Z", - "pushed_at": "2026-03-31T14:21:55Z", + "pushed_at": "2026-05-05T16:24:52Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2024/CVE-2024-23222.json b/2024/CVE-2024-23222.json index 4fd2578cae..bd5bba5a43 100644 --- a/2024/CVE-2024-23222.json +++ b/2024/CVE-2024-23222.json @@ -80,8 +80,8 @@ "description": "Analyze and deobfuscate the Coruna Exploit Kit (CVE-2024-23222) to enhance understanding and detection of related threats.", "fork": false, "created_at": "2026-03-15T16:36:07Z", - "updated_at": "2026-05-05T00:21:05Z", - "pushed_at": "2026-05-05T00:21:01Z", + "updated_at": "2026-05-05T13:45:00Z", + "pushed_at": "2026-05-05T13:44:19Z", "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, diff --git a/2024/CVE-2024-2961.json b/2024/CVE-2024-2961.json index 39d67fc149..bed057fe76 100644 --- a/2024/CVE-2024-2961.json +++ b/2024/CVE-2024-2961.json @@ -341,8 +341,8 @@ }, { "id": 927144920, - "name": "CVE-2024-2961_buddyforms_2.7.7", - "full_name": "suce0155\/CVE-2024-2961_buddyforms_2.7.7", + "name": "CVE-2024-2961", + "full_name": "suce0155\/CVE-2024-2961", "owner": { "login": "suce0155", "id": 149517309, @@ -350,11 +350,11 @@ "html_url": "https:\/\/github.com\/suce0155", "user_view_type": "public" }, - "html_url": "https:\/\/github.com\/suce0155\/CVE-2024-2961_buddyforms_2.7.7", + "html_url": "https:\/\/github.com\/suce0155\/CVE-2024-2961", "description": "CVE-2024-2961 Cnext RCE Exploit with Buddyforms 2.7.7", "fork": false, "created_at": "2025-02-04T13:34:33Z", - "updated_at": "2025-03-03T04:39:46Z", + "updated_at": "2026-05-05T15:48:37Z", "pushed_at": "2025-02-04T18:51:48Z", "stargazers_count": 4, "watchers_count": 4, diff --git a/2024/CVE-2024-30088.json b/2024/CVE-2024-30088.json index 31b3bd3866..1fb9ebae4f 100644 --- a/2024/CVE-2024-30088.json +++ b/2024/CVE-2024-30088.json @@ -245,8 +245,8 @@ "description": "Go offensive-security research library — 15+ injection methods, AMSI\/ETW\/ntdll-unhook evasion, sleep mask (Ekko × XOR\/RC4\/AES), call-stack spoof, BYOVD (RTCore64) + kernel callback removal, LSASS dump + pure-Go MSV1_0 parser w\/ PPL bypass, recon (sandbox\/VM\/debugger\/dllhijack), PE ops (sRDI\/BOF\/CLR), Meterpreter C2, UAC bypass, CVE-2024-30088 LPE.", "fork": false, "created_at": "2026-04-01T08:15:08Z", - "updated_at": "2026-05-05T11:55:54Z", - "pushed_at": "2026-05-05T11:55:51Z", + "updated_at": "2026-05-05T14:21:43Z", + "pushed_at": "2026-05-05T14:19:36Z", "stargazers_count": 7, "watchers_count": 7, "has_discussions": true, diff --git a/2024/CVE-2024-36401.json b/2024/CVE-2024-36401.json index c1c7c16fca..14394f9788 100644 --- a/2024/CVE-2024-36401.json +++ b/2024/CVE-2024-36401.json @@ -554,10 +554,10 @@ "description": "本脚本是针对 GeoServer 的远程代码执行漏洞(CVE-2024-36401)开发的 PoC(Proof of Concept)探测工具。该漏洞允许攻击者通过构造特定请求,在目标服务器上执行任意命令。", "fork": false, "created_at": "2025-04-30T07:45:55Z", - "updated_at": "2025-05-07T02:07:41Z", + "updated_at": "2026-05-05T16:18:19Z", "pushed_at": "2025-04-30T08:46:21Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 2, + "watchers_count": 2, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -568,7 +568,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 1, + "watchers": 2, "score": 0, "subscribers_count": 1 }, diff --git a/2024/CVE-2024-4577.json b/2024/CVE-2024-4577.json index 24919e0385..85461d9270 100644 --- a/2024/CVE-2024-4577.json +++ b/2024/CVE-2024-4577.json @@ -179,10 +179,10 @@ "description": "PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC", "fork": false, "created_at": "2024-06-07T09:52:54Z", - "updated_at": "2026-05-02T11:44:43Z", + "updated_at": "2026-05-05T15:54:00Z", "pushed_at": "2024-06-22T15:13:52Z", - "stargazers_count": 314, - "watchers_count": 314, + "stargazers_count": 315, + "watchers_count": 315, "has_discussions": false, "forks_count": 65, "allow_forking": true, @@ -193,7 +193,7 @@ "topics": [], "visibility": "public", "forks": 65, - "watchers": 314, + "watchers": 315, "score": 0, "subscribers_count": 4 }, diff --git a/2024/CVE-2024-56426.json b/2024/CVE-2024-56426.json index 721eb69189..8eacb35cd8 100644 --- a/2024/CVE-2024-56426.json +++ b/2024/CVE-2024-56426.json @@ -15,7 +15,7 @@ "fork": false, "created_at": "2026-04-07T12:02:52Z", "updated_at": "2026-05-03T22:37:18Z", - "pushed_at": "2026-05-05T11:56:47Z", + "pushed_at": "2026-05-05T17:58:14Z", "stargazers_count": 6, "watchers_count": 6, "has_discussions": false, diff --git a/2025/CVE-2025-1097.json b/2025/CVE-2025-1097.json index ae11f0940d..38e21c4090 100644 --- a/2025/CVE-2025-1097.json +++ b/2025/CVE-2025-1097.json @@ -14,10 +14,10 @@ "description": "This is a PoC code to exploit the IngressNightmare vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974).", "fork": false, "created_at": "2025-03-26T18:52:20Z", - "updated_at": "2026-04-11T17:48:49Z", + "updated_at": "2026-05-05T15:52:01Z", "pushed_at": "2025-03-26T19:49:28Z", - "stargazers_count": 249, - "watchers_count": 249, + "stargazers_count": 250, + "watchers_count": 250, "has_discussions": false, "forks_count": 55, "allow_forking": true, @@ -28,7 +28,7 @@ "topics": [], "visibility": "public", "forks": 55, - "watchers": 249, + "watchers": 250, "score": 0, "subscribers_count": 3 }, diff --git a/2025/CVE-2025-14847.json b/2025/CVE-2025-14847.json index c319c59487..70015986a2 100644 --- a/2025/CVE-2025-14847.json +++ b/2025/CVE-2025-14847.json @@ -14,8 +14,8 @@ "description": "🛠 Exploit the CVE-2025-14847 vulnerability in MongoDB to disclose sensitive heap memory using a Python script that analyzes responses for new leaked data.", "fork": false, "created_at": "2025-07-30T15:52:00Z", - "updated_at": "2026-05-05T07:36:58Z", - "pushed_at": "2026-05-05T07:36:54Z", + "updated_at": "2026-05-05T12:52:35Z", + "pushed_at": "2026-05-05T12:52:31Z", "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, diff --git a/2025/CVE-2025-2304.json b/2025/CVE-2025-2304.json index ea64448c40..bb51bc8d5f 100644 --- a/2025/CVE-2025-2304.json +++ b/2025/CVE-2025-2304.json @@ -280,10 +280,10 @@ "description": "Authenticated privilege escalation in Camaleon CMS v2.9.0 via improper parameter handling in the updated_ajax endpoint.", "fork": false, "created_at": "2026-02-04T04:17:19Z", - "updated_at": "2026-05-03T12:52:45Z", + "updated_at": "2026-05-05T16:04:12Z", "pushed_at": "2026-02-04T04:35:38Z", - "stargazers_count": 16, - "watchers_count": 16, + "stargazers_count": 17, + "watchers_count": 17, "has_discussions": false, "forks_count": 2, "allow_forking": true, @@ -294,7 +294,7 @@ "topics": [], "visibility": "public", "forks": 2, - "watchers": 16, + "watchers": 17, "score": 0, "subscribers_count": 0 }, @@ -412,8 +412,8 @@ "description": "🛠️ Exploit CVE-2025-2304 in Camaleon CMS easily with this Python script for privilege escalation, tested on version 2.9.0.", "fork": false, "created_at": "2026-02-14T20:01:20Z", - "updated_at": "2026-05-05T08:21:23Z", - "pushed_at": "2026-05-05T08:21:19Z", + "updated_at": "2026-05-05T13:24:25Z", + "pushed_at": "2026-05-05T13:22:09Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2025/CVE-2025-24071.json b/2025/CVE-2025-24071.json index 869b7c13b2..128ee69ddc 100644 --- a/2025/CVE-2025-24071.json +++ b/2025/CVE-2025-24071.json @@ -14,10 +14,10 @@ "description": "CVE-2025-24071: NTLM Hash Leak via RAR\/ZIP Extraction and .library-ms File", "fork": false, "created_at": "2025-03-16T20:10:19Z", - "updated_at": "2026-04-20T02:03:21Z", + "updated_at": "2026-05-05T15:50:41Z", "pushed_at": "2025-03-20T21:22:23Z", - "stargazers_count": 401, - "watchers_count": 401, + "stargazers_count": 402, + "watchers_count": 402, "has_discussions": false, "forks_count": 65, "allow_forking": true, @@ -28,7 +28,7 @@ "topics": [], "visibility": "public", "forks": 65, - "watchers": 401, + "watchers": 402, "score": 0, "subscribers_count": 1 }, diff --git a/2025/CVE-2025-24203.json b/2025/CVE-2025-24203.json index 67cdd1bdfd..71bb4b750c 100644 --- a/2025/CVE-2025-24203.json +++ b/2025/CVE-2025-24203.json @@ -14,10 +14,10 @@ "description": "Basic customization app using CVE-2025-24203. Patched in iOS 18.4.", "fork": false, "created_at": "2025-05-09T07:18:55Z", - "updated_at": "2026-05-05T03:11:59Z", + "updated_at": "2026-05-05T18:19:23Z", "pushed_at": "2026-05-05T01:20:19Z", - "stargazers_count": 319, - "watchers_count": 319, + "stargazers_count": 320, + "watchers_count": 320, "has_discussions": false, "forks_count": 33, "allow_forking": true, @@ -28,7 +28,7 @@ "topics": [], "visibility": "public", "forks": 33, - "watchers": 319, + "watchers": 320, "score": 0, "subscribers_count": 9 }, diff --git a/2025/CVE-2025-24257.json b/2025/CVE-2025-24257.json index 4de214282f..5acaf73c4f 100644 --- a/2025/CVE-2025-24257.json +++ b/2025/CVE-2025-24257.json @@ -14,8 +14,8 @@ "description": "Demonstrate CVE-2025-24257 with a public PoC for IOGPUFamily kernel heap OOB read\/write and panic analysis", "fork": false, "created_at": "2026-04-04T03:42:55Z", - "updated_at": "2026-05-05T00:40:13Z", - "pushed_at": "2026-05-05T00:40:09Z", + "updated_at": "2026-05-05T14:07:37Z", + "pushed_at": "2026-05-05T14:07:18Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2025/CVE-2025-30208.json b/2025/CVE-2025-30208.json index 78254a3ba4..870284ced8 100644 --- a/2025/CVE-2025-30208.json +++ b/2025/CVE-2025-30208.json @@ -775,8 +775,8 @@ "description": null, "fork": false, "created_at": "2026-03-04T07:29:12Z", - "updated_at": "2026-05-04T03:59:22Z", - "pushed_at": "2026-05-04T03:59:18Z", + "updated_at": "2026-05-05T17:34:39Z", + "pushed_at": "2026-05-05T17:57:14Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2025/CVE-2025-31200.json b/2025/CVE-2025-31200.json index ca78ff1a59..a69c37dcc6 100644 --- a/2025/CVE-2025-31200.json +++ b/2025/CVE-2025-31200.json @@ -47,8 +47,8 @@ "description": "CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudio’s AudioConverterService, triggered by a malicious audio file via iMessage\/SMS. Exploitation bypassed Blastdoor, enabled kernel escalation (CVE-2025-31201), and allowed token theft until patched in iOS 18.4.1 (Apr 16, 2025).", "fork": false, "created_at": "2025-05-17T23:03:56Z", - "updated_at": "2026-05-02T07:27:30Z", - "pushed_at": "2026-04-07T16:10:57Z", + "updated_at": "2026-05-05T15:37:54Z", + "pushed_at": "2026-05-05T15:35:54Z", "stargazers_count": 197, "watchers_count": 197, "has_discussions": false, diff --git a/2025/CVE-2025-31258.json b/2025/CVE-2025-31258.json index 1db633ec03..d7b98ed51d 100644 --- a/2025/CVE-2025-31258.json +++ b/2025/CVE-2025-31258.json @@ -14,8 +14,8 @@ "description": "🔓 Explore CVE-2025-31258 with this PoC demonstrating partial sandbox escape using RemoteViewServices for practical 1-day security practice.", "fork": false, "created_at": "2020-06-23T15:20:11Z", - "updated_at": "2026-05-05T10:12:06Z", - "pushed_at": "2026-05-05T10:12:02Z", + "updated_at": "2026-05-05T17:43:57Z", + "pushed_at": "2026-05-05T17:43:53Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2025/CVE-2025-32463.json b/2025/CVE-2025-32463.json index c7daee6936..c168daa732 100644 --- a/2025/CVE-2025-32463.json +++ b/2025/CVE-2025-32463.json @@ -645,8 +645,8 @@ "description": "Demonstrate CVE-2025-32463 with this PoC for sudo's chroot feature. Explore the exploit and its impact on vulnerable sudo versions. 🐱💻🔒", "fork": false, "created_at": "2025-07-04T18:20:09Z", - "updated_at": "2026-05-05T09:54:37Z", - "pushed_at": "2026-05-05T09:54:34Z", + "updated_at": "2026-05-05T17:25:30Z", + "pushed_at": "2026-05-05T17:25:08Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, @@ -1628,8 +1628,8 @@ "description": "🔍 Demonstrate the CVE-2025-32463 privilege-escalation flaw in sudo's chroot feature with this minimal, reproducible proof of concept environment.", "fork": false, "created_at": "2025-09-20T00:42:07Z", - "updated_at": "2026-05-05T10:14:40Z", - "pushed_at": "2026-05-05T10:14:37Z", + "updated_at": "2026-05-05T17:45:55Z", + "pushed_at": "2026-05-05T17:45:51Z", "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, @@ -1680,8 +1680,8 @@ "description": null, "fork": false, "created_at": "2025-09-20T02:01:08Z", - "updated_at": "2026-05-05T10:14:40Z", - "pushed_at": "2026-05-05T10:14:36Z", + "updated_at": "2026-05-05T17:45:54Z", + "pushed_at": "2026-05-05T17:45:48Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2025/CVE-2025-33073.json b/2025/CVE-2025-33073.json index 39646ab255..f98f42ea18 100644 --- a/2025/CVE-2025-33073.json +++ b/2025/CVE-2025-33073.json @@ -14,10 +14,10 @@ "description": "PoC Exploit for the NTLM reflection SMB flaw.", "fork": false, "created_at": "2025-06-13T12:15:14Z", - "updated_at": "2026-04-29T08:30:58Z", + "updated_at": "2026-05-05T15:52:50Z", "pushed_at": "2026-02-18T09:15:40Z", - "stargazers_count": 699, - "watchers_count": 699, + "stargazers_count": 700, + "watchers_count": 700, "has_discussions": false, "forks_count": 133, "allow_forking": true, @@ -28,7 +28,7 @@ "topics": [], "visibility": "public", "forks": 133, - "watchers": 699, + "watchers": 700, "score": 0, "subscribers_count": 6 }, diff --git a/2025/CVE-2025-36911.json b/2025/CVE-2025-36911.json index 75ca534a75..e47fa855ea 100644 --- a/2025/CVE-2025-36911.json +++ b/2025/CVE-2025-36911.json @@ -294,8 +294,8 @@ "description": "🔍 Scan and research CVE-2025-36911 vulnerabilities with WPair, a specialized tool for Android built in Kotlin, ensuring your applications remain secure.", "fork": false, "created_at": "2026-01-29T01:59:47Z", - "updated_at": "2026-05-05T07:57:55Z", - "pushed_at": "2026-05-05T07:57:51Z", + "updated_at": "2026-05-05T13:11:16Z", + "pushed_at": "2026-05-05T13:10:37Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2025/CVE-2025-49144.json b/2025/CVE-2025-49144.json index 7f5134db88..162356c19a 100644 --- a/2025/CVE-2025-49144.json +++ b/2025/CVE-2025-49144.json @@ -251,8 +251,8 @@ "description": null, "fork": false, "created_at": "2025-09-19T17:17:19Z", - "updated_at": "2026-05-05T10:14:27Z", - "pushed_at": "2026-05-05T10:14:23Z", + "updated_at": "2026-05-05T17:45:39Z", + "pushed_at": "2026-05-05T17:45:35Z", "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, diff --git a/2025/CVE-2025-49844.json b/2025/CVE-2025-49844.json index a8b57c994d..9b939ab9ec 100644 --- a/2025/CVE-2025-49844.json +++ b/2025/CVE-2025-49844.json @@ -14,8 +14,8 @@ "description": "🔍 Explore and test the CVE-2025-49844 (RediShell) vulnerability in Redis with this practical lab environment for secure education and research.", "fork": false, "created_at": "2019-04-13T07:51:09Z", - "updated_at": "2026-05-05T10:56:04Z", - "pushed_at": "2026-05-05T10:56:01Z", + "updated_at": "2026-05-05T18:09:46Z", + "pushed_at": "2026-05-05T18:09:42Z", "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, @@ -66,8 +66,8 @@ "description": "🚨 Exploit the CVE-2025-49844 Redis Lua interpreter UAF vulnerability to execute arbitrary shellcode and gain persistent backdoor access.", "fork": false, "created_at": "2022-04-06T09:27:39Z", - "updated_at": "2026-05-05T10:57:48Z", - "pushed_at": "2026-05-05T10:57:44Z", + "updated_at": "2026-05-05T18:10:32Z", + "pushed_at": "2026-05-05T18:10:28Z", "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, diff --git a/2025/CVE-2025-52915.json b/2025/CVE-2025-52915.json index d4fece5204..91286edc1e 100644 --- a/2025/CVE-2025-52915.json +++ b/2025/CVE-2025-52915.json @@ -14,10 +14,10 @@ "description": "BYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology. (CVE-2025-52915, CVE-2025-1055,).", "fork": false, "created_at": "2023-12-05T14:52:11Z", - "updated_at": "2026-05-05T11:51:00Z", - "pushed_at": "2026-04-12T07:04:32Z", - "stargazers_count": 717, - "watchers_count": 717, + "updated_at": "2026-05-05T15:52:07Z", + "pushed_at": "2026-05-05T15:33:57Z", + "stargazers_count": 718, + "watchers_count": 718, "has_discussions": false, "forks_count": 108, "allow_forking": true, @@ -37,7 +37,7 @@ ], "visibility": "public", "forks": 108, - "watchers": 717, + "watchers": 718, "score": 0, "subscribers_count": 18 } diff --git a/2025/CVE-2025-5419.json b/2025/CVE-2025-5419.json index c5f36305b4..bf06e5ccba 100644 --- a/2025/CVE-2025-5419.json +++ b/2025/CVE-2025-5419.json @@ -14,8 +14,8 @@ "description": "🛡️ Analyze CVE-2025-5419 to exploit an uninitialized read vulnerability in V8 for arbitrary read\/write access within the sandbox environment.", "fork": false, "created_at": "2023-01-25T04:41:49Z", - "updated_at": "2026-05-05T08:13:07Z", - "pushed_at": "2026-05-05T08:13:04Z", + "updated_at": "2026-05-05T13:21:56Z", + "pushed_at": "2026-05-05T13:20:13Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2025/CVE-2025-54253.json b/2025/CVE-2025-54253.json index 5069e1fc61..55ab3176e1 100644 --- a/2025/CVE-2025-54253.json +++ b/2025/CVE-2025-54253.json @@ -67,8 +67,8 @@ "description": "🐙 CVE-2025-54253 exploit demo for Adobe AEM Forms on JEE: OGNL injection to RCE with PoC, Python 3.10 exploit code, reproducer and mitigation guidance.", "fork": false, "created_at": "2025-08-17T22:04:33Z", - "updated_at": "2026-05-05T10:01:06Z", - "pushed_at": "2026-05-05T10:01:02Z", + "updated_at": "2026-05-05T17:33:01Z", + "pushed_at": "2026-05-05T17:32:56Z", "stargazers_count": 2, "watchers_count": 2, "has_discussions": false, diff --git a/2025/CVE-2025-54424.json b/2025/CVE-2025-54424.json index 56fd63c287..a92630bf51 100644 --- a/2025/CVE-2025-54424.json +++ b/2025/CVE-2025-54424.json @@ -53,8 +53,8 @@ "description": "CVE-2025-54424: 1Panel TLS client cert bypass enables RCE via forged CN 'panel_client' using a bundled scanning and exploitation tool. Affected: <= v2.0.5. 🔐", "fork": false, "created_at": "2025-08-14T05:16:16Z", - "updated_at": "2026-05-05T10:00:06Z", - "pushed_at": "2026-05-05T10:00:02Z", + "updated_at": "2026-05-05T17:31:50Z", + "pushed_at": "2026-05-05T17:31:47Z", "stargazers_count": 2, "watchers_count": 2, "has_discussions": false, diff --git a/2025/CVE-2025-55182.json b/2025/CVE-2025-55182.json index a4e761a2aa..f1d5315401 100644 --- a/2025/CVE-2025-55182.json +++ b/2025/CVE-2025-55182.json @@ -14,8 +14,8 @@ "description": "🔍 Demonstrate CVE-2025-55182, a critical vulnerability in React Server Components allowing unauthenticated arbitrary code execution.", "fork": false, "created_at": "2021-09-18T02:04:33Z", - "updated_at": "2026-05-05T12:09:54Z", - "pushed_at": "2026-05-05T12:09:50Z", + "updated_at": "2026-05-05T18:45:10Z", + "pushed_at": "2026-05-05T18:45:05Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, @@ -66,8 +66,8 @@ "description": "🔍 Scan for CVE-2025-55182 risks in React Server Components with this non-intrusive tool that helps detect critical vulnerabilities in your applications.", "fork": false, "created_at": "2022-06-17T10:19:10Z", - "updated_at": "2026-05-05T12:09:16Z", - "pushed_at": "2026-05-05T12:09:12Z", + "updated_at": "2026-05-05T18:44:48Z", + "pushed_at": "2026-05-05T18:44:44Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, @@ -151,8 +151,8 @@ "description": "🔍 Detect vulnerabilities CVE-2025-55182 and CVE-2025-66478 in Next.js apps with this reliable command-line scanner.", "fork": false, "created_at": "2023-11-27T18:17:43Z", - "updated_at": "2026-05-05T12:09:28Z", - "pushed_at": "2026-05-05T12:09:24Z", + "updated_at": "2026-05-05T18:44:54Z", + "pushed_at": "2026-05-05T18:44:50Z", "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, @@ -251,8 +251,8 @@ "description": "🚨 Exploit and scan for CVE-2025-55182, a critical React\/Next.js vulnerability enabling remote code execution through prototype pollution techniques.", "fork": false, "created_at": "2024-05-28T16:48:51Z", - "updated_at": "2026-05-05T12:09:14Z", - "pushed_at": "2026-05-05T12:09:10Z", + "updated_at": "2026-05-05T18:44:49Z", + "pushed_at": "2026-05-05T18:44:44Z", "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, @@ -303,8 +303,8 @@ "description": null, "fork": false, "created_at": "2024-11-29T12:32:19Z", - "updated_at": "2026-05-05T12:10:28Z", - "pushed_at": "2026-05-05T12:10:24Z", + "updated_at": "2026-05-05T18:45:25Z", + "pushed_at": "2026-05-05T18:45:21Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, @@ -406,8 +406,8 @@ "description": "🚨 Exploit CVE-2025-55182 to demonstrate RCE in React Server Functions, highlighting risks from insecure prototype references in Next.js applications.", "fork": false, "created_at": "2025-06-06T16:34:46Z", - "updated_at": "2026-05-05T12:09:46Z", - "pushed_at": "2026-05-05T12:09:42Z", + "updated_at": "2026-05-05T18:45:07Z", + "pushed_at": "2026-05-05T18:45:03Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, @@ -458,8 +458,8 @@ "description": "⚠️ Explore a vulnerable environment to test security scanners against the CVE-2025-55182 RCE flaw in React Server Components and Next.js applications.", "fork": false, "created_at": "2025-07-15T18:33:34Z", - "updated_at": "2026-05-05T12:11:33Z", - "pushed_at": "2026-05-05T12:11:30Z", + "updated_at": "2026-05-05T18:46:02Z", + "pushed_at": "2026-05-05T18:45:58Z", "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, @@ -1252,7 +1252,7 @@ "stargazers_count": 2437, "watchers_count": 2437, "has_discussions": false, - "forks_count": 268, + "forks_count": 269, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -1260,7 +1260,7 @@ "pull_request_creation_policy": "all", "topics": [], "visibility": "public", - "forks": 268, + "forks": 269, "watchers": 2437, "score": 0, "subscribers_count": 13 @@ -12317,8 +12317,8 @@ "description": "🛡️ Explore CVE-2025-55182, a critical RCE vulnerability in React's Flight Protocol, demonstrating exploitation techniques and mitigation strategies.", "fork": false, "created_at": "2025-12-24T14:48:19Z", - "updated_at": "2026-05-05T12:09:00Z", - "pushed_at": "2026-05-05T12:08:56Z", + "updated_at": "2026-05-05T18:44:37Z", + "pushed_at": "2026-05-05T18:44:33Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, @@ -12402,8 +12402,8 @@ "description": "🚨 Identify and address CVE-2025-55182, a critical React Server vulnerability allowing remote code execution without authentication.", "fork": false, "created_at": "2025-12-24T18:44:51Z", - "updated_at": "2026-05-05T12:09:17Z", - "pushed_at": "2026-05-05T12:09:14Z", + "updated_at": "2026-05-05T18:44:47Z", + "pushed_at": "2026-05-05T18:44:43Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, @@ -12451,8 +12451,8 @@ "description": "🚨 Demonstrate CVE-2025-55182, a critical React vulnerability allowing remote code execution via prototype chain pollution in `react-server-dom-webpack@19.0.0`.", "fork": false, "created_at": "2025-12-24T18:48:07Z", - "updated_at": "2026-05-05T12:09:12Z", - "pushed_at": "2026-05-05T12:09:08Z", + "updated_at": "2026-05-05T18:44:49Z", + "pushed_at": "2026-05-05T18:44:45Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, @@ -12536,8 +12536,8 @@ "description": "🔍 Exploit CVE-2025-55182 in Next.js with this versatile tool for security research, featuring advanced payloads and WAF bypass techniques.", "fork": false, "created_at": "2025-12-25T19:28:28Z", - "updated_at": "2026-05-05T12:10:33Z", - "pushed_at": "2026-05-05T12:10:29Z", + "updated_at": "2026-05-05T18:45:33Z", + "pushed_at": "2026-05-05T18:45:29Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, @@ -12738,8 +12738,8 @@ "description": "⚡ Discover and exploit CVE-2025-55182 with this PoC, offering reliable remote code execution tests for React Server Components in Next.js.", "fork": false, "created_at": "2025-12-26T22:26:55Z", - "updated_at": "2026-05-05T12:11:07Z", - "pushed_at": "2026-05-05T12:11:03Z", + "updated_at": "2026-05-05T18:45:51Z", + "pushed_at": "2026-05-05T18:45:46Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, @@ -13008,8 +13008,8 @@ "description": "🛡️ Scan and assess vulnerabilities in Next.js\/Waku with the CVE-2025-55182-Scanner, combining static and dynamic analysis for robust security.", "fork": false, "created_at": "2026-01-02T01:28:57Z", - "updated_at": "2026-05-05T12:25:02Z", - "pushed_at": "2026-05-05T12:24:57Z", + "updated_at": "2026-05-05T18:50:52Z", + "pushed_at": "2026-05-05T18:50:48Z", "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, diff --git a/2025/CVE-2025-55184.json b/2025/CVE-2025-55184.json index 99674aae1d..40df318b3e 100644 --- a/2025/CVE-2025-55184.json +++ b/2025/CVE-2025-55184.json @@ -289,8 +289,8 @@ "description": "🛠️ Test and validate the CVE-2025-55184 vulnerability in React Server Components to enhance your application's security against denial-of-service attacks.", "fork": false, "created_at": "2026-01-02T05:04:03Z", - "updated_at": "2026-05-05T12:25:24Z", - "pushed_at": "2026-05-05T12:25:20Z", + "updated_at": "2026-05-05T18:51:12Z", + "pushed_at": "2026-05-05T18:51:07Z", "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, diff --git a/2025/CVE-2025-59287.json b/2025/CVE-2025-59287.json index 19052db63a..0e06bc84b6 100644 --- a/2025/CVE-2025-59287.json +++ b/2025/CVE-2025-59287.json @@ -200,8 +200,8 @@ "description": "🔍 Analyze WSUS deserialization behavior to enhance security, generate reports, and identify configuration weaknesses in your infrastructure.", "fork": false, "created_at": "2026-01-29T02:16:04Z", - "updated_at": "2026-05-05T07:57:57Z", - "pushed_at": "2026-05-05T07:57:53Z", + "updated_at": "2026-05-05T13:12:05Z", + "pushed_at": "2026-05-05T13:10:57Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2025/CVE-2025-61882.json b/2025/CVE-2025-61882.json index 6ad9435128..45c270d7f3 100644 --- a/2025/CVE-2025-61882.json +++ b/2025/CVE-2025-61882.json @@ -14,8 +14,8 @@ "description": "🔍 Detect vulnerabilities CVE-2025-61882 and CVE-2025-61884 in Oracle E-Business Suite to help secure your systems from potential remote code execution threats.", "fork": false, "created_at": "2025-03-04T15:38:32Z", - "updated_at": "2026-05-05T10:54:48Z", - "pushed_at": "2026-05-05T10:54:44Z", + "updated_at": "2026-05-05T18:09:06Z", + "pushed_at": "2026-05-05T18:09:02Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2025/CVE-2025-62215.json b/2025/CVE-2025-62215.json index 5faf0e7892..1742978c3c 100644 --- a/2025/CVE-2025-62215.json +++ b/2025/CVE-2025-62215.json @@ -179,12 +179,12 @@ "description": null, "fork": false, "created_at": "2026-03-02T10:34:07Z", - "updated_at": "2026-05-05T04:45:40Z", + "updated_at": "2026-05-05T18:28:13Z", "pushed_at": "2026-05-05T04:45:36Z", - "stargazers_count": 0, - "watchers_count": 0, + "stargazers_count": 2, + "watchers_count": 2, "has_discussions": false, - "forks_count": 0, + "forks_count": 1, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -192,8 +192,8 @@ "pull_request_creation_policy": "all", "topics": [], "visibility": "public", - "forks": 0, - "watchers": 0, + "forks": 1, + "watchers": 2, "score": 0, "subscribers_count": 0 } diff --git a/2025/CVE-2025-6554.json b/2025/CVE-2025-6554.json index ce1e7e11a1..fa5a5cfc62 100644 --- a/2025/CVE-2025-6554.json +++ b/2025/CVE-2025-6554.json @@ -179,8 +179,8 @@ "description": "🔍 Demonstrate and validate the `addressof` and `fakeobj` primitives in the V8 sandbox for advanced security research on CVE-2025-6554.", "fork": false, "created_at": "2025-08-10T21:07:43Z", - "updated_at": "2026-05-05T11:57:01Z", - "pushed_at": "2026-05-05T11:56:57Z", + "updated_at": "2026-05-05T18:39:28Z", + "pushed_at": "2026-05-05T18:39:25Z", "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, diff --git a/2025/CVE-2025-65857.json b/2025/CVE-2025-65857.json index fbd05f5eb2..0c5662da12 100644 --- a/2025/CVE-2025-65857.json +++ b/2025/CVE-2025-65857.json @@ -14,12 +14,12 @@ "description": "Xiongmai XM530 IP Camera Hardcoded RTSP Credentials Exposure", "fork": false, "created_at": "2025-12-17T15:40:32Z", - "updated_at": "2025-12-20T11:03:07Z", + "updated_at": "2026-05-05T18:14:27Z", "pushed_at": "2025-12-20T11:03:03Z", - "stargazers_count": 0, - "watchers_count": 0, + "stargazers_count": 1, + "watchers_count": 1, "has_discussions": false, - "forks_count": 0, + "forks_count": 1, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -27,8 +27,8 @@ "pull_request_creation_policy": "all", "topics": [], "visibility": "public", - "forks": 0, - "watchers": 0, + "forks": 1, + "watchers": 1, "score": 0, "subscribers_count": 0 } diff --git a/2025/CVE-2025-66398.json b/2025/CVE-2025-66398.json index 5eb723cc65..08b3b32b47 100644 --- a/2025/CVE-2025-66398.json +++ b/2025/CVE-2025-66398.json @@ -64,8 +64,8 @@ "description": "Demonstrate exploitation of Signal K Server CVE-2025-66398 allowing unauthenticated attackers to inject backdoor and enable remote code execution.", "fork": false, "created_at": "2026-03-23T09:09:21Z", - "updated_at": "2026-05-05T00:29:26Z", - "pushed_at": "2026-05-05T00:29:23Z", + "updated_at": "2026-05-05T13:52:25Z", + "pushed_at": "2026-05-05T13:50:00Z", "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, diff --git a/2025/CVE-2025-66478.json b/2025/CVE-2025-66478.json index 886459f74a..35f15dde4d 100644 --- a/2025/CVE-2025-66478.json +++ b/2025/CVE-2025-66478.json @@ -14,8 +14,8 @@ "description": "🔧 Fix vulnerable versions in Next.js and React RSC apps with one command to secure against CVE-2025-66478. Improve your app's safety effortlessly.", "fork": false, "created_at": "2025-10-01T07:40:09Z", - "updated_at": "2026-05-05T12:12:11Z", - "pushed_at": "2026-05-05T12:12:07Z", + "updated_at": "2026-05-05T18:46:31Z", + "pushed_at": "2026-05-05T18:46:26Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2025/CVE-2025-68921.json b/2025/CVE-2025-68921.json index 43fa8a09cf..8cf25b1e08 100644 --- a/2025/CVE-2025-68921.json +++ b/2025/CVE-2025-68921.json @@ -47,8 +47,8 @@ "description": "🔍 Identify and understand the local privilege escalation vulnerability (CVE-2025-68921) in Nahimic audio software, impacting many gaming laptops.", "fork": false, "created_at": "2026-01-24T21:00:41Z", - "updated_at": "2026-05-05T07:52:31Z", - "pushed_at": "2026-05-05T07:52:27Z", + "updated_at": "2026-05-05T13:07:43Z", + "pushed_at": "2026-05-05T13:07:39Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2025/CVE-2025-69256.json b/2025/CVE-2025-69256.json index 8623f06a33..168772e57a 100644 --- a/2025/CVE-2025-69256.json +++ b/2025/CVE-2025-69256.json @@ -47,8 +47,8 @@ "description": "Layer-2 supply-chain hardening for MCP servers — Ed25519-signed tool manifests, runtime spawn-attestation, default-deny argument sanitizer. Defends against marketplace-poisoning + CVE-2025-69256 + CVE-2025-61591.", "fork": false, "created_at": "2026-04-27T20:12:08Z", - "updated_at": "2026-05-04T03:13:11Z", - "pushed_at": "2026-05-04T03:13:06Z", + "updated_at": "2026-05-05T16:04:02Z", + "pushed_at": "2026-05-05T16:02:56Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": true, diff --git a/2025/CVE-2025-69985.json b/2025/CVE-2025-69985.json index aa333e2c83..da6a0c039e 100644 --- a/2025/CVE-2025-69985.json +++ b/2025/CVE-2025-69985.json @@ -14,8 +14,8 @@ "description": "Exploit CVE-2025-69985 to bypass authentication and execute remote commands on FUXA versions ≤ 1.2.8 via the \/api\/runscript endpoint.", "fork": false, "created_at": "2025-04-10T09:18:30Z", - "updated_at": "2026-05-05T00:11:16Z", - "pushed_at": "2026-05-05T00:11:13Z", + "updated_at": "2026-05-05T13:37:46Z", + "pushed_at": "2026-05-05T13:37:40Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2025/CVE-2025-70795.json b/2025/CVE-2025-70795.json index 47e8a9b2f0..a0a74d0914 100644 --- a/2025/CVE-2025-70795.json +++ b/2025/CVE-2025-70795.json @@ -14,8 +14,8 @@ "description": "🛠 Exploit and control Windows processes using CVE-2025-70795 and CVE-2026-0828 with driver-based termination tools.", "fork": false, "created_at": "2024-04-20T04:18:24Z", - "updated_at": "2026-05-05T00:00:56Z", - "pushed_at": "2026-05-05T00:00:52Z", + "updated_at": "2026-05-05T13:33:02Z", + "pushed_at": "2026-05-05T13:30:51Z", "stargazers_count": 2, "watchers_count": 2, "has_discussions": false, diff --git a/2025/CVE-2025-8088.json b/2025/CVE-2025-8088.json index a3098d968e..da33e73aaa 100644 --- a/2025/CVE-2025-8088.json +++ b/2025/CVE-2025-8088.json @@ -838,8 +838,8 @@ "description": "🛠 Exploit CVE-2025-8088 with this Python tool to generate malicious WinRAR archives that ensure payload persistence in Windows startup folders.", "fork": false, "created_at": "2025-12-20T13:52:21Z", - "updated_at": "2026-05-05T12:00:24Z", - "pushed_at": "2026-05-05T12:00:18Z", + "updated_at": "2026-05-05T18:41:28Z", + "pushed_at": "2026-05-05T18:41:24Z", "stargazers_count": 2, "watchers_count": 2, "has_discussions": false, diff --git a/2026/CVE-2026-0828.json b/2026/CVE-2026-0828.json index 630c4d7ef1..ba1ef72ca5 100644 --- a/2026/CVE-2026-0828.json +++ b/2026/CVE-2026-0828.json @@ -14,8 +14,8 @@ "description": "🛠 Exploit and control Windows processes using CVE-2025-70795 and CVE-2026-0828 with driver-based termination tools.", "fork": false, "created_at": "2024-04-20T04:18:24Z", - "updated_at": "2026-05-05T00:00:56Z", - "pushed_at": "2026-05-05T00:00:52Z", + "updated_at": "2026-05-05T13:33:02Z", + "pushed_at": "2026-05-05T13:30:51Z", "stargazers_count": 2, "watchers_count": 2, "has_discussions": false, diff --git a/2026/CVE-2026-1581.json b/2026/CVE-2026-1581.json deleted file mode 100644 index 2c1c5739cd..0000000000 --- a/2026/CVE-2026-1581.json +++ /dev/null @@ -1,35 +0,0 @@ -[ - { - "id": 1168528859, - "name": "CVE-2026-1581-Analysis-Lab", - "full_name": "rootdirective-sec\/CVE-2026-1581-Analysis-Lab", - "owner": { - "login": "rootdirective-sec", - "id": 253299769, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/253299769?v=4", - "html_url": "https:\/\/github.com\/rootdirective-sec", - "user_view_type": "public" - }, - "html_url": "https:\/\/github.com\/rootdirective-sec\/CVE-2026-1581-Analysis-Lab", - "description": null, - "fork": false, - "created_at": "2026-02-27T13:52:57Z", - "updated_at": "2026-03-12T11:35:53Z", - "pushed_at": "2026-02-27T13:59:08Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "has_pull_requests": true, - "pull_request_creation_policy": "all", - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0, - "subscribers_count": 0 - } -] \ No newline at end of file diff --git a/2026/CVE-2026-20841.json b/2026/CVE-2026-20841.json index 64f3c878d5..b870c97c96 100644 --- a/2026/CVE-2026-20841.json +++ b/2026/CVE-2026-20841.json @@ -14,8 +14,8 @@ "description": "🛠 Demonstrate remote code execution in Windows Notepad via markdown links exploiting unsecured URL protocols.", "fork": false, "created_at": "2024-09-22T12:19:06Z", - "updated_at": "2026-05-04T23:59:12Z", - "pushed_at": "2026-05-04T23:59:09Z", + "updated_at": "2026-05-05T13:30:37Z", + "pushed_at": "2026-05-05T13:29:40Z", "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, @@ -66,8 +66,8 @@ "description": "🛠 Demonstrate remote code execution in Windows Notepad versions below 11.2510 using the CVE-2026-20841 proof of concept.", "fork": false, "created_at": "2026-02-26T05:21:28Z", - "updated_at": "2026-05-04T18:26:09Z", - "pushed_at": "2026-05-04T18:26:06Z", + "updated_at": "2026-05-05T13:30:38Z", + "pushed_at": "2026-05-05T13:28:59Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2026/CVE-2026-21385.json b/2026/CVE-2026-21385.json index 1ce570f751..1e139bf3aa 100644 --- a/2026/CVE-2026-21385.json +++ b/2026/CVE-2026-21385.json @@ -19,7 +19,7 @@ "stargazers_count": 8, "watchers_count": 8, "has_discussions": false, - "forks_count": 2, + "forks_count": 3, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -34,7 +34,7 @@ "tool" ], "visibility": "public", - "forks": 2, + "forks": 3, "watchers": 8, "score": 0, "subscribers_count": 1 diff --git a/2026/CVE-2026-21852.json b/2026/CVE-2026-21852.json index 18b6e0610e..224754561e 100644 --- a/2026/CVE-2026-21852.json +++ b/2026/CVE-2026-21852.json @@ -1,70 +1,4 @@ [ - { - "id": 1168062651, - "name": "CVE-2026-21852-PoC", - "full_name": "atiilla\/CVE-2026-21852-PoC", - "owner": { - "login": "atiilla", - "id": 9992685, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/9992685?v=4", - "html_url": "https:\/\/github.com\/atiilla", - "user_view_type": "public" - }, - "html_url": "https:\/\/github.com\/atiilla\/CVE-2026-21852-PoC", - "description": null, - "fork": false, - "created_at": "2026-02-27T01:13:21Z", - "updated_at": "2026-04-11T02:02:51Z", - "pushed_at": "2026-02-27T05:12:39Z", - "stargazers_count": 21, - "watchers_count": 21, - "has_discussions": false, - "forks_count": 10, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "has_pull_requests": true, - "pull_request_creation_policy": "all", - "topics": [], - "visibility": "public", - "forks": 10, - "watchers": 21, - "score": 0, - "subscribers_count": 0 - }, - { - "id": 1168767224, - "name": "CVE-Archive", - "full_name": "M0broot\/CVE-Archive", - "owner": { - "login": "M0broot", - "id": 121744525, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/121744525?v=4", - "html_url": "https:\/\/github.com\/M0broot", - "user_view_type": "public" - }, - "html_url": "https:\/\/github.com\/M0broot\/CVE-Archive", - "description": "Claude Code Vulnerability [CVE-2026-21852]", - "fork": false, - "created_at": "2026-02-27T19:18:11Z", - "updated_at": "2026-02-27T19:18:12Z", - "pushed_at": "2026-02-27T19:18:12Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "has_pull_requests": true, - "pull_request_creation_policy": "all", - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0, - "subscribers_count": 0 - }, { "id": 1215681296, "name": "ai-ide-config-guard", diff --git a/2026/CVE-2026-21902.json b/2026/CVE-2026-21902.json deleted file mode 100644 index 39fbde240d..0000000000 --- a/2026/CVE-2026-21902.json +++ /dev/null @@ -1,35 +0,0 @@ -[ - { - "id": 1169211294, - "name": "watchTowr-vs-JunosEvolved-CVE-2026-21902", - "full_name": "watchtowrlabs\/watchTowr-vs-JunosEvolved-CVE-2026-21902", - "owner": { - "login": "watchtowrlabs", - "id": 99977116, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/99977116?v=4", - "html_url": "https:\/\/github.com\/watchtowrlabs", - "user_view_type": "public" - }, - "html_url": "https:\/\/github.com\/watchtowrlabs\/watchTowr-vs-JunosEvolved-CVE-2026-21902", - "description": null, - "fork": false, - "created_at": "2026-02-28T10:43:32Z", - "updated_at": "2026-03-19T13:02:48Z", - "pushed_at": "2026-03-03T11:04:40Z", - "stargazers_count": 4, - "watchers_count": 4, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "has_pull_requests": false, - "pull_request_creation_policy": "all", - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 4, - "score": 0, - "subscribers_count": 0 - } -] \ No newline at end of file diff --git a/2026/CVE-2026-22679.json b/2026/CVE-2026-22679.json index 9e0a6c87b6..25f6dab66e 100644 --- a/2026/CVE-2026-22679.json +++ b/2026/CVE-2026-22679.json @@ -14,7 +14,7 @@ "description": "Critical RCE vulnerability (CVSS 9.3) in Weaver E-cology platform versions prior to build 20260312. Unauthenticated remote code execution via exposed debug endpoint at \/papi\/esearch\/data\/devops\/dubboApi\/debug\/method. Comprehensive analysis, proof-of-concept, and detection guidance included.", "fork": false, "created_at": "2026-04-16T13:55:42Z", - "updated_at": "2026-04-16T14:12:54Z", + "updated_at": "2026-05-05T14:24:30Z", "pushed_at": "2026-04-16T13:56:56Z", "stargazers_count": 0, "watchers_count": 0, diff --git a/2026/CVE-2026-23842.json b/2026/CVE-2026-23842.json deleted file mode 100644 index 974bd8e1e0..0000000000 --- a/2026/CVE-2026-23842.json +++ /dev/null @@ -1,42 +0,0 @@ -[ - { - "id": 1169798784, - "name": "CVE-2026-23842-Denial-of-Service-via-Database-Connection-Pool-Exhaustion-version-1.2.10", - "full_name": "AdityaBhatt3010\/CVE-2026-23842-Denial-of-Service-via-Database-Connection-Pool-Exhaustion-version-1.2.10", - "owner": { - "login": "AdityaBhatt3010", - "id": 96762636, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/96762636?v=4", - "html_url": "https:\/\/github.com\/AdityaBhatt3010", - "user_view_type": "public" - }, - "html_url": "https:\/\/github.com\/AdityaBhatt3010\/CVE-2026-23842-Denial-of-Service-via-Database-Connection-Pool-Exhaustion-version-1.2.10", - "description": "CVE-2026-23842 — High severity Denial-of-Service vulnerability caused by SQLAlchemy connection pool exhaustion in concurrent get_response() calls in ChatterBot ≤ 1.2.10.", - "fork": false, - "created_at": "2026-03-01T08:23:17Z", - "updated_at": "2026-05-04T07:51:56Z", - "pushed_at": "2026-03-01T08:33:07Z", - "stargazers_count": 2, - "watchers_count": 2, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "has_pull_requests": true, - "pull_request_creation_policy": "all", - "topics": [ - "chatterbot", - "cve", - "cybersecurity", - "dos", - "exploit", - "race-conditions" - ], - "visibility": "public", - "forks": 0, - "watchers": 2, - "score": 0, - "subscribers_count": 0 - } -] \ No newline at end of file diff --git a/2026/CVE-2026-23918.json b/2026/CVE-2026-23918.json index 0f14a860ce..7c553df61f 100644 --- a/2026/CVE-2026-23918.json +++ b/2026/CVE-2026-23918.json @@ -14,12 +14,12 @@ "description": "Elite reconnaissance script for auditing Apache's HTTP\/2 stack against memory corruption (CVE-2026-23918). Features ALPN protocol forcing and monochrome dashboard intelligence. Built for Blue Teams and Security Researchers.", "fork": false, "created_at": "2026-05-05T09:52:27Z", - "updated_at": "2026-05-05T11:03:28Z", + "updated_at": "2026-05-05T14:07:40Z", "pushed_at": "2026-05-05T11:03:24Z", "stargazers_count": 2, "watchers_count": 2, "has_discussions": false, - "forks_count": 0, + "forks_count": 1, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -27,7 +27,7 @@ "pull_request_creation_policy": "all", "topics": [], "visibility": "public", - "forks": 0, + "forks": 1, "watchers": 2, "score": 0, "subscribers_count": 0 @@ -47,8 +47,41 @@ "description": "This repository contains a Proof of Concept (PoC) demonstrating the Double Free vulnerability (CVE-2026-23918) in Apache HTTP Server 2.4.66 `mod_http2`.", "fork": false, "created_at": "2026-05-05T11:31:35Z", - "updated_at": "2026-05-05T11:33:34Z", - "pushed_at": "2026-05-05T11:33:30Z", + "updated_at": "2026-05-05T15:16:24Z", + "pushed_at": "2026-05-05T15:04:59Z", + "stargazers_count": 1, + "watchers_count": 1, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "has_pull_requests": true, + "pull_request_creation_policy": "all", + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 1, + "score": 0, + "subscribers_count": 0 + }, + { + "id": 1229902051, + "name": "Apache-CVE-2026-23918-fix", + "full_name": "rshosting\/Apache-CVE-2026-23918-fix", + "owner": { + "login": "rshosting", + "id": 109739592, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/109739592?v=4", + "html_url": "https:\/\/github.com\/rshosting", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/rshosting\/Apache-CVE-2026-23918-fix", + "description": "Upgrade to Apache 2.4.67 to fix CVE-2026-23918 vulneribility", + "fork": false, + "created_at": "2026-05-05T13:44:40Z", + "updated_at": "2026-05-05T15:09:34Z", + "pushed_at": "2026-05-05T15:08:35Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, @@ -64,5 +97,38 @@ "watchers": 0, "score": 0, "subscribers_count": 0 + }, + { + "id": 1230131993, + "name": "CVE-2026-23918-Passive-Audit", + "full_name": "aa022\/CVE-2026-23918-Passive-Audit", + "owner": { + "login": "aa022", + "id": 117016786, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/117016786?v=4", + "html_url": "https:\/\/github.com\/aa022", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/aa022\/CVE-2026-23918-Passive-Audit", + "description": "Passive HTTP metadata auditor for CVE-2026-23918 exposure triage", + "fork": false, + "created_at": "2026-05-05T17:55:08Z", + "updated_at": "2026-05-05T18:39:57Z", + "pushed_at": "2026-05-05T18:39:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": true, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "has_pull_requests": true, + "pull_request_creation_policy": "all", + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2026/CVE-2026-2406.json b/2026/CVE-2026-2406.json index 57d56834e9..0590e230f1 100644 --- a/2026/CVE-2026-2406.json +++ b/2026/CVE-2026-2406.json @@ -14,8 +14,8 @@ "description": "🔍 Analyze and detect CVE-2026-2406 vulnerabilities in Telnet to enhance security and prevent unauthorized access with this professional research engine.", "fork": false, "created_at": "2025-04-16T07:20:12Z", - "updated_at": "2026-05-05T08:12:10Z", - "pushed_at": "2026-05-05T08:12:07Z", + "updated_at": "2026-05-05T13:23:17Z", + "pushed_at": "2026-05-05T13:20:46Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2026/CVE-2026-24061.json b/2026/CVE-2026-24061.json index 901978f7ac..731189bc1f 100644 --- a/2026/CVE-2026-24061.json +++ b/2026/CVE-2026-24061.json @@ -47,8 +47,8 @@ "description": "🚨 Exploit CVE-2026-24061, a critical remote authentication bypass in GNU inetutils-telnetd, for instant root shell access without authentication.", "fork": false, "created_at": "2026-02-03T19:46:10Z", - "updated_at": "2026-05-05T08:06:00Z", - "pushed_at": "2026-05-05T08:05:57Z", + "updated_at": "2026-05-05T13:17:49Z", + "pushed_at": "2026-05-05T13:15:45Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, @@ -116,39 +116,6 @@ "score": 0, "subscribers_count": 0 }, - { - "id": 1171299106, - "name": "telnetd", - "full_name": "setuju\/telnetd", - "owner": { - "login": "setuju", - "id": 75092451, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/75092451?v=4", - "html_url": "https:\/\/github.com\/setuju", - "user_view_type": "public" - }, - "html_url": "https:\/\/github.com\/setuju\/telnetd", - "description": "Idk what to do here, ill edit soon, but its for the telnetd CVE-2026-24061", - "fork": false, - "created_at": "2026-03-03T04:31:50Z", - "updated_at": "2026-04-02T11:47:27Z", - "pushed_at": "2026-03-03T04:33:38Z", - "stargazers_count": 1, - "watchers_count": 1, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "has_pull_requests": true, - "pull_request_creation_policy": "all", - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 1, - "score": 0, - "subscribers_count": 0 - }, { "id": 1171391359, "name": "CVE-2026-24061", diff --git a/2026/CVE-2026-24072.json b/2026/CVE-2026-24072.json new file mode 100644 index 0000000000..f4c3607875 --- /dev/null +++ b/2026/CVE-2026-24072.json @@ -0,0 +1,35 @@ +[ + { + "id": 1230175570, + "name": "CVE-2026-24072-Analysis", + "full_name": "EricRHancock-coder\/CVE-2026-24072-Analysis", + "owner": { + "login": "EricRHancock-coder", + "id": 274313372, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/274313372?v=4", + "html_url": "https:\/\/github.com\/EricRHancock-coder", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/EricRHancock-coder\/CVE-2026-24072-Analysis", + "description": "Analysis of CVE-2026-24072", + "fork": false, + "created_at": "2026-05-05T18:48:29Z", + "updated_at": "2026-05-05T18:48:30Z", + "pushed_at": "2026-05-05T18:48:30Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "has_pull_requests": true, + "pull_request_creation_policy": "all", + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2026/CVE-2026-24291.json b/2026/CVE-2026-24291.json index ea7200e3be..7872a8fe98 100644 --- a/2026/CVE-2026-24291.json +++ b/2026/CVE-2026-24291.json @@ -80,8 +80,8 @@ "description": "Exploit Windows local privilege escalation on clients and servers using tested code for CVE-2026-24291 across multiple Windows versions", "fork": false, "created_at": "2026-03-26T04:38:27Z", - "updated_at": "2026-05-04T18:49:16Z", - "pushed_at": "2026-05-04T18:49:12Z", + "updated_at": "2026-05-05T14:01:44Z", + "pushed_at": "2026-05-05T13:58:15Z", "stargazers_count": 2, "watchers_count": 2, "has_discussions": false, diff --git a/2026/CVE-2026-2441.json b/2026/CVE-2026-2441.json index 9911735ce0..d8948bc228 100644 --- a/2026/CVE-2026-2441.json +++ b/2026/CVE-2026-2441.json @@ -1,37 +1,4 @@ [ - { - "id": 1170127318, - "name": "CVE-2026-2441-PoC", - "full_name": "D3b0j33t\/CVE-2026-2441-PoC", - "owner": { - "login": "D3b0j33t", - "id": 161986304, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/161986304?v=4", - "html_url": "https:\/\/github.com\/D3b0j33t", - "user_view_type": "public" - }, - "html_url": "https:\/\/github.com\/D3b0j33t\/CVE-2026-2441-PoC", - "description": null, - "fork": false, - "created_at": "2026-03-01T18:34:18Z", - "updated_at": "2026-03-01T18:36:45Z", - "pushed_at": "2026-03-01T18:36:41Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "has_pull_requests": true, - "pull_request_creation_policy": "all", - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0, - "subscribers_count": 0 - }, { "id": 1171705096, "name": "CVE-2026-2441-PoC", @@ -47,8 +14,8 @@ "description": "Demonstrate a proof-of-concept exploit for CVE-2026-2441, a high-risk Chrome use-after-free vulnerability in the Blink CSS engine.", "fork": false, "created_at": "2026-03-03T14:19:18Z", - "updated_at": "2026-05-05T00:04:00Z", - "pushed_at": "2026-05-05T00:03:56Z", + "updated_at": "2026-05-05T13:32:58Z", + "pushed_at": "2026-05-05T13:32:40Z", "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, diff --git a/2026/CVE-2026-2472.json b/2026/CVE-2026-2472.json index 38c59893aa..174bbf44ff 100644 --- a/2026/CVE-2026-2472.json +++ b/2026/CVE-2026-2472.json @@ -1,55 +1,4 @@ [ - { - "id": 1168579521, - "name": "CVE-2026-2472-Vertex-AI-SDK-Google-Cloud", - "full_name": "JoshuaProvoste\/CVE-2026-2472-Vertex-AI-SDK-Google-Cloud", - "owner": { - "login": "JoshuaProvoste", - "id": 8358462, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/8358462?v=4", - "html_url": "https:\/\/github.com\/JoshuaProvoste", - "user_view_type": "public" - }, - "html_url": "https:\/\/github.com\/JoshuaProvoste\/CVE-2026-2472-Vertex-AI-SDK-Google-Cloud", - "description": "Technical PoC for CVE-2026-2472 (GCP-2026-011): Unauthenticated and Stored Cross-Site Scripting (XSS) in google-cloud-aiplatform _genai\/_evals_visualization (Vertex AI Python SDK) affecting Jupyter\/Colab.", - "fork": false, - "created_at": "2026-02-27T14:57:39Z", - "updated_at": "2026-02-28T09:17:29Z", - "pushed_at": "2026-02-27T17:32:33Z", - "stargazers_count": 5, - "watchers_count": 5, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "has_pull_requests": true, - "pull_request_creation_policy": "all", - "topics": [ - "colab", - "colab-notebook", - "cve-2026-2472", - "gcp-2026-011", - "google", - "google-cloud", - "google-cloud-platform", - "jupyter", - "jupyter-notebook", - "python-aiplatform", - "vertex-ai", - "vertex-ai-sdk", - "xss", - "xss-exploitation", - "xss-injection", - "xss-payloads", - "xss-vulnerability" - ], - "visibility": "public", - "forks": 1, - "watchers": 5, - "score": 0, - "subscribers_count": 0 - }, { "id": 1177953316, "name": "CVE-2026-2472-Vertex-AI-SDK-Google-Cloud", @@ -65,10 +14,10 @@ "description": "Expose and detail an unauthenticated stored XSS vulnerability in the Google Cloud Vertex AI Python SDK affecting versions 1.98.0 to 1.130.9.", "fork": false, "created_at": "2026-03-10T14:40:04Z", - "updated_at": "2026-05-05T00:14:44Z", - "pushed_at": "2026-05-05T00:14:39Z", - "stargazers_count": 1, - "watchers_count": 1, + "updated_at": "2026-05-05T13:40:55Z", + "pushed_at": "2026-05-05T13:39:33Z", + "stargazers_count": 2, + "watchers_count": 2, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -95,7 +44,7 @@ ], "visibility": "public", "forks": 0, - "watchers": 1, + "watchers": 2, "score": 0, "subscribers_count": 0 } diff --git a/2026/CVE-2026-25643.json b/2026/CVE-2026-25643.json index 417b44760b..194119e82c 100644 --- a/2026/CVE-2026-25643.json +++ b/2026/CVE-2026-25643.json @@ -14,8 +14,8 @@ "description": "Exploit Frigate NVR ≤0.16.3 to execute commands remotely by abusing a configuration flaw without needing shell access or output capture.", "fork": false, "created_at": "2026-03-07T20:23:08Z", - "updated_at": "2026-05-04T18:34:20Z", - "pushed_at": "2026-05-04T18:34:16Z", + "updated_at": "2026-05-05T13:38:04Z", + "pushed_at": "2026-05-05T13:37:07Z", "stargazers_count": 2, "watchers_count": 2, "has_discussions": false, diff --git a/2026/CVE-2026-25940.json b/2026/CVE-2026-26114.json similarity index 58% rename from 2026/CVE-2026-25940.json rename to 2026/CVE-2026-26114.json index 8ffc8dae04..c1db862441 100644 --- a/2026/CVE-2026-25940.json +++ b/2026/CVE-2026-26114.json @@ -1,21 +1,21 @@ [ { - "id": 1170340021, - "name": "CVE-2026-25940", - "full_name": "dajneem23\/CVE-2026-25940", + "id": 1213181609, + "name": "cve-2026-26114", + "full_name": "huynambka\/cve-2026-26114", "owner": { - "login": "dajneem23", - "id": 56623206, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/56623206?v=4", - "html_url": "https:\/\/github.com\/dajneem23", + "login": "huynambka", + "id": 109231260, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/109231260?v=4", + "html_url": "https:\/\/github.com\/huynambka", "user_view_type": "public" }, - "html_url": "https:\/\/github.com\/dajneem23\/CVE-2026-25940", + "html_url": "https:\/\/github.com\/huynambka\/cve-2026-26114", "description": null, "fork": false, - "created_at": "2026-03-02T02:32:14Z", - "updated_at": "2026-03-02T02:32:20Z", - "pushed_at": "2026-03-02T02:32:17Z", + "created_at": "2026-04-17T05:56:51Z", + "updated_at": "2026-05-05T13:03:32Z", + "pushed_at": "2026-05-05T13:03:27Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2026/CVE-2026-26268.json b/2026/CVE-2026-26268.json new file mode 100644 index 0000000000..bfcfe0177c --- /dev/null +++ b/2026/CVE-2026-26268.json @@ -0,0 +1,35 @@ +[ + { + "id": 1229974205, + "name": "agentic-ioc-scanner", + "full_name": "dhawaldesai\/agentic-ioc-scanner", + "owner": { + "login": "dhawaldesai", + "id": 72374486, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/72374486?v=4", + "html_url": "https:\/\/github.com\/dhawaldesai", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/dhawaldesai\/agentic-ioc-scanner", + "description": "IOC scanner for agentic AI coding tools — detects Mini Shai-Hulud, Gemini CLI RCE, Cursor CVE-2026-26268, and DPRK PromptMink.", + "fork": false, + "created_at": "2026-05-05T14:57:30Z", + "updated_at": "2026-05-05T18:37:41Z", + "pushed_at": "2026-05-05T17:32:50Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "has_pull_requests": true, + "pull_request_creation_policy": "all", + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2026/CVE-2026-2749.json b/2026/CVE-2026-2749.json deleted file mode 100644 index a74799b891..0000000000 --- a/2026/CVE-2026-2749.json +++ /dev/null @@ -1,35 +0,0 @@ -[ - { - "id": 1166040116, - "name": "Centreon-Exploits-2026", - "full_name": "hakaioffsec\/Centreon-Exploits-2026", - "owner": { - "login": "hakaioffsec", - "id": 99059183, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/99059183?v=4", - "html_url": "https:\/\/github.com\/hakaioffsec", - "user_view_type": "public" - }, - "html_url": "https:\/\/github.com\/hakaioffsec\/Centreon-Exploits-2026", - "description": "Centreon exploits CVE-2026-2749, CVE-2026-2751 and CVE-2026-2750", - "fork": false, - "created_at": "2026-02-24T20:17:49Z", - "updated_at": "2026-03-08T16:16:20Z", - "pushed_at": "2026-03-02T17:54:39Z", - "stargazers_count": 9, - "watchers_count": 9, - "has_discussions": false, - "forks_count": 1, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "has_pull_requests": true, - "pull_request_creation_policy": "all", - "topics": [], - "visibility": "public", - "forks": 1, - "watchers": 9, - "score": 0, - "subscribers_count": 0 - } -] \ No newline at end of file diff --git a/2026/CVE-2026-27579.json b/2026/CVE-2026-27579.json deleted file mode 100644 index 14b8361098..0000000000 --- a/2026/CVE-2026-27579.json +++ /dev/null @@ -1,42 +0,0 @@ -[ - { - "id": 1169806761, - "name": "CVE-2026-27579-CORS-Misconfiguration-Leading-to-Authenticated-Data-Exposure", - "full_name": "AdityaBhatt3010\/CVE-2026-27579-CORS-Misconfiguration-Leading-to-Authenticated-Data-Exposure", - "owner": { - "login": "AdityaBhatt3010", - "id": 96762636, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/96762636?v=4", - "html_url": "https:\/\/github.com\/AdityaBhatt3010", - "user_view_type": "public" - }, - "html_url": "https:\/\/github.com\/AdityaBhatt3010\/CVE-2026-27579-CORS-Misconfiguration-Leading-to-Authenticated-Data-Exposure", - "description": "CVE-2026-27579 - CORS Misconfiguration – Arbitrary Origin with Credentials → Authenticated Cross-Origin Account Data Exposure", - "fork": false, - "created_at": "2026-03-01T08:41:29Z", - "updated_at": "2026-05-04T07:51:55Z", - "pushed_at": "2026-03-01T08:48:41Z", - "stargazers_count": 3, - "watchers_count": 3, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "has_pull_requests": true, - "pull_request_creation_policy": "all", - "topics": [ - "collab", - "cors", - "cross-origin-resource-sharing", - "cve", - "cybersecurity", - "exploit" - ], - "visibility": "public", - "forks": 0, - "watchers": 3, - "score": 0, - "subscribers_count": 0 - } -] \ No newline at end of file diff --git a/2026/CVE-2026-28372.json b/2026/CVE-2026-28372.json index 7f67f7260b..fe6dda85b5 100644 --- a/2026/CVE-2026-28372.json +++ b/2026/CVE-2026-28372.json @@ -32,39 +32,6 @@ "score": 0, "subscribers_count": 0 }, - { - "id": 1168949890, - "name": "CVE-2026-28372-GNU-inetutils-telnetd-Privilege-Escalation-main", - "full_name": "kalibb\/CVE-2026-28372-GNU-inetutils-telnetd-Privilege-Escalation-main", - "owner": { - "login": "kalibb", - "id": 92959307, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/92959307?v=4", - "html_url": "https:\/\/github.com\/kalibb", - "user_view_type": "public" - }, - "html_url": "https:\/\/github.com\/kalibb\/CVE-2026-28372-GNU-inetutils-telnetd-Privilege-Escalation-main", - "description": null, - "fork": false, - "created_at": "2026-02-28T01:28:54Z", - "updated_at": "2026-02-28T01:32:37Z", - "pushed_at": "2026-02-28T01:32:34Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "has_pull_requests": true, - "pull_request_creation_policy": "all", - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0, - "subscribers_count": 0 - }, { "id": 1175014507, "name": "CVE-2026-28372-telnetd-Privilege-Escalation", diff --git a/2026/CVE-2026-29000.json b/2026/CVE-2026-29000.json index 1aebd4081a..42df96441a 100644 --- a/2026/CVE-2026-29000.json +++ b/2026/CVE-2026-29000.json @@ -499,5 +499,38 @@ "watchers": 0, "score": 0, "subscribers_count": 0 + }, + { + "id": 1229982662, + "name": "Principal-HackTheBox", + "full_name": "ledksv\/Principal-HackTheBox", + "owner": { + "login": "ledksv", + "id": 247032962, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/247032962?v=4", + "html_url": "https:\/\/github.com\/ledksv", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/ledksv\/Principal-HackTheBox", + "description": "Writeup for Principal — HackTheBox Medium Linux box. CVE-2026-29000 pac4j JWT bypass, credentials from API settings, SSH CA privesc to root.", + "fork": false, + "created_at": "2026-05-05T15:06:20Z", + "updated_at": "2026-05-05T15:11:28Z", + "pushed_at": "2026-05-05T15:06:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "has_pull_requests": true, + "pull_request_creation_policy": "all", + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2026/CVE-2026-2991.json b/2026/CVE-2026-2991.json index 40b77f97c4..cb23ebaead 100644 --- a/2026/CVE-2026-2991.json +++ b/2026/CVE-2026-2991.json @@ -62,8 +62,8 @@ "description": "Explore a PoC for CVE-2026-2991, an auth bypass in KiviCare 4.1.2 and earlier via the patient social-login REST endpoint", "fork": false, "created_at": "2026-04-03T20:26:43Z", - "updated_at": "2026-05-05T00:39:32Z", - "pushed_at": "2026-05-05T00:39:29Z", + "updated_at": "2026-05-05T14:03:15Z", + "pushed_at": "2026-05-05T14:02:41Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2026/CVE-2026-31431.json b/2026/CVE-2026-31431.json index bd868bbb99..3d0d14b409 100644 --- a/2026/CVE-2026-31431.json +++ b/2026/CVE-2026-31431.json @@ -14,12 +14,12 @@ "description": "Copy Fail (CVE-2026-31431): 9-year-old Linux kernel LPE found by Theori's Xint Code", "fork": false, "created_at": "2026-04-29T12:15:28Z", - "updated_at": "2026-05-05T12:53:20Z", + "updated_at": "2026-05-05T18:49:46Z", "pushed_at": "2026-04-29T21:21:46Z", - "stargazers_count": 3241, - "watchers_count": 3241, + "stargazers_count": 3290, + "watchers_count": 3290, "has_discussions": false, - "forks_count": 695, + "forks_count": 706, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -38,8 +38,8 @@ "xint-code" ], "visibility": "public", - "forks": 695, - "watchers": 3241, + "forks": 706, + "watchers": 3290, "score": 0, "subscribers_count": 29 }, @@ -96,7 +96,7 @@ "stargazers_count": 68, "watchers_count": 68, "has_discussions": false, - "forks_count": 10, + "forks_count": 11, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -104,7 +104,7 @@ "pull_request_creation_policy": "all", "topics": [], "visibility": "public", - "forks": 10, + "forks": 11, "watchers": 68, "score": 0, "subscribers_count": 0 @@ -124,12 +124,12 @@ "description": "A Go implementation of copyfail (CVE-2026-31431)", "fork": false, "created_at": "2026-04-29T22:51:24Z", - "updated_at": "2026-05-05T08:34:55Z", + "updated_at": "2026-05-05T16:45:51Z", "pushed_at": "2026-05-01T03:24:14Z", - "stargazers_count": 313, - "watchers_count": 313, + "stargazers_count": 318, + "watchers_count": 318, "has_discussions": false, - "forks_count": 62, + "forks_count": 63, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -137,8 +137,8 @@ "pull_request_creation_policy": "all", "topics": [], "visibility": "public", - "forks": 62, - "watchers": 313, + "forks": 63, + "watchers": 318, "score": 0, "subscribers_count": 1 }, @@ -157,12 +157,12 @@ "description": "Cross-platform C port of the Copy Fail Linux LPE (CVE-2026-31431). Disclosed 2026-04-29 by Theori \/ Xint.", "fork": false, "created_at": "2026-04-29T23:29:14Z", - "updated_at": "2026-05-05T12:26:32Z", + "updated_at": "2026-05-05T16:33:23Z", "pushed_at": "2026-04-30T17:04:09Z", - "stargazers_count": 291, - "watchers_count": 291, + "stargazers_count": 294, + "watchers_count": 294, "has_discussions": true, - "forks_count": 81, + "forks_count": 83, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -183,8 +183,8 @@ "security-research" ], "visibility": "public", - "forks": 81, - "watchers": 291, + "forks": 83, + "watchers": 294, "score": 0, "subscribers_count": 1 }, @@ -203,12 +203,12 @@ "description": null, "fork": false, "created_at": "2026-04-30T00:11:10Z", - "updated_at": "2026-05-05T03:16:11Z", + "updated_at": "2026-05-05T16:31:50Z", "pushed_at": "2026-04-30T00:15:44Z", - "stargazers_count": 15, - "watchers_count": 15, + "stargazers_count": 14, + "watchers_count": 14, "has_discussions": false, - "forks_count": 6, + "forks_count": 7, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -216,8 +216,8 @@ "pull_request_creation_policy": "all", "topics": [], "visibility": "public", - "forks": 6, - "watchers": 15, + "forks": 7, + "watchers": 14, "score": 0, "subscribers_count": 0 }, @@ -450,12 +450,12 @@ "description": "CVE-2026-31431 纯文件利用", "fork": false, "created_at": "2026-04-30T02:55:03Z", - "updated_at": "2026-05-05T09:58:53Z", + "updated_at": "2026-05-05T16:00:23Z", "pushed_at": "2026-04-30T16:24:17Z", - "stargazers_count": 78, - "watchers_count": 78, + "stargazers_count": 80, + "watchers_count": 80, "has_discussions": false, - "forks_count": 25, + "forks_count": 26, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -463,8 +463,8 @@ "pull_request_creation_policy": "all", "topics": [], "visibility": "public", - "forks": 25, - "watchers": 78, + "forks": 26, + "watchers": 80, "score": 0, "subscribers_count": 0 }, @@ -681,10 +681,10 @@ "description": "Rust implementation Exploit\/PoC of CVE-2026-31431-Linux-Copy-Fail, allow executing customized shellcode (such as Meterpreter).", "fork": false, "created_at": "2026-04-30T04:16:32Z", - "updated_at": "2026-05-05T11:59:41Z", + "updated_at": "2026-05-05T14:49:51Z", "pushed_at": "2026-04-30T15:39:36Z", - "stargazers_count": 42, - "watchers_count": 42, + "stargazers_count": 43, + "watchers_count": 43, "has_discussions": false, "forks_count": 14, "allow_forking": true, @@ -709,7 +709,7 @@ ], "visibility": "public", "forks": 14, - "watchers": 42, + "watchers": 43, "score": 0, "subscribers_count": 0 }, @@ -728,10 +728,10 @@ "description": "CVE-2026-31431: Copy Fail | A minimal exploit for Linux authencesn + AF_ALG + splice() page cache write.", "fork": false, "created_at": "2026-04-30T04:25:00Z", - "updated_at": "2026-04-30T04:29:17Z", + "updated_at": "2026-05-05T15:32:26Z", "pushed_at": "2026-04-30T04:30:27Z", - "stargazers_count": 0, - "watchers_count": 0, + "stargazers_count": 1, + "watchers_count": 1, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -742,7 +742,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 0, + "watchers": 1, "score": 0, "subscribers_count": 0 }, @@ -1322,10 +1322,10 @@ "description": "AI for Work. x86_64 tested", "fork": false, "created_at": "2026-04-30T07:41:25Z", - "updated_at": "2026-05-01T11:43:29Z", + "updated_at": "2026-05-05T18:23:32Z", "pushed_at": "2026-05-01T11:43:25Z", - "stargazers_count": 0, - "watchers_count": 0, + "stargazers_count": 1, + "watchers_count": 1, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -1336,7 +1336,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 0, + "watchers": 1, "score": 0, "subscribers_count": 0 }, @@ -1487,10 +1487,10 @@ "description": "Detection, mitigation, and IOC toolkit for Copy Fail CVE-2026-31431 Linux kernel page-cache privilege escalation", "fork": false, "created_at": "2026-04-30T09:02:51Z", - "updated_at": "2026-05-05T07:48:43Z", + "updated_at": "2026-05-05T16:10:13Z", "pushed_at": "2026-04-30T09:21:00Z", - "stargazers_count": 25, - "watchers_count": 25, + "stargazers_count": 30, + "watchers_count": 30, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -1511,7 +1511,7 @@ ], "visibility": "public", "forks": 1, - "watchers": 25, + "watchers": 30, "score": 0, "subscribers_count": 0 }, @@ -1932,10 +1932,10 @@ "description": null, "fork": false, "created_at": "2026-04-30T10:49:03Z", - "updated_at": "2026-05-03T06:28:19Z", + "updated_at": "2026-05-05T15:09:14Z", "pushed_at": "2026-04-30T13:19:29Z", - "stargazers_count": 8, - "watchers_count": 8, + "stargazers_count": 9, + "watchers_count": 9, "has_discussions": false, "forks_count": 2, "allow_forking": true, @@ -1946,7 +1946,7 @@ "topics": [], "visibility": "public", "forks": 2, - "watchers": 8, + "watchers": 9, "score": 0, "subscribers_count": 0 }, @@ -2061,13 +2061,13 @@ "user_view_type": "public" }, "html_url": "https:\/\/github.com\/Percivalll\/Copy-Fail-CVE-2026-31431-Kubernetes-PoC", - "description": null, + "description": "PoC: fully unprivileged container escape to node-level code execution on Kubernetes via CVE-2026-31431 page-cache corruption + shared image layers. Validated on Alibaba Cloud ACK and Amazon EKS.", "fork": false, "created_at": "2026-04-30T11:33:22Z", - "updated_at": "2026-05-05T12:44:32Z", - "pushed_at": "2026-05-05T12:44:28Z", - "stargazers_count": 44, - "watchers_count": 44, + "updated_at": "2026-05-05T16:37:36Z", + "pushed_at": "2026-05-05T13:40:57Z", + "stargazers_count": 46, + "watchers_count": 46, "has_discussions": false, "forks_count": 14, "allow_forking": true, @@ -2075,10 +2075,21 @@ "web_commit_signoff_required": false, "has_pull_requests": true, "pull_request_creation_policy": "all", - "topics": [], + "topics": [ + "container-escape", + "cve-2026-31431", + "eks", + "exploit", + "kubernetes", + "linux-kernel", + "privilege-escalation", + "proof-of-concept", + "security-research", + "vulnerability" + ], "visibility": "public", "forks": 14, - "watchers": 44, + "watchers": 46, "score": 0, "subscribers_count": 0 }, @@ -2202,8 +2213,8 @@ "description": "CVE-2026-31431 golang hotfix", "fork": false, "created_at": "2026-04-30T12:27:15Z", - "updated_at": "2026-05-05T03:16:41Z", - "pushed_at": "2026-05-05T03:17:23Z", + "updated_at": "2026-05-05T17:28:18Z", + "pushed_at": "2026-05-05T17:28:13Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, @@ -2775,10 +2786,10 @@ "description": "BPF-LSM mitigation for CVE-2026-31431 (Copy Fail) — denies AF_ALG socket creation cluster-wide", "fork": false, "created_at": "2026-04-30T15:02:00Z", - "updated_at": "2026-05-05T06:28:49Z", + "updated_at": "2026-05-05T13:20:36Z", "pushed_at": "2026-04-30T15:16:29Z", - "stargazers_count": 21, - "watchers_count": 21, + "stargazers_count": 22, + "watchers_count": 22, "has_discussions": false, "forks_count": 2, "allow_forking": true, @@ -2789,7 +2800,7 @@ "topics": [], "visibility": "public", "forks": 2, - "watchers": 21, + "watchers": 22, "score": 0, "subscribers_count": 0 }, @@ -3437,10 +3448,10 @@ "description": "Detection Only.. working on an exploit PoC", "fork": false, "created_at": "2026-04-30T20:54:56Z", - "updated_at": "2026-05-05T05:41:10Z", + "updated_at": "2026-05-05T14:49:29Z", "pushed_at": "2026-05-01T11:26:51Z", - "stargazers_count": 7, - "watchers_count": 7, + "stargazers_count": 8, + "watchers_count": 8, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -3451,7 +3462,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 7, + "watchers": 8, "score": 0, "subscribers_count": 0 }, @@ -3470,10 +3481,10 @@ "description": "Wazuh 4.14.4 detection rules for CVE-2026-31431 (Copy Fail) - Linux Local Privilege Escalation via authencesn page cache write", "fork": false, "created_at": "2026-04-30T20:56:49Z", - "updated_at": "2026-05-04T16:41:33Z", + "updated_at": "2026-05-05T17:29:32Z", "pushed_at": "2026-05-04T14:42:14Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 2, + "watchers_count": 2, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -3496,7 +3507,7 @@ ], "visibility": "public", "forks": 0, - "watchers": 1, + "watchers": 2, "score": 0, "subscribers_count": 0 }, @@ -4151,10 +4162,10 @@ "description": "Python implementation of copyfail (CVE-2026-31431)", "fork": false, "created_at": "2026-05-01T05:37:29Z", - "updated_at": "2026-05-01T05:46:12Z", + "updated_at": "2026-05-05T15:20:58Z", "pushed_at": "2026-05-01T05:44:12Z", - "stargazers_count": 0, - "watchers_count": 0, + "stargazers_count": 1, + "watchers_count": 1, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -4165,7 +4176,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 0, + "watchers": 1, "score": 0, "subscribers_count": 0 }, @@ -4583,10 +4594,10 @@ "description": "A structured explanation of CVE-2026-31431 (Copy Fail), connecting the three kernel changes that introduced the vulnerability and enabled its exploitation.", "fork": false, "created_at": "2026-05-01T11:06:03Z", - "updated_at": "2026-05-05T10:11:16Z", + "updated_at": "2026-05-05T17:33:59Z", "pushed_at": "2026-05-05T10:07:55Z", - "stargazers_count": 0, - "watchers_count": 0, + "stargazers_count": 1, + "watchers_count": 1, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -4600,7 +4611,7 @@ ], "visibility": "public", "forks": 0, - "watchers": 0, + "watchers": 1, "score": 0, "subscribers_count": 0 }, @@ -4789,8 +4800,8 @@ "description": "CVE-2026-31431 - Copy Fail | Linux LPE via authencesn page cache write. Unprivileged user to root on most distros since 2017. PoC in C and Python.", "fork": false, "created_at": "2026-05-01T12:47:26Z", - "updated_at": "2026-05-02T17:28:25Z", - "pushed_at": "2026-05-01T15:00:24Z", + "updated_at": "2026-05-05T15:41:01Z", + "pushed_at": "2026-05-05T15:40:57Z", "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, @@ -4940,10 +4951,10 @@ "description": "Python exploit demonstrating an in‑memory AF_ALG‑based kernel vulnerability on certain Linux kernels. ", "fork": false, "created_at": "2026-05-01T14:14:17Z", - "updated_at": "2026-05-03T12:33:47Z", + "updated_at": "2026-05-05T17:29:34Z", "pushed_at": "2026-05-01T14:16:41Z", - "stargazers_count": 2, - "watchers_count": 2, + "stargazers_count": 3, + "watchers_count": 3, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -4954,7 +4965,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 2, + "watchers": 3, "score": 0, "subscribers_count": 0 }, @@ -5745,10 +5756,10 @@ "description": "Read-only checker for CVE-2026-31431 (algif_aead local root). Reports kernel\/module state and suggests mitigations.", "fork": false, "created_at": "2026-05-02T04:17:15Z", - "updated_at": "2026-05-03T12:27:39Z", - "pushed_at": "2026-05-03T12:27:36Z", - "stargazers_count": 6, - "watchers_count": 6, + "updated_at": "2026-05-05T16:04:45Z", + "pushed_at": "2026-05-05T16:03:31Z", + "stargazers_count": 8, + "watchers_count": 8, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -5759,7 +5770,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 6, + "watchers": 8, "score": 0, "subscribers_count": 0 }, @@ -5811,10 +5822,10 @@ "description": "CopyFail is a proof-of-concept exploit for CVE-2026-31431, targeting a memory corruption vulnerability in the Linux Kernel Crypto API (`AF_ALG`). The exploit leverages the `splice` system call to perform unauthorized page-cache patching of the `\/usr\/bin\/su` binary, enabling a password-less escalation to root.", "fork": false, "created_at": "2026-05-02T05:44:02Z", - "updated_at": "2026-05-05T03:01:27Z", + "updated_at": "2026-05-05T15:56:29Z", "pushed_at": "2026-05-02T06:04:26Z", - "stargazers_count": 6, - "watchers_count": 6, + "stargazers_count": 7, + "watchers_count": 7, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -5825,7 +5836,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 6, + "watchers": 7, "score": 0, "subscribers_count": 0 }, @@ -6118,8 +6129,8 @@ "description": "Tracking CVE-2026-31431", "fork": false, "created_at": "2026-05-02T10:22:01Z", - "updated_at": "2026-05-05T12:41:40Z", - "pushed_at": "2026-05-05T12:41:36Z", + "updated_at": "2026-05-05T18:36:28Z", + "pushed_at": "2026-05-05T18:36:24Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, @@ -6151,10 +6162,10 @@ "description": "CVE-2026-31431 RCE Exploit. A critical Linux kernel LPE in the algif_aead crypto subsystem. Any unprivileged user can write 4 bytes into the page cache of any readable file and get root.", "fork": false, "created_at": "2026-05-02T10:37:47Z", - "updated_at": "2026-05-02T11:00:16Z", + "updated_at": "2026-05-05T17:01:31Z", "pushed_at": "2026-05-02T11:00:13Z", - "stargazers_count": 2, - "watchers_count": 2, + "stargazers_count": 3, + "watchers_count": 3, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -6174,7 +6185,7 @@ ], "visibility": "public", "forks": 1, - "watchers": 2, + "watchers": 3, "score": 0, "subscribers_count": 0 }, @@ -6428,8 +6439,8 @@ "description": "Detect and mitigate CVE-2026-31431 (Copy Fail) on Linux systems.", "fork": false, "created_at": "2026-05-02T17:20:10Z", - "updated_at": "2026-05-04T13:24:52Z", - "pushed_at": "2026-05-04T13:24:49Z", + "updated_at": "2026-05-05T13:52:55Z", + "pushed_at": "2026-05-05T13:50:55Z", "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, @@ -6534,8 +6545,8 @@ "description": "Golf Challenge for https:\/\/copy.golf\/ ", "fork": false, "created_at": "2026-05-02T22:10:37Z", - "updated_at": "2026-05-02T22:15:31Z", - "pushed_at": "2026-05-02T22:15:19Z", + "updated_at": "2026-05-05T14:18:37Z", + "pushed_at": "2026-05-05T14:16:41Z", "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, @@ -7438,10 +7449,10 @@ "description": "Safe detection tooling for CVE-2026-31431 \"Copy Fail\" — a local privilege escalation in the Linux kernel's algif_aead module affecting all major distributions since 2017.", "fork": false, "created_at": "2026-05-04T05:58:50Z", - "updated_at": "2026-05-05T08:33:58Z", + "updated_at": "2026-05-05T17:51:45Z", "pushed_at": "2026-05-05T05:09:14Z", - "stargazers_count": 6, - "watchers_count": 6, + "stargazers_count": 7, + "watchers_count": 7, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -7452,7 +7463,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 6, + "watchers": 7, "score": 0, "subscribers_count": 0 }, @@ -7683,8 +7694,8 @@ "description": "Mitigacion del CVE-2026-31431 BASH", "fork": false, "created_at": "2026-05-04T13:09:07Z", - "updated_at": "2026-05-04T17:17:37Z", - "pushed_at": "2026-05-04T17:17:33Z", + "updated_at": "2026-05-05T18:41:17Z", + "pushed_at": "2026-05-05T18:41:13Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, @@ -8114,8 +8125,8 @@ "description": "587-byte x86_64 LPE for CVE-2026-31431", "fork": false, "created_at": "2026-05-05T11:26:41Z", - "updated_at": "2026-05-05T12:05:30Z", - "pushed_at": "2026-05-05T12:05:26Z", + "updated_at": "2026-05-05T14:34:23Z", + "pushed_at": "2026-05-05T14:27:38Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, @@ -8131,5 +8142,250 @@ "watchers": 0, "score": 0, "subscribers_count": 0 + }, + { + "id": 1229910115, + "name": "cve-2026-31431", + "full_name": "zhanghangorg\/cve-2026-31431", + "owner": { + "login": "zhanghangorg", + "id": 16233932, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16233932?v=4", + "html_url": "https:\/\/github.com\/zhanghangorg", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/zhanghangorg\/cve-2026-31431", + "description": null, + "fork": false, + "created_at": "2026-05-05T13:52:50Z", + "updated_at": "2026-05-05T13:54:59Z", + "pushed_at": "2026-05-05T13:54:01Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "has_pull_requests": true, + "pull_request_creation_policy": "all", + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + }, + { + "id": 1229911854, + "name": "afalg-check", + "full_name": "itsystem\/afalg-check", + "owner": { + "login": "itsystem", + "id": 1128987, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/1128987?v=4", + "html_url": "https:\/\/github.com\/itsystem", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/itsystem\/afalg-check", + "description": "Утилита для Linux, которая проверяет доступность `AF_ALG`\/`algif_aead` и помогает оценить риск по `CVE-2026-31431`.", + "fork": false, + "created_at": "2026-05-05T13:54:41Z", + "updated_at": "2026-05-05T14:32:55Z", + "pushed_at": "2026-05-05T14:29:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "has_pull_requests": true, + "pull_request_creation_policy": "all", + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + }, + { + "id": 1230051555, + "name": "CVE-2026-31431-detection-defense", + "full_name": "Detect-DefenseLab\/CVE-2026-31431-detection-defense", + "owner": { + "login": "Detect-DefenseLab", + "id": 252365232, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/252365232?v=4", + "html_url": "https:\/\/github.com\/Detect-DefenseLab", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/Detect-DefenseLab\/CVE-2026-31431-detection-defense", + "description": "CVE-2026-31431: Detection & Defense Against io_uring Bypass of Existing Detection", + "fork": false, + "created_at": "2026-05-05T16:20:45Z", + "updated_at": "2026-05-05T16:23:28Z", + "pushed_at": "2026-05-05T16:23:22Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "has_pull_requests": true, + "pull_request_creation_policy": "all", + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + }, + { + "id": 1230060787, + "name": "CVE-2026-31431-copy-fail", + "full_name": "ozergoker\/CVE-2026-31431-copy-fail", + "owner": { + "login": "ozergoker", + "id": 86879266, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/86879266?v=4", + "html_url": "https:\/\/github.com\/ozergoker", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/ozergoker\/CVE-2026-31431-copy-fail", + "description": "32-byte Python script roots every Linux distribution", + "fork": false, + "created_at": "2026-05-05T16:31:16Z", + "updated_at": "2026-05-05T16:42:06Z", + "pushed_at": "2026-05-05T16:42:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "has_pull_requests": true, + "pull_request_creation_policy": "all", + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + }, + { + "id": 1230118294, + "name": "CopyFail-Scanner-CVE-2026-31431", + "full_name": "Raptoratack\/CopyFail-Scanner-CVE-2026-31431", + "owner": { + "login": "Raptoratack", + "id": 110591178, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/110591178?v=4", + "html_url": "https:\/\/github.com\/Raptoratack", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/Raptoratack\/CopyFail-Scanner-CVE-2026-31431", + "description": null, + "fork": false, + "created_at": "2026-05-05T17:38:43Z", + "updated_at": "2026-05-05T17:40:49Z", + "pushed_at": "2026-05-05T17:40:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "has_pull_requests": true, + "pull_request_creation_policy": "all", + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + }, + { + "id": 1230156036, + "name": "CVE-2026-31431", + "full_name": "devtint\/CVE-2026-31431", + "owner": { + "login": "devtint", + "id": 188316439, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/188316439?v=4", + "html_url": "https:\/\/github.com\/devtint", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/devtint\/CVE-2026-31431", + "description": null, + "fork": false, + "created_at": "2026-05-05T18:24:20Z", + "updated_at": "2026-05-05T18:25:38Z", + "pushed_at": "2026-05-05T18:25:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "has_pull_requests": true, + "pull_request_creation_policy": "all", + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + }, + { + "id": 1230157973, + "name": "ubuntu-cve-2026-31431-mitigation", + "full_name": "mrmtwoj\/ubuntu-cve-2026-31431-mitigation", + "owner": { + "login": "mrmtwoj", + "id": 22832463, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/22832463?v=4", + "html_url": "https:\/\/github.com\/mrmtwoj", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/mrmtwoj\/ubuntu-cve-2026-31431-mitigation", + "description": "دستورالعمل‌های کاهش ریسک و به‌روزرسانی برای CVE-2026-31431 در سیستم‌های اوبونتو، شامل مراحل ارتقاء کرنل و kmod.", + "fork": false, + "created_at": "2026-05-05T18:26:46Z", + "updated_at": "2026-05-05T18:50:49Z", + "pushed_at": "2026-05-05T18:50:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "has_pull_requests": true, + "pull_request_creation_policy": "all", + "topics": [ + "cve", + "cve-2026-31431", + "infra", + "kernel", + "kmod", + "linux", + "mirror", + "mirror-iran", + "offline-mirror", + "security", + "sysadmin", + "ubuntu", + "update" + ], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2026/CVE-2026-31717.json b/2026/CVE-2026-31717.json index a6ed326f02..eb00b77446 100644 --- a/2026/CVE-2026-31717.json +++ b/2026/CVE-2026-31717.json @@ -14,8 +14,8 @@ "description": null, "fork": false, "created_at": "2026-05-04T22:03:22Z", - "updated_at": "2026-05-04T22:21:40Z", - "pushed_at": "2026-05-04T22:21:33Z", + "updated_at": "2026-05-05T16:20:42Z", + "pushed_at": "2026-05-05T16:20:33Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2026/CVE-2026-31802.json b/2026/CVE-2026-31802.json index f8fb65bcb3..f25aaa4626 100644 --- a/2026/CVE-2026-31802.json +++ b/2026/CVE-2026-31802.json @@ -59,8 +59,8 @@ "description": "Demonstrate and analyze the CVE-2026-31802 path traversal vulnerability in npm tar, enabling arbitrary file overwrite via symlink extraction.", "fork": false, "created_at": "2026-03-28T20:49:46Z", - "updated_at": "2026-05-04T18:50:34Z", - "pushed_at": "2026-05-04T18:50:30Z", + "updated_at": "2026-05-05T13:59:29Z", + "pushed_at": "2026-05-05T13:59:25Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2026/CVE-2026-32223.json b/2026/CVE-2026-32223.json index 9e31410083..0d6813f1aa 100644 --- a/2026/CVE-2026-32223.json +++ b/2026/CVE-2026-32223.json @@ -14,7 +14,7 @@ "description": "Proof-of-Concept exploit for CVE-2026-32223", "fork": false, "created_at": "2026-04-15T13:33:14Z", - "updated_at": "2026-05-03T00:10:04Z", + "updated_at": "2026-05-05T18:53:17Z", "pushed_at": "2026-04-17T05:41:18Z", "stargazers_count": 17, "watchers_count": 17, diff --git a/2026/CVE-2026-3395.json b/2026/CVE-2026-3395.json deleted file mode 100644 index 75848b5838..0000000000 --- a/2026/CVE-2026-3395.json +++ /dev/null @@ -1,68 +0,0 @@ -[ - { - "id": 1170210047, - "name": "CVE-2026-3395-MaxSite-CMS-Unauthenticated-RCE", - "full_name": "mbanyamer\/CVE-2026-3395-MaxSite-CMS-Unauthenticated-RCE", - "owner": { - "login": "mbanyamer", - "id": 213306745, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/213306745?v=4", - "html_url": "https:\/\/github.com\/mbanyamer", - "user_view_type": "public" - }, - "html_url": "https:\/\/github.com\/mbanyamer\/CVE-2026-3395-MaxSite-CMS-Unauthenticated-RCE", - "description": null, - "fork": false, - "created_at": "2026-03-01T21:19:49Z", - "updated_at": "2026-04-02T12:45:10Z", - "pushed_at": "2026-03-01T21:25:39Z", - "stargazers_count": 5, - "watchers_count": 5, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "has_pull_requests": true, - "pull_request_creation_policy": "all", - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 5, - "score": 0, - "subscribers_count": 0 - }, - { - "id": 1170765958, - "name": "CVE-2026-3395-Lab", - "full_name": "rootdirective-sec\/CVE-2026-3395-Lab", - "owner": { - "login": "rootdirective-sec", - "id": 253299769, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/253299769?v=4", - "html_url": "https:\/\/github.com\/rootdirective-sec", - "user_view_type": "public" - }, - "html_url": "https:\/\/github.com\/rootdirective-sec\/CVE-2026-3395-Lab", - "description": null, - "fork": false, - "created_at": "2026-03-02T13:51:24Z", - "updated_at": "2026-03-02T13:57:41Z", - "pushed_at": "2026-03-02T13:57:37Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "has_pull_requests": true, - "pull_request_creation_policy": "all", - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0, - "subscribers_count": 0 - } -] \ No newline at end of file diff --git a/2026/CVE-2026-34621.json b/2026/CVE-2026-34621.json index b2164305ec..95108c2df4 100644 --- a/2026/CVE-2026-34621.json +++ b/2026/CVE-2026-34621.json @@ -80,12 +80,12 @@ "description": "A sophisticated, cross-platform exploit generator for **CVE-2026-34621** – a critical prototype pollution vulnerability in Adobe Acrobat and Reader that leads to sandbox escape and arbitrary code execution on Windows and macOS.", "fork": false, "created_at": "2026-04-15T15:30:06Z", - "updated_at": "2026-04-29T06:53:26Z", + "updated_at": "2026-05-05T14:20:57Z", "pushed_at": "2026-04-15T15:47:23Z", - "stargazers_count": 10, - "watchers_count": 10, + "stargazers_count": 11, + "watchers_count": 11, "has_discussions": false, - "forks_count": 2, + "forks_count": 3, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -93,8 +93,8 @@ "pull_request_creation_policy": "all", "topics": [], "visibility": "public", - "forks": 2, - "watchers": 10, + "forks": 3, + "watchers": 11, "score": 0, "subscribers_count": 0 }, diff --git a/2026/CVE-2026-35031.json b/2026/CVE-2026-35031.json index dca8abdb1a..338025f20e 100644 --- a/2026/CVE-2026-35031.json +++ b/2026/CVE-2026-35031.json @@ -14,7 +14,7 @@ "description": "Critical path traversal to RCE vulnerability in Jellyfin Media Server (CVSS 9.9). Includes proof-of-concept exploit, technical analysis, and detection tools.", "fork": false, "created_at": "2026-04-15T20:56:49Z", - "updated_at": "2026-04-15T20:57:53Z", + "updated_at": "2026-05-05T16:55:26Z", "pushed_at": "2026-04-15T20:57:49Z", "stargazers_count": 0, "watchers_count": 0, diff --git a/2026/CVE-2026-3854.json b/2026/CVE-2026-3854.json index 5cee489bfa..93741a56f5 100644 --- a/2026/CVE-2026-3854.json +++ b/2026/CVE-2026-3854.json @@ -130,5 +130,38 @@ "watchers": 0, "score": 0, "subscribers_count": 0 + }, + { + "id": 1230166905, + "name": "ghes-cve-scanner", + "full_name": "isagoakira\/ghes-cve-scanner", + "owner": { + "login": "isagoakira", + "id": 258132655, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/258132655?v=4", + "html_url": "https:\/\/github.com\/isagoakira", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/isagoakira\/ghes-cve-scanner", + "description": " GHES CVE Scanner — Defensive security tool for detecting CVE-2026-3854 (Git Push RCE) and CVE-2026-4821 (Management Console proxy injection) in GitHub Enterprise Server. Zero external dependencies, Python 3.8+. ", + "fork": false, + "created_at": "2026-05-05T18:37:43Z", + "updated_at": "2026-05-05T18:46:50Z", + "pushed_at": "2026-05-05T18:45:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "has_pull_requests": true, + "pull_request_creation_policy": "all", + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2026/CVE-2026-41285.json b/2026/CVE-2026-41285.json new file mode 100644 index 0000000000..5d37cfa4fc --- /dev/null +++ b/2026/CVE-2026-41285.json @@ -0,0 +1,35 @@ +[ + { + "id": 1229881621, + "name": "CVE-2026-41285-OpenBSD-v6daemons-go-brrr", + "full_name": "Rat5ak\/CVE-2026-41285-OpenBSD-v6daemons-go-brrr", + "owner": { + "login": "Rat5ak", + "id": 93318888, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/93318888?v=4", + "html_url": "https:\/\/github.com\/Rat5ak", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/Rat5ak\/CVE-2026-41285-OpenBSD-v6daemons-go-brrr", + "description": "One IPv6 ND option with length zero. One missing check. Daemon walks backward and lives in the loop. Reported to OpenBSD, fixed, CVE assigned.", + "fork": false, + "created_at": "2026-05-05T13:23:08Z", + "updated_at": "2026-05-05T13:31:59Z", + "pushed_at": "2026-05-05T13:29:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "has_pull_requests": true, + "pull_request_creation_policy": "all", + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2026/CVE-2026-41940.json b/2026/CVE-2026-41940.json index 0a2c1253fa..fa166d5191 100644 --- a/2026/CVE-2026-41940.json +++ b/2026/CVE-2026-41940.json @@ -245,10 +245,10 @@ "description": "This repository contains a Proof-of-Concept (PoC) exploit for CVE-2026-41940, a critical authentication bypass vulnerability in cPanel & WHM. The vulnerability allows unauthenticated remote attackers to gain unauthorized access to the control panel by abusing flaws in the login flow.", "fork": false, "created_at": "2026-04-30T09:22:55Z", - "updated_at": "2026-05-04T18:22:13Z", + "updated_at": "2026-05-05T18:10:43Z", "pushed_at": "2026-04-30T10:05:54Z", - "stargazers_count": 6, - "watchers_count": 6, + "stargazers_count": 7, + "watchers_count": 7, "has_discussions": false, "forks_count": 6, "allow_forking": true, @@ -265,7 +265,7 @@ ], "visibility": "public", "forks": 6, - "watchers": 6, + "watchers": 7, "score": 0, "subscribers_count": 0 }, @@ -317,8 +317,8 @@ "description": "Detection, mitigation, and reverse-engineering tooling for CVE-2026-41940 (SessionScribe): the cPanel\/WHM unauthenticated session-forgery vulnerability disclosed 2026-04-28. Defense-in-depth active mitigation shim, ModSec rule pack, remote probe, on-host IOC scanner, and per-tier RE snapshot collector. GPL v2.", "fork": false, "created_at": "2026-04-30T14:32:43Z", - "updated_at": "2026-05-05T08:16:23Z", - "pushed_at": "2026-05-05T06:37:11Z", + "updated_at": "2026-05-05T17:17:48Z", + "pushed_at": "2026-05-05T17:17:44Z", "stargazers_count": 9, "watchers_count": 9, "has_discussions": false, @@ -705,10 +705,10 @@ "description": "A comprehensive Python utility to **detect**, **scan in bulk**, and **exploit** the critical authentication bypass vulnerability (CVE-2026-41940) in cPanel & WHM and WP Squared.", "fork": false, "created_at": "2026-05-01T11:27:07Z", - "updated_at": "2026-05-01T20:30:32Z", + "updated_at": "2026-05-05T18:16:38Z", "pushed_at": "2026-05-01T11:38:02Z", - "stargazers_count": 2, - "watchers_count": 2, + "stargazers_count": 3, + "watchers_count": 3, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -719,7 +719,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 2, + "watchers": 3, "score": 0, "subscribers_count": 0 }, @@ -738,10 +738,10 @@ "description": "CVE-2026-41940 — cPanel & WHM Authentication Bypass via Session-File CRLF Injection", "fork": false, "created_at": "2026-05-01T12:09:26Z", - "updated_at": "2026-05-05T12:37:27Z", + "updated_at": "2026-05-05T18:15:43Z", "pushed_at": "2026-05-01T12:10:32Z", - "stargazers_count": 308, - "watchers_count": 308, + "stargazers_count": 317, + "watchers_count": 317, "has_discussions": false, "forks_count": 96, "allow_forking": true, @@ -752,7 +752,7 @@ "topics": [], "visibility": "public", "forks": 96, - "watchers": 308, + "watchers": 317, "score": 0, "subscribers_count": 1 }, @@ -926,10 +926,10 @@ "description": null, "fork": false, "created_at": "2026-05-01T16:27:38Z", - "updated_at": "2026-05-05T08:25:34Z", + "updated_at": "2026-05-05T18:00:48Z", "pushed_at": "2026-05-01T16:35:37Z", - "stargazers_count": 31, - "watchers_count": 31, + "stargazers_count": 35, + "watchers_count": 35, "has_discussions": false, "forks_count": 9, "allow_forking": true, @@ -940,7 +940,7 @@ "topics": [], "visibility": "public", "forks": 9, - "watchers": 31, + "watchers": 35, "score": 0, "subscribers_count": 0 }, @@ -1223,10 +1223,10 @@ "description": "cPanel & Whm Authentication Bypasser", "fork": false, "created_at": "2026-05-02T10:00:27Z", - "updated_at": "2026-05-04T07:13:30Z", + "updated_at": "2026-05-05T18:14:47Z", "pushed_at": "2026-05-02T10:41:28Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 2, + "watchers_count": 2, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -1242,7 +1242,7 @@ ], "visibility": "public", "forks": 0, - "watchers": 1, + "watchers": 2, "score": 0, "subscribers_count": 0 }, diff --git a/2026/CVE-2026-42281.json b/2026/CVE-2026-42281.json index e3abc4ba77..a8c736fb8a 100644 --- a/2026/CVE-2026-42281.json +++ b/2026/CVE-2026-42281.json @@ -14,7 +14,7 @@ "description": "CVE-2026-42281 - MagicMirror <= 2.35.0 - Unauthenticated SSRF via \/cors endpoint", "fork": false, "created_at": "2026-04-30T21:48:55Z", - "updated_at": "2026-05-04T20:45:50Z", + "updated_at": "2026-05-05T13:07:54Z", "pushed_at": "2026-05-04T20:45:46Z", "stargazers_count": 0, "watchers_count": 0, @@ -25,7 +25,16 @@ "web_commit_signoff_required": false, "has_pull_requests": true, "pull_request_creation_policy": "all", - "topics": [], + "topics": [ + "bughunting", + "cve", + "cve-2026-42281", + "exploit", + "offensive-security", + "poc", + "ssrf", + "vulnerability" + ], "visibility": "public", "forks": 0, "watchers": 0, diff --git a/2026/CVE-2026-42879.json b/2026/CVE-2026-42879.json new file mode 100644 index 0000000000..dc808098a2 --- /dev/null +++ b/2026/CVE-2026-42879.json @@ -0,0 +1,35 @@ +[ + { + "id": 1187580618, + "name": "CVE-2026-42879", + "full_name": "guzrex\/CVE-2026-42879", + "owner": { + "login": "guzrex", + "id": 136125866, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/136125866?v=4", + "html_url": "https:\/\/github.com\/guzrex", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/guzrex\/CVE-2026-42879", + "description": "FacturaScripts RCE Exploit - Proof of Concept ", + "fork": false, + "created_at": "2026-03-20T22:26:25Z", + "updated_at": "2026-05-05T14:03:09Z", + "pushed_at": "2026-05-05T14:02:30Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "has_pull_requests": true, + "pull_request_creation_policy": "all", + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2026/CVE-2026-6508.json b/2026/CVE-2026-6508.json new file mode 100644 index 0000000000..265f467102 --- /dev/null +++ b/2026/CVE-2026-6508.json @@ -0,0 +1,35 @@ +[ + { + "id": 1177369731, + "name": "EvilAhenk", + "full_name": "jackalkarlos\/EvilAhenk", + "owner": { + "login": "jackalkarlos", + "id": 88983987, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/88983987?v=4", + "html_url": "https:\/\/github.com\/jackalkarlos", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/jackalkarlos\/EvilAhenk", + "description": "CVE-2026-6508 && CVE-2026-6509 LiderAhenk Merkezi Yönetim Sistemi mimarisinde, uç birimler (agents) arası tüm istemcilerin birbirleri üzerinde 'root' yetkisiyle kod çalıştırılmasına (unauthorized rce & lateral movement) olanak tanıyan kritik güvenlik zafiyeti.", + "fork": false, + "created_at": "2026-03-10T00:51:19Z", + "updated_at": "2026-05-05T15:45:31Z", + "pushed_at": "2026-04-17T12:58:44Z", + "stargazers_count": 1, + "watchers_count": 1, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "has_pull_requests": true, + "pull_request_creation_policy": "all", + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 1, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/README.md b/README.md index 6d734faaa3..2c52f06b20 100644 --- a/README.md +++ b/README.md @@ -199,13 +199,6 @@ - [Nxploited/CVE-2026-1555](https://github.com/Nxploited/CVE-2026-1555) -### CVE-2026-1581 (2026-02-19) - -The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' parameter in all versions up to, and including, 2.4.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. - - -- [rootdirective-sec/CVE-2026-1581-Analysis-Lab](https://github.com/rootdirective-sec/CVE-2026-1581-Analysis-Lab) - ### CVE-2026-1657 (2026-02-17) The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload_file_media AJAX action as publicly accessible (nopriv-enabled) without implementing any authentication, authorization, or nonce verification despite a nonce being created. This makes it possible for unauthenticated attackers to upload image files to the WordPress uploads directory and create Media Library attachments via the ep_upload_file_media endpoint. @@ -278,7 +271,6 @@ Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) -- [D3b0j33t/CVE-2026-2441-PoC](https://github.com/D3b0j33t/CVE-2026-2441-PoC) - [fartlover37/CVE-2026-2441-PoC](https://github.com/fartlover37/CVE-2026-2441-PoC) ### CVE-2026-2472 (2026-02-20) @@ -286,7 +278,6 @@ Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data. -- [JoshuaProvoste/CVE-2026-2472-Vertex-AI-SDK-Google-Cloud](https://github.com/JoshuaProvoste/CVE-2026-2472-Vertex-AI-SDK-Google-Cloud) - [megafart1/CVE-2026-2472-Vertex-AI-SDK-Google-Cloud](https://github.com/megafart1/CVE-2026-2472-Vertex-AI-SDK-Google-Cloud) ### CVE-2026-2576 (2026-02-18) @@ -326,13 +317,6 @@ - [watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699](https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699) - [0xBlackash/CVE-2026-2699](https://github.com/0xBlackash/CVE-2026-2699) -### CVE-2026-2749 (2026-02-27) - -Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7. - - -- [hakaioffsec/Centreon-Exploits-2026](https://github.com/hakaioffsec/Centreon-Exploits-2026) - ### CVE-2026-2763 (2026-02-24) Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. @@ -403,14 +387,6 @@ - [Mkway/CVE-2026-3304](https://github.com/Mkway/CVE-2026-3304) -### CVE-2026-3395 (2026-03-01) - -A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editor_markitup/preview-ajax.php of the component MarkItUp Preview AJAX Endpoint. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 109.2 will fix this issue. This patch is called 08937a3c5d672a242d68f53e9fccf8a748820ef3. You should upgrade the affected component. The code maintainer was informed beforehand about the issues. He reacted very fast and highly professional. - - -- [mbanyamer/CVE-2026-3395-MaxSite-CMS-Unauthenticated-RCE](https://github.com/mbanyamer/CVE-2026-3395-MaxSite-CMS-Unauthenticated-RCE) -- [rootdirective-sec/CVE-2026-3395-Lab](https://github.com/rootdirective-sec/CVE-2026-3395-Lab) - ### CVE-2026-3462 - [dajneem23/CVE-2026-3462](https://github.com/dajneem23/CVE-2026-3462) @@ -484,6 +460,7 @@ - [LACHHAB-Anas/Exploit_CVE-2026-3854](https://github.com/LACHHAB-Anas/Exploit_CVE-2026-3854) - [lysophavin18/CVE-2026-3854-PoC](https://github.com/lysophavin18/CVE-2026-3854-PoC) - [simondankelmann/cve-2026-3854-test](https://github.com/simondankelmann/cve-2026-3854-test) +- [isagoakira/ghes-cve-scanner](https://github.com/isagoakira/ghes-cve-scanner) ### CVE-2026-3888 (2026-03-17) @@ -770,6 +747,9 @@ ### CVE-2026-6379 - [dinosn/cve-2026-6379](https://github.com/dinosn/cve-2026-6379) +### CVE-2026-6508 +- [jackalkarlos/EvilAhenk](https://github.com/jackalkarlos/EvilAhenk) + ### CVE-2026-6643 (2026-04-20) A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to execute arbitrary code as the web server user. \nAffected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1. @@ -1066,8 +1046,6 @@ Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets ANTHROPIC_BASE_URL to an attacker-controlled endpoint and when the repository was opened, Claude Code would read the configuration and immediately issue API requests before showing the trust prompt, potentially leaking the user's API keys. Users on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to update to version 2.0.65, which contains a patch, or to the latest version. -- [atiilla/CVE-2026-21852-PoC](https://github.com/atiilla/CVE-2026-21852-PoC) -- [M0broot/CVE-Archive](https://github.com/M0broot/CVE-Archive) - [TreRB/ai-ide-config-guard](https://github.com/TreRB/ai-ide-config-guard) ### CVE-2026-21857 (2026-01-07) @@ -1105,13 +1083,6 @@ - [CVEs-Labs/CVE-2026-21877](https://github.com/CVEs-Labs/CVE-2026-21877) - [monkeontheroof/cve-2026-21877-rce](https://github.com/monkeontheroof/cve-2026-21877-rce) -### CVE-2026-21902 (2026-02-25) - -An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root.\n\nThe On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device.\nPlease note that this service is enabled by default as no specific configuration is required.\n\nThis issue affects Junos OS Evolved on PTX Series:\n\n\n\n * 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO.\n\n\n\n\nThis issue does not affect Junos OS Evolved versions before 25.4R1-EVO.\n\nThis issue does not affect Junos OS. - - -- [watchtowrlabs/watchTowr-vs-JunosEvolved-CVE-2026-21902](https://github.com/watchtowrlabs/watchTowr-vs-JunosEvolved-CVE-2026-21902) - ### CVE-2026-21962 (2026-01-20) Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in. While the vulnerability is in Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data as well as unauthorized access to critical data or complete access to all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data. Note: Affected version for Weblogic Server Proxy Plug-in for IIS is 12.2.1.4.0 only. CVSS 3.1 Base Score 10.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N). @@ -1338,13 +1309,6 @@ - [Novem13th/CVE-2026-23745-via-graphql-DEMO](https://github.com/Novem13th/CVE-2026-23745-via-graphql-DEMO) -### CVE-2026-23842 (2026-01-19) - -ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the get_response() method can exhaust the underlying SQLAlchemy connection pool, resulting in persistent service unavailability and requiring a manual restart to recover. Version 1.2.11 fixes the issue. - - -- [AdityaBhatt3010/CVE-2026-23842-Denial-of-Service-via-Database-Connection-Pool-Exhaustion-version-1.2.10](https://github.com/AdityaBhatt3010/CVE-2026-23842-Denial-of-Service-via-Database-Connection-Pool-Exhaustion-version-1.2.10) - ### CVE-2026-23869 (2026-04-08) A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack (versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4). The vulnerability is triggered by sending specially crafted HTTP requests to Server Function endpoints.The payload of the HTTP request causes excessive CPU usage for up to a minute ending in a thrown error that is catchable. @@ -1360,6 +1324,8 @@ - [qassam-315/CVE-2026-23918-Elite-Auditor](https://github.com/qassam-315/CVE-2026-23918-Elite-Auditor) - [12lie20/CVE-2026-23918-test](https://github.com/12lie20/CVE-2026-23918-test) +- [rshosting/Apache-CVE-2026-23918-fix](https://github.com/rshosting/Apache-CVE-2026-23918-fix) +- [aa022/CVE-2026-23918-Passive-Audit](https://github.com/aa022/CVE-2026-23918-Passive-Audit) ### CVE-2026-23980 (2026-02-24) @@ -1383,7 +1349,6 @@ - [midox008/CVE-2026-24061](https://github.com/midox008/CVE-2026-24061) - [obrunolima1910/CVE-2026-24061](https://github.com/obrunolima1910/CVE-2026-24061) - [athack-ctf/chall2026-telneted](https://github.com/athack-ctf/chall2026-telneted) -- [setuju/telnetd](https://github.com/setuju/telnetd) - [Remnant-DB/CVE-2026-24061](https://github.com/Remnant-DB/CVE-2026-24061) - [0xBlackash/CVE-2026-24061](https://github.com/0xBlackash/CVE-2026-24061) - [HD0x01/CVE-2026-24061-NSE](https://github.com/HD0x01/CVE-2026-24061-NSE) @@ -1392,6 +1357,13 @@ - [Risma2025/CVE-2026-24061-GNU-InetUtils-telnetd-Authentication-Bypass-Vulnerability](https://github.com/Risma2025/CVE-2026-24061-GNU-InetUtils-telnetd-Authentication-Bypass-Vulnerability) - [RStephanH/vuln-deb](https://github.com/RStephanH/vuln-deb) +### CVE-2026-24072 (2026-05-04) + +An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes this issue. + + +- [EricRHancock-coder/CVE-2026-24072-Analysis](https://github.com/EricRHancock-coder/CVE-2026-24072-Analysis) + ### CVE-2026-24126 (2026-02-18) Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to `ssh-add`. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management console. @@ -1607,13 +1579,6 @@ - [Hann1bl3L3ct3r/FUXAPWN](https://github.com/Hann1bl3L3ct3r/FUXAPWN) -### CVE-2026-25940 (2026-02-19) - -jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following property, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim hovers over the radio option. The vulnerability has been fixed in jsPDF@4.2.0. As a workaround, sanitize user input before passing it to the vulnerable API members. - - -- [dajneem23/CVE-2026-25940](https://github.com/dajneem23/CVE-2026-25940) - ### CVE-2026-25991 (2026-02-13) Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forgery (SSRF) vulnerability in the Cookmate recipe import feature of Tandoor Recipes. The application fails to validate the destination URL after following HTTP redirects, allowing any authenticated user (including standard users without administrative privileges) to force the server to connect to arbitrary internal or external resources. The vulnerability lies in cookbook/integration/cookmate.py, within the Cookmate integration class. This vulnerability can be leveraged to scan internal network ports, access cloud instance metadata (e.g., AWS/GCP Metadata Service), or disclose the server's real IP address. This vulnerability is fixed in 2.5.1. @@ -1635,6 +1600,13 @@ - [CEAarab/CVE-2026-26026-PoC](https://github.com/CEAarab/CVE-2026-26026-PoC) +### CVE-2026-26114 (2026-03-10) + +Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. + + +- [huynambka/cve-2026-26114](https://github.com/huynambka/cve-2026-26114) + ### CVE-2026-26118 (2026-03-10) Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network. @@ -1650,6 +1622,13 @@ - [sergicortesabadia/CVE-2026-26198-analysis](https://github.com/sergicortesabadia/CVE-2026-26198-analysis) - [NetVanguard-cmd/CVE-2026-26198](https://github.com/NetVanguard-cmd/CVE-2026-26198) +### CVE-2026-26268 (2026-02-13) + +Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time they are triggered. No user interaction was required as Git executes these commands automatically. Fixed in version 2.5. + + +- [dhawaldesai/agentic-ioc-scanner](https://github.com/dhawaldesai/agentic-ioc-scanner) + ### CVE-2026-26399 (2026-04-20) A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allocates a TIM_HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the function returns, interrupt service routines may dereference this dangling pointer, resulting in memory corruption. @@ -1781,13 +1760,6 @@ - [Nxploited/CVE-2026-27542-CVE-2026-27540-](https://github.com/Nxploited/CVE-2026-27542-CVE-2026-27540-) -### CVE-2026-27579 (2026-02-21) - -CollabPlatform is a full-stack, real-time doc collaboration platform. In all versions of CollabPlatform, the Appwrite project used by the application is misconfigured to allow arbitrary origins in CORS responses while also permitting credentialed requests. An attacker-controlled domain can issue authenticated cross-origin requests and read sensitive user account information, including email address, account identifiers, and MFA status. The issue did not have a fix at the time of publication. - - -- [AdityaBhatt3010/CVE-2026-27579-CORS-Misconfiguration-Leading-to-Authenticated-Data-Exposure](https://github.com/AdityaBhatt3010/CVE-2026-27579-CORS-Misconfiguration-Leading-to-Authenticated-Data-Exposure) - ### CVE-2026-27597 (2026-02-25) Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by `@enclave-vm/core`, which can be used to achieve remote code execution (RCE). The issue has been fixed in version 2.11.1. @@ -1916,7 +1888,6 @@ - [mbanyamer/CVE-2026-28372-GNU-inetutils-telnetd-Privilege-Escalation](https://github.com/mbanyamer/CVE-2026-28372-GNU-inetutils-telnetd-Privilege-Escalation) -- [kalibb/CVE-2026-28372-GNU-inetutils-telnetd-Privilege-Escalation-main](https://github.com/kalibb/CVE-2026-28372-GNU-inetutils-telnetd-Privilege-Escalation-main) - [Rohitberiwala/CVE-2026-28372-telnetd-Privilege-Escalation](https://github.com/Rohitberiwala/CVE-2026-28372-telnetd-Privilege-Escalation) ### CVE-2026-28466 (2026-03-05) @@ -1967,6 +1938,7 @@ - [cipher1x1/CVE-2026-29000](https://github.com/cipher1x1/CVE-2026-29000) - [jake-young-dev/CVE-2026-29000](https://github.com/jake-young-dev/CVE-2026-29000) - [strikoder/CVE-2026-29000-pac4j-jwt](https://github.com/strikoder/CVE-2026-29000-pac4j-jwt) +- [ledksv/Principal-HackTheBox](https://github.com/ledksv/Principal-HackTheBox) ### CVE-2026-29041 (2026-03-06) @@ -2517,6 +2489,13 @@ - [MrMixies/Copy-Fail---CVE-2026-31431](https://github.com/MrMixies/Copy-Fail---CVE-2026-31431) - [Industri4l-H3ll-Xpl0it3rs/CVE-2026-31431-Copy-Fail](https://github.com/Industri4l-H3ll-Xpl0it3rs/CVE-2026-31431-Copy-Fail) - [Rat5ak/CVE-2026-31431-CopyFail-static-ELF--POC](https://github.com/Rat5ak/CVE-2026-31431-CopyFail-static-ELF--POC) +- [zhanghangorg/cve-2026-31431](https://github.com/zhanghangorg/cve-2026-31431) +- [itsystem/afalg-check](https://github.com/itsystem/afalg-check) +- [Detect-DefenseLab/CVE-2026-31431-detection-defense](https://github.com/Detect-DefenseLab/CVE-2026-31431-detection-defense) +- [ozergoker/CVE-2026-31431-copy-fail](https://github.com/ozergoker/CVE-2026-31431-copy-fail) +- [Raptoratack/CopyFail-Scanner-CVE-2026-31431](https://github.com/Raptoratack/CopyFail-Scanner-CVE-2026-31431) +- [devtint/CVE-2026-31431](https://github.com/devtint/CVE-2026-31431) +- [mrmtwoj/ubuntu-cve-2026-31431-mitigation](https://github.com/mrmtwoj/ubuntu-cve-2026-31431-mitigation) ### CVE-2026-31717 (2026-05-01) @@ -3270,10 +3249,18 @@ ### CVE-2026-36341 - [cybercrewinc/CVE-2026-36341](https://github.com/cybercrewinc/CVE-2026-36341) -### CVE-2026-36355 +### CVE-2026-36355 (2026-05-05) + +The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the write_mem (ioctl 0x89F5) and read_mem (ioctl 0x89F6) debug handlers, which are compiled into production builds via the unconditionally defined _IOCTL_DEBUG_CMD_ macro in 8192cd_cfg.h + + - [totekuh/CVE-2026-36355](https://github.com/totekuh/CVE-2026-36355) -### CVE-2026-36356 +### CVE-2026-36356 (2026-05-05) + +The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint. + + - [totekuh/CVE-2026-36356](https://github.com/totekuh/CVE-2026-36356) ### CVE-2026-36358 @@ -3534,6 +3521,13 @@ - [4chech/CVE-2026-41242](https://github.com/4chech/CVE-2026-41242) +### CVE-2026-41285 (2026-04-20) + +In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd_opt_len * 8 - 2" expression with no preceding check for whether nd_opt_len is zero. + + +- [Rat5ak/CVE-2026-41285-OpenBSD-v6daemons-go-brrr](https://github.com/Rat5ak/CVE-2026-41285-OpenBSD-v6daemons-go-brrr) + ### CVE-2026-41303 (2026-04-20) OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec approvals. Attackers can send Discord text commands to bypass the channels.discord.execApprovals.approvers allowlist and approve pending host execution requests. @@ -3666,6 +3660,9 @@ - [dinosn/CVE-2026-42779](https://github.com/dinosn/CVE-2026-42779) +### CVE-2026-42879 +- [guzrex/CVE-2026-42879](https://github.com/guzrex/CVE-2026-42879) + ### CVE-2026-43893 - [Dobby153/CVE-2026-43893](https://github.com/Dobby153/CVE-2026-43893) @@ -15706,7 +15703,7 @@ - [kyotozx/CVE-2024-2961-Remote-File-Read](https://github.com/kyotozx/CVE-2024-2961-Remote-File-Read) - [4wayhandshake/CVE-2024-2961](https://github.com/4wayhandshake/CVE-2024-2961) - [omarelshopky/exploit_cve-2023-26326_using_cve-2024-2961](https://github.com/omarelshopky/exploit_cve-2023-26326_using_cve-2024-2961) -- [suce0155/CVE-2024-2961_buddyforms_2.7.7](https://github.com/suce0155/CVE-2024-2961_buddyforms_2.7.7) +- [suce0155/CVE-2024-2961](https://github.com/suce0155/CVE-2024-2961) - [Clarissss/osTicketFileReadIntoRCE](https://github.com/Clarissss/osTicketFileReadIntoRCE) ### CVE-2024-2997 (2024-03-27) @@ -33802,7 +33799,6 @@ In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE -- [bbugdigger/ktor-xxe-poc](https://github.com/bbugdigger/ktor-xxe-poc) - [infernosalex/CVE-2023-45612-PoC](https://github.com/infernosalex/CVE-2023-45612-PoC) - [aecelen/ktor-xxe-poc](https://github.com/aecelen/ktor-xxe-poc) - [clemfavre/cve-2023-45612_exploit](https://github.com/clemfavre/cve-2023-45612_exploit) @@ -34362,6 +34358,7 @@ - [gmh5225/CVE-2023-47253](https://github.com/gmh5225/CVE-2023-47253) ### CVE-2023-47268 +- [suce0155/CVE-2023-47268](https://github.com/suce0155/CVE-2023-47268) - [Pallangyo98/Trickster-HTB](https://github.com/Pallangyo98/Trickster-HTB) ### CVE-2023-47355 (2024-02-05) @@ -37433,6 +37430,7 @@ - [jrbH4CK/CVE-2022-22963](https://github.com/jrbH4CK/CVE-2022-22963) - [Shayz614/CVE-2022-22963](https://github.com/Shayz614/CVE-2022-22963) - [teofoli-matteo/CVE-2022-22963---Software-Vulnerabilities](https://github.com/teofoli-matteo/CVE-2022-22963---Software-Vulnerabilities) +- [cyberager/CVE-2022-22963](https://github.com/cyberager/CVE-2022-22963) ### CVE-2022-22965 (2022-04-01) @@ -38486,6 +38484,7 @@ - [Bonfee/CVE-2022-25636](https://github.com/Bonfee/CVE-2022-25636) - [chenaotian/CVE-2022-25636](https://github.com/chenaotian/CVE-2022-25636) - [veritas501/CVE-2022-25636-PipeVersion](https://github.com/veritas501/CVE-2022-25636-PipeVersion) +- [Eduardo2221/CVE-2022-25636_COPY-FAIL_ONE-LINE](https://github.com/Eduardo2221/CVE-2022-25636_COPY-FAIL_ONE-LINE) ### CVE-2022-25640 (2022-02-24)