mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2026-05-14 18:57:08 +02:00
Code Issues Projects Releases Packages Wiki Activity

Auto Update 2026/05/06 00:51:25

Browse source
This commit is contained in:
motikan2010-bot 2026-05-06 09:51:25 +09:00
commit cad6e44a21
99 changed files with 780 additions and 737 deletions
Download patch file Download diff file Expand all files Collapse all files

4
2014/CVE-2014-6271.json
View file

@ -3024,8 +3024,8 @@
"description": "Pentesting caja negra: Shellshock (CVE-2014-6271) + Log4Shell (CVE-2021-44228). Escalada a root. Informe ejecutivo y técnico",
"fork": false,
"created_at": "2026-05-05T06:59:35Z",
"updated_at": "2026-05-05T07:02:26Z",
"pushed_at": "2026-05-05T06:59:58Z",
"updated_at": "2026-05-05T18:28:31Z",
"pushed_at": "2026-05-05T18:17:01Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2016/CVE-2016-15042.json
View file

@ -14,8 +14,8 @@
"description": "🛠️ Validate and demonstrate CVE-2016-15042 with a Dockerized lab for unauthenticated file uploads in WordPress file managers.",
"fork": false,
"created_at": "2023-10-23T05:54:10Z",
"updated_at": "2026-05-05T17:40:13Z",
"pushed_at": "2026-05-05T17:40:09Z",
"updated_at": "2026-05-05T21:54:32Z",
"pushed_at": "2026-05-05T21:54:28Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

8
2018/CVE-2018-11776.json
View file

@ -503,10 +503,10 @@
"description": "Critical Remote Code Execution Vulnerability (CVE-2018-11776) Found in Apache Struts.",
"fork": false,
"created_at": "2019-10-10T13:09:50Z",
"updated_at": "2025-09-03T15:49:14Z",
"updated_at": "2026-05-05T20:16:09Z",
"pushed_at": "2020-07-30T21:35:38Z",
"stargazers_count": 15,
"watchers_count": 15,
"stargazers_count": 16,
"watchers_count": 16,
"has_discussions": false,
"forks_count": 5,
"allow_forking": true,
@ -517,7 +517,7 @@
"topics": [],
"visibility": "public",
"forks": 5,
"watchers": 15,
"watchers": 16,
"score": 0,
"subscribers_count": 1
},

4
2018/CVE-2018-19320.json
View file

@ -85,7 +85,7 @@
"stargazers_count": 353,
"watchers_count": 353,
"has_discussions": false,
"forks_count": 84,
"forks_count": 85,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -93,7 +93,7 @@
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 84,
"forks": 85,
"watchers": 353,
"score": 0,
"subscribers_count": 9

4
2019/CVE-2019-1040.json
View file

@ -179,8 +179,8 @@
"description": "The Windows Print Spooler privilege escalation vulnerability (CVE-2019-1040\/CVE-2019-1019) has been implemented as a Reflective DLL for penetration testing.",
"fork": false,
"created_at": "2025-12-06T19:56:12Z",
"updated_at": "2026-05-05T18:15:06Z",
"pushed_at": "2026-05-05T18:15:01Z",
"updated_at": "2026-05-06T00:01:57Z",
"pushed_at": "2026-05-06T00:01:53Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,

8
2019/CVE-2019-1388.json
View file

@ -80,10 +80,10 @@
"description": "guest→systemUAC手动提权",
"fork": false,
"created_at": "2019-11-27T02:47:37Z",
"updated_at": "2026-03-13T22:25:52Z",
"updated_at": "2026-05-05T22:25:26Z",
"pushed_at": "2020-03-18T06:21:13Z",
"stargazers_count": 74,
"watchers_count": 74,
"stargazers_count": 73,
"watchers_count": 73,
"has_discussions": false,
"forks_count": 18,
"allow_forking": true,
@ -94,7 +94,7 @@
"topics": [],
"visibility": "public",
"forks": 18,
"watchers": 74,
"watchers": 73,
"score": 0,
"subscribers_count": 3
},

8
2019/CVE-2019-17558.json
View file

@ -47,10 +47,10 @@
"description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340",
"fork": false,
"created_at": "2020-04-01T09:33:35Z",
"updated_at": "2026-05-02T09:40:49Z",
"updated_at": "2026-05-05T22:20:16Z",
"pushed_at": "2021-04-04T09:13:57Z",
"stargazers_count": 4277,
"watchers_count": 4277,
"stargazers_count": 4278,
"watchers_count": 4278,
"has_discussions": false,
"forks_count": 1091,
"allow_forking": true,
@ -81,7 +81,7 @@
],
"visibility": "public",
"forks": 1091,
"watchers": 4277,
"watchers": 4278,
"score": 0,
"subscribers_count": 149
},

8
2019/CVE-2019-6447.json
View file

@ -14,10 +14,10 @@
"description": "ES File Explorer Open Port Vulnerability - CVE-2019-6447",
"fork": false,
"created_at": "2019-01-09T22:30:42Z",
"updated_at": "2026-02-15T22:10:42Z",
"updated_at": "2026-05-05T19:28:02Z",
"pushed_at": "2023-09-28T18:58:28Z",
"stargazers_count": 677,
"watchers_count": 677,
"stargazers_count": 678,
"watchers_count": 678,
"has_discussions": false,
"forks_count": 129,
"allow_forking": true,
@ -33,7 +33,7 @@
],
"visibility": "public",
"forks": 129,
"watchers": 677,
"watchers": 678,
"score": 0,
"subscribers_count": 41
},

4
2020/CVE-2020-0610.json
View file

@ -58,8 +58,8 @@
"description": "🔍 Create a safe lab environment for testing CVE-2020-0610, a critical RCE vulnerability in Windows RD Gateway, with minimal disruption using DTLS techniques.",
"fork": false,
"created_at": "2025-09-04T13:21:35Z",
"updated_at": "2026-05-05T17:40:03Z",
"pushed_at": "2026-05-05T17:39:59Z",
"updated_at": "2026-05-05T21:54:22Z",
"pushed_at": "2026-05-05T21:54:18Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

8
2020/CVE-2020-0688.json
View file

@ -82,10 +82,10 @@
"description": "cve-2020-0688",
"fork": false,
"created_at": "2020-02-27T02:54:27Z",
"updated_at": "2026-03-01T18:22:23Z",
"updated_at": "2026-05-05T19:08:41Z",
"pushed_at": "2023-07-04T05:16:05Z",
"stargazers_count": 328,
"watchers_count": 328,
"stargazers_count": 329,
"watchers_count": 329,
"has_discussions": false,
"forks_count": 83,
"allow_forking": true,
@ -96,7 +96,7 @@
"topics": [],
"visibility": "public",
"forks": 83,
"watchers": 328,
"watchers": 329,
"score": 0,
"subscribers_count": 8
},

8
2020/CVE-2020-0796.json
View file

@ -1484,10 +1484,10 @@
"description": "CVE-2020-0796 Remote Code Execution POC",
"fork": false,
"created_at": "2020-04-20T14:35:48Z",
"updated_at": "2026-04-29T03:53:08Z",
"updated_at": "2026-05-05T22:25:29Z",
"pushed_at": "2020-06-09T20:46:45Z",
"stargazers_count": 575,
"watchers_count": 575,
"stargazers_count": 574,
"watchers_count": 574,
"has_discussions": false,
"forks_count": 171,
"allow_forking": true,
@ -1504,7 +1504,7 @@
],
"visibility": "public",
"forks": 171,
"watchers": 575,
"watchers": 574,
"score": 0,
"subscribers_count": 21
},

4
2020/CVE-2020-1472.json
View file

@ -2383,8 +2383,8 @@
"description": "Zerologon (CVE-2020-1472) Proof-of-Concept application - Critical Active Directory vulnerability exploitation tool.",
"fork": false,
"created_at": "2025-12-06T10:17:38Z",
"updated_at": "2026-05-05T17:52:08Z",
"pushed_at": "2026-05-05T17:51:43Z",
"updated_at": "2026-05-05T23:59:14Z",
"pushed_at": "2026-05-05T23:59:09Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,

8
2020/CVE-2020-14882.json
View file

@ -14,10 +14,10 @@
"description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340",
"fork": false,
"created_at": "2020-04-01T09:33:35Z",
"updated_at": "2026-05-02T09:40:49Z",
"updated_at": "2026-05-05T22:20:16Z",
"pushed_at": "2021-04-04T09:13:57Z",
"stargazers_count": 4277,
"watchers_count": 4277,
"stargazers_count": 4278,
"watchers_count": 4278,
"has_discussions": false,
"forks_count": 1091,
"allow_forking": true,
@ -48,7 +48,7 @@
],
"visibility": "public",
"forks": 1091,
"watchers": 4277,
"watchers": 4278,
"score": 0,
"subscribers_count": 149
},

16
2021/CVE-2021-1675.json
View file

@ -47,10 +47,10 @@
"description": "C# and Impacket implementation of PrintNightmare CVE-2021-1675\/CVE-2021-34527",
"fork": false,
"created_at": "2021-06-29T17:24:14Z",
"updated_at": "2026-05-04T05:39:34Z",
"updated_at": "2026-05-05T19:02:59Z",
"pushed_at": "2021-07-20T15:28:13Z",
"stargazers_count": 1980,
"watchers_count": 1980,
"stargazers_count": 1981,
"watchers_count": 1981,
"has_discussions": false,
"forks_count": 580,
"allow_forking": true,
@ -61,7 +61,7 @@
"topics": [],
"visibility": "public",
"forks": 580,
"watchers": 1980,
"watchers": 1981,
"score": 0,
"subscribers_count": 41
},
@ -146,10 +146,10 @@
"description": "PrintNightmare , Local Privilege Escalation of CVE-2021-1675 or CVE-2021-34527",
"fork": false,
"created_at": "2021-07-01T09:00:31Z",
"updated_at": "2025-12-09T13:46:20Z",
"updated_at": "2026-05-05T19:03:58Z",
"pushed_at": "2021-07-02T10:47:36Z",
"stargazers_count": 58,
"watchers_count": 58,
"stargazers_count": 59,
"watchers_count": 59,
"has_discussions": false,
"forks_count": 19,
"allow_forking": true,
@ -169,7 +169,7 @@
],
"visibility": "public",
"forks": 19,
"watchers": 58,
"watchers": 59,
"score": 0,
"subscribers_count": 3
},

4
2021/CVE-2021-33044.json
View file

@ -212,8 +212,8 @@
"description": "Chrome extension that uses vulnerabilities CVE-2021-33044 and CVE-2021-33045 to log in to Dahua cameras without authentication.",
"fork": false,
"created_at": "2026-03-28T17:42:44Z",
"updated_at": "2026-05-05T18:19:26Z",
"pushed_at": "2026-05-05T18:19:22Z",
"updated_at": "2026-05-06T00:07:08Z",
"pushed_at": "2026-05-06T00:07:05Z",
"stargazers_count": 3,
"watchers_count": 3,
"has_discussions": false,

4
2021/CVE-2021-4034.json
View file

@ -2050,8 +2050,8 @@
"description": "🚀 Enhance your penetration testing with PwnKit Helper, a simple tool for exploiting the CVE-2021-4034 vulnerability in pkexec for local privilege escalation.",
"fork": false,
"created_at": "2025-10-01T09:53:03Z",
"updated_at": "2026-05-05T17:52:27Z",
"pushed_at": "2026-05-05T17:52:23Z",
"updated_at": "2026-05-05T22:01:24Z",
"pushed_at": "2026-05-05T22:01:20Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,

8
2021/CVE-2021-40444.json
View file

@ -245,10 +245,10 @@
"description": "CVE-2021-40444 PoC",
"fork": false,
"created_at": "2021-09-10T16:55:53Z",
"updated_at": "2026-05-04T18:34:08Z",
"updated_at": "2026-05-05T22:11:59Z",
"pushed_at": "2021-12-25T18:31:02Z",
"stargazers_count": 1732,
"watchers_count": 1732,
"stargazers_count": 1733,
"watchers_count": 1733,
"has_discussions": false,
"forks_count": 477,
"allow_forking": true,
@ -259,7 +259,7 @@
"topics": [],
"visibility": "public",
"forks": 477,
"watchers": 1732,
"watchers": 1733,
"score": 0,
"subscribers_count": 28
},

8
2021/CVE-2021-42287.json
View file

@ -14,10 +14,10 @@
"description": "CVE-2021-42287\/CVE-2021-42278 Scanner & Exploiter.",
"fork": false,
"created_at": "2021-12-11T19:27:30Z",
"updated_at": "2026-05-02T16:36:54Z",
"updated_at": "2026-05-05T22:20:24Z",
"pushed_at": "2021-12-16T09:50:15Z",
"stargazers_count": 1401,
"watchers_count": 1401,
"stargazers_count": 1403,
"watchers_count": 1403,
"has_discussions": false,
"forks_count": 320,
"allow_forking": true,
@ -28,7 +28,7 @@
"topics": [],
"visibility": "public",
"forks": 320,
"watchers": 1401,
"watchers": 1403,
"score": 0,
"subscribers_count": 26
},

26
2021/CVE-2021-44228.json
View file

@ -403,10 +403,10 @@
"description": "Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228).",
"fork": false,
"created_at": "2021-12-10T12:38:20Z",
"updated_at": "2026-05-04T23:29:27Z",
"updated_at": "2026-05-05T19:02:42Z",
"pushed_at": "2024-04-26T03:16:26Z",
"stargazers_count": 1143,
"watchers_count": 1143,
"stargazers_count": 1144,
"watchers_count": 1144,
"has_discussions": false,
"forks_count": 554,
"allow_forking": true,
@ -419,7 +419,7 @@
],
"visibility": "public",
"forks": 554,
"watchers": 1143,
"watchers": 1144,
"score": 0,
"subscribers_count": 21
},
@ -5907,10 +5907,10 @@
"description": "A fully automated, reliable, super-fast, scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.",
"fork": false,
"created_at": "2021-12-14T06:37:59Z",
"updated_at": "2026-02-12T18:10:41Z",
"updated_at": "2026-05-05T19:44:41Z",
"pushed_at": "2024-12-11T23:04:50Z",
"stargazers_count": 397,
"watchers_count": 397,
"stargazers_count": 395,
"watchers_count": 395,
"has_discussions": false,
"forks_count": 57,
"allow_forking": true,
@ -5927,7 +5927,7 @@
],
"visibility": "public",
"forks": 57,
"watchers": 397,
"watchers": 395,
"score": 0,
"subscribers_count": 10
},
@ -10291,10 +10291,10 @@
"description": "Exploiting CVE-2021-44228 in Unifi Network Application for remote code execution and more.",
"fork": false,
"created_at": "2021-12-24T13:18:49Z",
"updated_at": "2026-04-16T01:21:56Z",
"updated_at": "2026-05-06T00:00:30Z",
"pushed_at": "2024-01-04T17:12:05Z",
"stargazers_count": 165,
"watchers_count": 165,
"stargazers_count": 166,
"watchers_count": 166,
"has_discussions": false,
"forks_count": 31,
"allow_forking": true,
@ -10305,7 +10305,7 @@
"topics": [],
"visibility": "public",
"forks": 31,
"watchers": 165,
"watchers": 166,
"score": 0,
"subscribers_count": 4
},
@ -13958,7 +13958,7 @@
"description": "Pentesting caja negra: Shellshock (CVE-2014-6271) + Log4Shell (CVE-2021-44228). Escalada a root. Informe ejecutivo y técnico",
"fork": false,
"created_at": "2026-05-05T06:59:35Z",
"updated_at": "2026-05-05T18:17:05Z",
"updated_at": "2026-05-05T18:28:31Z",
"pushed_at": "2026-05-05T18:17:01Z",
"stargazers_count": 0,
"watchers_count": 0,

8
2022/CVE-2022-21999.json
View file

@ -14,10 +14,10 @@
"description": "Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)",
"fork": false,
"created_at": "2022-02-08T17:25:44Z",
"updated_at": "2026-04-28T18:22:58Z",
"updated_at": "2026-05-05T19:06:21Z",
"pushed_at": "2022-02-09T16:54:09Z",
"stargazers_count": 796,
"watchers_count": 796,
"stargazers_count": 797,
"watchers_count": 797,
"has_discussions": false,
"forks_count": 161,
"allow_forking": true,
@ -31,7 +31,7 @@
],
"visibility": "public",
"forks": 161,
"watchers": 796,
"watchers": 797,
"score": 0,
"subscribers_count": 14
}

8
2022/CVE-2022-33679.json
View file

@ -14,10 +14,10 @@
"description": "One day based on https:\/\/googleprojectzero.blogspot.com\/2022\/10\/rc4-is-still-considered-harmful.html",
"fork": false,
"created_at": "2022-11-02T18:38:01Z",
"updated_at": "2026-04-16T04:59:07Z",
"updated_at": "2026-05-05T19:02:01Z",
"pushed_at": "2024-11-10T17:21:28Z",
"stargazers_count": 416,
"watchers_count": 416,
"stargazers_count": 417,
"watchers_count": 417,
"has_discussions": false,
"forks_count": 72,
"allow_forking": true,
@ -28,7 +28,7 @@
"topics": [],
"visibility": "public",
"forks": 72,
"watchers": 416,
"watchers": 417,
"score": 0,
"subscribers_count": 7
},

2
2022/CVE-2022-38694.json
View file

@ -14,7 +14,7 @@
"description": "This is a one-time signature verification bypass. For persistent signature verification bypass, check https:\/\/github.com\/TomKing062\/CVE-2022-38691_38692",
"fork": false,
"created_at": "2023-06-10T08:31:26Z",
"updated_at": "2026-05-04T16:01:04Z",
"updated_at": "2026-05-05T23:50:56Z",
"pushed_at": "2025-06-14T16:55:26Z",
"stargazers_count": 548,
"watchers_count": 548,

8
2023/CVE-2023-0179.json
View file

@ -14,10 +14,10 @@
"description": null,
"fork": false,
"created_at": "2023-01-21T01:02:01Z",
"updated_at": "2026-02-09T06:39:20Z",
"updated_at": "2026-05-05T19:10:16Z",
"pushed_at": "2024-03-29T00:19:09Z",
"stargazers_count": 216,
"watchers_count": 216,
"stargazers_count": 217,
"watchers_count": 217,
"has_discussions": false,
"forks_count": 36,
"allow_forking": true,
@ -28,7 +28,7 @@
"topics": [],
"visibility": "public",
"forks": 36,
"watchers": 216,
"watchers": 217,
"score": 0,
"subscribers_count": 4
},

8
2023/CVE-2023-21768.json
View file

@ -14,10 +14,10 @@
"description": "LPE exploit for CVE-2023-21768",
"fork": false,
"created_at": "2023-03-07T23:00:27Z",
"updated_at": "2026-05-03T08:22:14Z",
"updated_at": "2026-05-05T19:02:40Z",
"pushed_at": "2023-07-10T16:35:49Z",
"stargazers_count": 506,
"watchers_count": 506,
"stargazers_count": 507,
"watchers_count": 507,
"has_discussions": false,
"forks_count": 168,
"allow_forking": true,
@ -28,7 +28,7 @@
"topics": [],
"visibility": "public",
"forks": 168,
"watchers": 506,
"watchers": 507,
"score": 0,
"subscribers_count": 9
},

4
2023/CVE-2023-32434.json
View file

@ -47,8 +47,8 @@
"description": "oob_entry tfp0 kernel exploit for armv7 iOS (iOS 3.010.3.4), using CVE-2023-32434. We will publish a write-up detailing the methods in the coming weeks. 🐙",
"fork": false,
"created_at": "2025-08-13T09:19:29Z",
"updated_at": "2026-05-05T17:29:25Z",
"pushed_at": "2026-05-05T17:29:20Z",
"updated_at": "2026-05-06T00:33:03Z",
"pushed_at": "2026-05-06T00:32:59Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

8
2023/CVE-2023-32784.json
View file

@ -14,10 +14,10 @@
"description": "Original PoC for CVE-2023-32784",
"fork": false,
"created_at": "2023-05-01T17:08:55Z",
"updated_at": "2026-04-19T16:17:14Z",
"updated_at": "2026-05-05T19:10:24Z",
"pushed_at": "2023-08-17T19:26:55Z",
"stargazers_count": 650,
"watchers_count": 650,
"stargazers_count": 651,
"watchers_count": 651,
"has_discussions": false,
"forks_count": 60,
"allow_forking": true,
@ -31,7 +31,7 @@
],
"visibility": "public",
"forks": 60,
"watchers": 650,
"watchers": 651,
"score": 0,
"subscribers_count": 9
},

33
2023/CVE-2023-34362.json
View file

@ -411,5 +411,38 @@
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1230383058,
"name": "Multi-Stage-Exploitation-and-Detection-Engineering-Analysis-of-CVE-2023-34362-in-MOVEit-Transfer",
"full_name": "KarmanyaT28\/Multi-Stage-Exploitation-and-Detection-Engineering-Analysis-of-CVE-2023-34362-in-MOVEit-Transfer",
"owner": {
"login": "KarmanyaT28",
"id": 61420434,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/61420434?v=4",
"html_url": "https:\/\/github.com\/KarmanyaT28",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/KarmanyaT28\/Multi-Stage-Exploitation-and-Detection-Engineering-Analysis-of-CVE-2023-34362-in-MOVEit-Transfer",
"description": "This repository contains an academic and technical analysis of CVE-2023-34362, a critical SQL injection vulnerability affecting the MOVEit Transfer application, a widely used enterprise Managed File Transfer (MFT) platform. The project was developed as part of the CYB625 Ethical Hacking & Penetration Testing course at Pace University.",
"fork": false,
"created_at": "2026-05-06T00:17:41Z",
"updated_at": "2026-05-06T00:18:15Z",
"pushed_at": "2026-05-06T00:18:11Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

8
2023/CVE-2023-36802.json
View file

@ -14,10 +14,10 @@
"description": "LPE exploit for CVE-2023-36802",
"fork": false,
"created_at": "2023-10-09T17:32:15Z",
"updated_at": "2026-04-17T14:15:33Z",
"updated_at": "2026-05-05T19:02:41Z",
"pushed_at": "2023-10-10T17:44:17Z",
"stargazers_count": 167,
"watchers_count": 167,
"stargazers_count": 168,
"watchers_count": 168,
"has_discussions": false,
"forks_count": 42,
"allow_forking": true,
@ -28,7 +28,7 @@
"topics": [],
"visibility": "public",
"forks": 42,
"watchers": 167,
"watchers": 168,
"score": 0,
"subscribers_count": 4
},

4
2023/CVE-2023-39910.json
View file

@ -66,8 +66,8 @@
"description": "🔒 Analyze the CVE-2023-39910 vulnerability in Libbitcoin Explorer to understand its impact on Bitcoin wallet security and protect your assets.",
"fork": false,
"created_at": "2026-01-07T14:24:08Z",
"updated_at": "2026-05-05T12:36:32Z",
"pushed_at": "2026-05-05T12:36:12Z",
"updated_at": "2026-05-05T22:55:47Z",
"pushed_at": "2026-05-05T22:55:43Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

33
2023/CVE-2023-51385.json
View file

@ -230,39 +230,6 @@
"score": 0,
"subscribers_count": 1
},
{
"id": 738661198,
"name": "exploit-CVE-2023-51385",
"full_name": "julienbrs\/exploit-CVE-2023-51385",
"owner": {
"login": "julienbrs",
"id": 106234742,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/106234742?v=4",
"html_url": "https:\/\/github.com\/julienbrs",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/julienbrs\/exploit-CVE-2023-51385",
"description": null,
"fork": false,
"created_at": "2024-01-03T18:40:44Z",
"updated_at": "2024-01-03T18:40:44Z",
"pushed_at": "2024-01-03T18:41:24Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 738669696,
"name": "malicious-exploit-CVE-2023-51385",

4
2024/CVE-2024-0670.json
View file

@ -172,8 +172,8 @@
"description": "🔍 Exploit CVE-2024-0670 in CheckMK agents for local privilege escalation using a robust C++ tool designed for security professionals.",
"fork": false,
"created_at": "2026-01-08T01:32:09Z",
"updated_at": "2026-05-05T12:37:12Z",
"pushed_at": "2026-05-05T12:37:09Z",
"updated_at": "2026-05-05T22:56:17Z",
"pushed_at": "2026-05-05T22:56:12Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

8
2024/CVE-2024-1086.json
View file

@ -14,10 +14,10 @@
"description": "Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.",
"fork": false,
"created_at": "2024-03-20T21:16:41Z",
"updated_at": "2026-05-02T19:04:13Z",
"updated_at": "2026-05-05T19:07:23Z",
"pushed_at": "2024-04-17T16:09:54Z",
"stargazers_count": 2445,
"watchers_count": 2445,
"stargazers_count": 2446,
"watchers_count": 2446,
"has_discussions": false,
"forks_count": 332,
"allow_forking": true,
@ -34,7 +34,7 @@
],
"visibility": "public",
"forks": 332,
"watchers": 2445,
"watchers": 2446,
"score": 0,
"subscribers_count": 26
},

4
2024/CVE-2024-23222.json
View file

@ -80,8 +80,8 @@
"description": "Analyze and deobfuscate the Coruna Exploit Kit (CVE-2024-23222) to enhance understanding and detection of related threats.",
"fork": false,
"created_at": "2026-03-15T16:36:07Z",
"updated_at": "2026-05-05T13:45:00Z",
"pushed_at": "2026-05-05T13:44:19Z",
"updated_at": "2026-05-05T23:39:28Z",
"pushed_at": "2026-05-05T23:39:24Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,

8
2024/CVE-2024-49746.json
View file

@ -14,10 +14,10 @@
"description": "Writeup and exploit for CVE-2024-49746: Android's Parcel::continueWrite closing File Descriptors that are later used",
"fork": false,
"created_at": "2025-10-08T13:04:01Z",
"updated_at": "2026-04-19T08:21:23Z",
"updated_at": "2026-05-05T20:01:09Z",
"pushed_at": "2025-10-08T13:04:18Z",
"stargazers_count": 45,
"watchers_count": 45,
"stargazers_count": 46,
"watchers_count": 46,
"has_discussions": false,
"forks_count": 12,
"allow_forking": true,
@ -28,7 +28,7 @@
"topics": [],
"visibility": "public",
"forks": 12,
"watchers": 45,
"watchers": 46,
"score": 0,
"subscribers_count": 0
}

8
2024/CVE-2024-51482.json
View file

@ -245,10 +245,10 @@
"description": "Time-based blind SQL injection PoC for CVE-2024-51482 in ZoneMinder, with reproducible Docker lab and automated data extraction.",
"fork": false,
"created_at": "2026-04-28T22:32:08Z",
"updated_at": "2026-05-04T20:26:12Z",
"updated_at": "2026-05-05T19:42:24Z",
"pushed_at": "2026-05-04T20:26:07Z",
"stargazers_count": 0,
"watchers_count": 0,
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -259,7 +259,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 0
},

8
2025/CVE-2025-14847.json
View file

@ -14,8 +14,8 @@
"description": "🛠 Exploit the CVE-2025-14847 vulnerability in MongoDB to disclose sensitive heap memory using a Python script that analyzes responses for new leaked data.",
"fork": false,
"created_at": "2025-07-30T15:52:00Z",
"updated_at": "2026-05-05T12:52:35Z",
"pushed_at": "2026-05-05T12:52:31Z",
"updated_at": "2026-05-05T23:01:01Z",
"pushed_at": "2026-05-05T23:00:57Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
@ -1129,8 +1129,8 @@
"description": "🔍 Scan for MongoDB vulnerabilities with MongoBleed, a high-performance tool for detecting CVE-2025-14847 across large networks quickly and efficiently.",
"fork": false,
"created_at": "2026-01-14T06:05:44Z",
"updated_at": "2026-05-05T12:47:44Z",
"pushed_at": "2026-05-05T12:47:40Z",
"updated_at": "2026-05-05T23:00:06Z",
"pushed_at": "2026-05-05T23:00:02Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

33
2025/CVE-2025-21333.json
View file

@ -64,5 +64,38 @@
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 1230262343,
"name": "CVE-2025-21333",
"full_name": "nu1lptr0\/CVE-2025-21333",
"owner": {
"login": "nu1lptr0",
"id": 168084200,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/168084200?v=4",
"html_url": "https:\/\/github.com\/nu1lptr0",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/nu1lptr0\/CVE-2025-21333",
"description": "LPE due to integer truncation in vskrnlintvsp.sys",
"fork": false,
"created_at": "2026-05-05T20:41:08Z",
"updated_at": "2026-05-05T23:08:28Z",
"pushed_at": "2026-05-05T21:00:17Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 2,
"score": 0,
"subscribers_count": 0
}
]

4
2025/CVE-2025-2304.json
View file

@ -412,8 +412,8 @@
"description": "🛠️ Exploit CVE-2025-2304 in Camaleon CMS easily with this Python script for privilege escalation, tested on version 2.9.0.",
"fork": false,
"created_at": "2026-02-14T20:01:20Z",
"updated_at": "2026-05-05T13:24:25Z",
"pushed_at": "2026-05-05T13:22:09Z",
"updated_at": "2026-05-05T23:20:36Z",
"pushed_at": "2026-05-05T23:20:33Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

8
2025/CVE-2025-24203.json
View file

@ -14,10 +14,10 @@
"description": "Basic customization app using CVE-2025-24203. Patched in iOS 18.4.",
"fork": false,
"created_at": "2025-05-09T07:18:55Z",
"updated_at": "2026-05-05T18:19:23Z",
"updated_at": "2026-05-05T18:54:42Z",
"pushed_at": "2026-05-05T01:20:19Z",
"stargazers_count": 320,
"watchers_count": 320,
"stargazers_count": 321,
"watchers_count": 321,
"has_discussions": false,
"forks_count": 33,
"allow_forking": true,
@ -28,7 +28,7 @@
"topics": [],
"visibility": "public",
"forks": 33,
"watchers": 320,
"watchers": 321,
"score": 0,
"subscribers_count": 9
},

4
2025/CVE-2025-24257.json
View file

@ -14,8 +14,8 @@
"description": "Demonstrate CVE-2025-24257 with a public PoC for IOGPUFamily kernel heap OOB read\/write and panic analysis",
"fork": false,
"created_at": "2026-04-04T03:42:55Z",
"updated_at": "2026-05-05T14:07:37Z",
"pushed_at": "2026-05-05T14:07:18Z",
"updated_at": "2026-05-05T23:50:26Z",
"pushed_at": "2026-05-05T23:50:22Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2025/CVE-2025-31258.json
View file

@ -14,8 +14,8 @@
"description": "🔓 Explore CVE-2025-31258 with this PoC demonstrating partial sandbox escape using RemoteViewServices for practical 1-day security practice.",
"fork": false,
"created_at": "2020-06-23T15:20:11Z",
"updated_at": "2026-05-05T17:43:57Z",
"pushed_at": "2026-05-05T17:43:53Z",
"updated_at": "2026-05-06T00:38:23Z",
"pushed_at": "2026-05-06T00:38:18Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

20
2025/CVE-2025-32463.json
View file

@ -237,10 +237,10 @@
"description": "Local Privilege Escalation to Root via Sudo chroot in Linux",
"fork": false,
"created_at": "2025-07-02T07:20:20Z",
"updated_at": "2026-04-24T15:57:00Z",
"updated_at": "2026-05-05T22:25:35Z",
"pushed_at": "2025-07-02T08:04:44Z",
"stargazers_count": 460,
"watchers_count": 460,
"stargazers_count": 459,
"watchers_count": 459,
"has_discussions": false,
"forks_count": 61,
"allow_forking": true,
@ -263,7 +263,7 @@
],
"visibility": "public",
"forks": 61,
"watchers": 460,
"watchers": 459,
"score": 0,
"subscribers_count": 3
},
@ -645,8 +645,8 @@
"description": "Demonstrate CVE-2025-32463 with this PoC for sudo's chroot feature. Explore the exploit and its impact on vulnerable sudo versions. 🐱💻🔒",
"fork": false,
"created_at": "2025-07-04T18:20:09Z",
"updated_at": "2026-05-05T17:25:30Z",
"pushed_at": "2026-05-05T17:25:08Z",
"updated_at": "2026-05-06T00:31:46Z",
"pushed_at": "2026-05-06T00:31:42Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -1628,8 +1628,8 @@
"description": "🔍 Demonstrate the CVE-2025-32463 privilege-escalation flaw in sudo's chroot feature with this minimal, reproducible proof of concept environment.",
"fork": false,
"created_at": "2025-09-20T00:42:07Z",
"updated_at": "2026-05-05T17:45:55Z",
"pushed_at": "2026-05-05T17:45:51Z",
"updated_at": "2026-05-06T00:39:32Z",
"pushed_at": "2026-05-06T00:39:29Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
@ -1680,8 +1680,8 @@
"description": null,
"fork": false,
"created_at": "2025-09-20T02:01:08Z",
"updated_at": "2026-05-05T17:45:54Z",
"pushed_at": "2026-05-05T17:45:48Z",
"updated_at": "2026-05-06T00:39:34Z",
"pushed_at": "2026-05-06T00:39:30Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

12
2025/CVE-2025-36911.json
View file

@ -86,10 +86,10 @@
"description": "WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair) vulnerability in Google's Fast Pair protocol. This vulnerability affects millions of Bluetooth audio devices worldwide, allowing unauthorized pairing and potential microphone access without user consent.",
"fork": false,
"created_at": "2026-01-17T05:28:08Z",
"updated_at": "2026-05-05T12:52:30Z",
"updated_at": "2026-05-05T23:01:24Z",
"pushed_at": "2026-01-18T00:15:59Z",
"stargazers_count": 781,
"watchers_count": 781,
"stargazers_count": 782,
"watchers_count": 782,
"has_discussions": false,
"forks_count": 87,
"allow_forking": true,
@ -100,7 +100,7 @@
"topics": [],
"visibility": "public",
"forks": 87,
"watchers": 781,
"watchers": 782,
"score": 0,
"subscribers_count": 22
},
@ -294,8 +294,8 @@
"description": "🔍 Scan and research CVE-2025-36911 vulnerabilities with WPair, a specialized tool for Android built in Kotlin, ensuring your applications remain secure.",
"fork": false,
"created_at": "2026-01-29T01:59:47Z",
"updated_at": "2026-05-05T13:11:16Z",
"pushed_at": "2026-05-05T13:10:37Z",
"updated_at": "2026-05-05T23:11:13Z",
"pushed_at": "2026-05-05T23:11:09Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2025/CVE-2025-48757.json
View file

@ -19,7 +19,7 @@
"stargazers_count": 15,
"watchers_count": 15,
"has_discussions": false,
"forks_count": 1,
"forks_count": 2,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -43,7 +43,7 @@
"vibe-coding"
],
"visibility": "public",
"forks": 1,
"forks": 2,
"watchers": 15,
"score": 0,
"subscribers_count": 0

4
2025/CVE-2025-49144.json
View file

@ -251,8 +251,8 @@
"description": null,
"fork": false,
"created_at": "2025-09-19T17:17:19Z",
"updated_at": "2026-05-05T17:45:39Z",
"pushed_at": "2026-05-05T17:45:35Z",
"updated_at": "2026-05-06T00:39:30Z",
"pushed_at": "2026-05-06T00:39:26Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,

8
2025/CVE-2025-49844.json
View file

@ -14,8 +14,8 @@
"description": "🔍 Explore and test the CVE-2025-49844 (RediShell) vulnerability in Redis with this practical lab environment for secure education and research.",
"fork": false,
"created_at": "2019-04-13T07:51:09Z",
"updated_at": "2026-05-05T18:09:46Z",
"pushed_at": "2026-05-05T18:09:42Z",
"updated_at": "2026-05-05T22:16:14Z",
"pushed_at": "2026-05-05T22:16:10Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
@ -66,8 +66,8 @@
"description": "🚨 Exploit the CVE-2025-49844 Redis Lua interpreter UAF vulnerability to execute arbitrary shellcode and gain persistent backdoor access.",
"fork": false,
"created_at": "2022-04-06T09:27:39Z",
"updated_at": "2026-05-05T18:10:32Z",
"pushed_at": "2026-05-05T18:10:28Z",
"updated_at": "2026-05-05T22:17:02Z",
"pushed_at": "2026-05-05T22:16:59Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,

8
2025/CVE-2025-54100.json
View file

@ -47,10 +47,10 @@
"description": "CVE-2025-54100 (CVSS 7.8 High) is a command injection vulnerability in the Invoke-WebRequest cmdlet of Windows PowerShell 5.1. It arises from improper neutralization of special elements during the automatic parsing of Web responses.",
"fork": false,
"created_at": "2025-12-13T06:40:19Z",
"updated_at": "2026-04-11T17:35:09Z",
"updated_at": "2026-05-05T18:53:25Z",
"pushed_at": "2025-12-13T08:43:07Z",
"stargazers_count": 26,
"watchers_count": 26,
"stargazers_count": 27,
"watchers_count": 27,
"has_discussions": false,
"forks_count": 7,
"allow_forking": true,
@ -66,7 +66,7 @@
],
"visibility": "public",
"forks": 7,
"watchers": 26,
"watchers": 27,
"score": 0,
"subscribers_count": 0
},

4
2025/CVE-2025-5419.json
View file

@ -14,8 +14,8 @@
"description": "🛡️ Analyze CVE-2025-5419 to exploit an uninitialized read vulnerability in V8 for arbitrary read\/write access within the sandbox environment.",
"fork": false,
"created_at": "2023-01-25T04:41:49Z",
"updated_at": "2026-05-05T13:21:56Z",
"pushed_at": "2026-05-05T13:20:13Z",
"updated_at": "2026-05-05T23:19:02Z",
"pushed_at": "2026-05-05T23:18:58Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2025/CVE-2025-54253.json
View file

@ -67,8 +67,8 @@
"description": "🐙 CVE-2025-54253 exploit demo for Adobe AEM Forms on JEE: OGNL injection to RCE with PoC, Python 3.10 exploit code, reproducer and mitigation guidance.",
"fork": false,
"created_at": "2025-08-17T22:04:33Z",
"updated_at": "2026-05-05T17:33:01Z",
"pushed_at": "2026-05-05T17:32:56Z",
"updated_at": "2026-05-06T00:34:14Z",
"pushed_at": "2026-05-06T00:34:10Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,

4
2025/CVE-2025-54424.json
View file

@ -53,8 +53,8 @@
"description": "CVE-2025-54424: 1Panel TLS client cert bypass enables RCE via forged CN 'panel_client' using a bundled scanning and exploitation tool. Affected: <= v2.0.5. 🔐",
"fork": false,
"created_at": "2025-08-14T05:16:16Z",
"updated_at": "2026-05-05T17:31:50Z",
"pushed_at": "2026-05-05T17:31:47Z",
"updated_at": "2026-05-06T00:33:53Z",
"pushed_at": "2026-05-06T00:33:49Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,

72
2025/CVE-2025-55182.json
View file

@ -14,8 +14,8 @@
"description": "🔍 Demonstrate CVE-2025-55182, a critical vulnerability in React Server Components allowing unauthenticated arbitrary code execution.",
"fork": false,
"created_at": "2021-09-18T02:04:33Z",
"updated_at": "2026-05-05T18:45:10Z",
"pushed_at": "2026-05-05T18:45:05Z",
"updated_at": "2026-05-05T22:46:41Z",
"pushed_at": "2026-05-05T22:46:37Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -66,8 +66,8 @@
"description": "🔍 Scan for CVE-2025-55182 risks in React Server Components with this non-intrusive tool that helps detect critical vulnerabilities in your applications.",
"fork": false,
"created_at": "2022-06-17T10:19:10Z",
"updated_at": "2026-05-05T18:44:48Z",
"pushed_at": "2026-05-05T18:44:44Z",
"updated_at": "2026-05-05T22:46:15Z",
"pushed_at": "2026-05-05T22:46:11Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -151,8 +151,8 @@
"description": "🔍 Detect vulnerabilities CVE-2025-55182 and CVE-2025-66478 in Next.js apps with this reliable command-line scanner.",
"fork": false,
"created_at": "2023-11-27T18:17:43Z",
"updated_at": "2026-05-05T18:44:54Z",
"pushed_at": "2026-05-05T18:44:50Z",
"updated_at": "2026-05-05T22:46:22Z",
"pushed_at": "2026-05-05T22:46:19Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
@ -203,8 +203,8 @@
"description": "🚨 Exploit CVE-2025-55182, a critical RCE vulnerability in React Server Components for Next.js apps; enables testing for prototype pollution risks.",
"fork": false,
"created_at": "2024-04-24T02:36:56Z",
"updated_at": "2026-05-05T12:11:23Z",
"pushed_at": "2026-05-05T12:11:18Z",
"updated_at": "2026-05-05T22:47:30Z",
"pushed_at": "2026-05-05T22:47:25Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
@ -251,8 +251,8 @@
"description": "🚨 Exploit and scan for CVE-2025-55182, a critical React\/Next.js vulnerability enabling remote code execution through prototype pollution techniques.",
"fork": false,
"created_at": "2024-05-28T16:48:51Z",
"updated_at": "2026-05-05T18:44:49Z",
"pushed_at": "2026-05-05T18:44:44Z",
"updated_at": "2026-05-05T22:46:03Z",
"pushed_at": "2026-05-05T22:45:59Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
@ -303,8 +303,8 @@
"description": null,
"fork": false,
"created_at": "2024-11-29T12:32:19Z",
"updated_at": "2026-05-05T18:45:25Z",
"pushed_at": "2026-05-05T18:45:21Z",
"updated_at": "2026-05-05T22:47:00Z",
"pushed_at": "2026-05-05T22:46:57Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -352,8 +352,8 @@
"description": "🛠️ Exploit CVE-2025-55182 effortlessly with this GUI tool for vulnerability detection, command execution, and Shell reverse connections.",
"fork": false,
"created_at": "2025-04-21T22:04:31Z",
"updated_at": "2026-05-05T12:18:27Z",
"pushed_at": "2026-05-05T12:18:22Z",
"updated_at": "2026-05-05T22:50:00Z",
"pushed_at": "2026-05-05T22:49:56Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -406,8 +406,8 @@
"description": "🚨 Exploit CVE-2025-55182 to demonstrate RCE in React Server Functions, highlighting risks from insecure prototype references in Next.js applications.",
"fork": false,
"created_at": "2025-06-06T16:34:46Z",
"updated_at": "2026-05-05T18:45:07Z",
"pushed_at": "2026-05-05T18:45:03Z",
"updated_at": "2026-05-05T22:46:35Z",
"pushed_at": "2026-05-05T22:46:31Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -458,8 +458,8 @@
"description": "⚠️ Explore a vulnerable environment to test security scanners against the CVE-2025-55182 RCE flaw in React Server Components and Next.js applications.",
"fork": false,
"created_at": "2025-07-15T18:33:34Z",
"updated_at": "2026-05-05T18:46:02Z",
"pushed_at": "2026-05-05T18:45:58Z",
"updated_at": "2026-05-05T22:47:25Z",
"pushed_at": "2026-05-05T22:47:22Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
@ -9009,10 +9009,10 @@
"description": "A command-line tool for detecting CVE-2025-55182 and CVE-2025-66478 in Next.js applications using React Server Components.",
"fork": false,
"created_at": "2025-12-10T11:45:46Z",
"updated_at": "2026-04-30T17:04:42Z",
"updated_at": "2026-05-05T18:51:55Z",
"pushed_at": "2026-04-11T18:56:55Z",
"stargazers_count": 4,
"watchers_count": 4,
"stargazers_count": 5,
"watchers_count": 5,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@ -9023,7 +9023,7 @@
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 4,
"watchers": 5,
"score": 0,
"subscribers_count": 0
},
@ -12317,8 +12317,8 @@
"description": "🛡️ Explore CVE-2025-55182, a critical RCE vulnerability in React's Flight Protocol, demonstrating exploitation techniques and mitigation strategies.",
"fork": false,
"created_at": "2025-12-24T14:48:19Z",
"updated_at": "2026-05-05T18:44:37Z",
"pushed_at": "2026-05-05T18:44:33Z",
"updated_at": "2026-05-05T22:46:09Z",
"pushed_at": "2026-05-05T22:46:06Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -12402,8 +12402,8 @@
"description": "🚨 Identify and address CVE-2025-55182, a critical React Server vulnerability allowing remote code execution without authentication.",
"fork": false,
"created_at": "2025-12-24T18:44:51Z",
"updated_at": "2026-05-05T18:44:47Z",
"pushed_at": "2026-05-05T18:44:43Z",
"updated_at": "2026-05-05T22:45:43Z",
"pushed_at": "2026-05-05T22:45:39Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -12451,8 +12451,8 @@
"description": "🚨 Demonstrate CVE-2025-55182, a critical React vulnerability allowing remote code execution via prototype chain pollution in `react-server-dom-webpack@19.0.0`.",
"fork": false,
"created_at": "2025-12-24T18:48:07Z",
"updated_at": "2026-05-05T18:44:49Z",
"pushed_at": "2026-05-05T18:44:45Z",
"updated_at": "2026-05-05T22:45:34Z",
"pushed_at": "2026-05-05T22:45:31Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -12536,8 +12536,8 @@
"description": "🔍 Exploit CVE-2025-55182 in Next.js with this versatile tool for security research, featuring advanced payloads and WAF bypass techniques.",
"fork": false,
"created_at": "2025-12-25T19:28:28Z",
"updated_at": "2026-05-05T18:45:33Z",
"pushed_at": "2026-05-05T18:45:29Z",
"updated_at": "2026-05-05T22:47:02Z",
"pushed_at": "2026-05-05T22:46:58Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -12738,8 +12738,8 @@
"description": "⚡ Discover and exploit CVE-2025-55182 with this PoC, offering reliable remote code execution tests for React Server Components in Next.js.",
"fork": false,
"created_at": "2025-12-26T22:26:55Z",
"updated_at": "2026-05-05T18:45:51Z",
"pushed_at": "2026-05-05T18:45:46Z",
"updated_at": "2026-05-05T22:47:01Z",
"pushed_at": "2026-05-05T22:46:58Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -13008,8 +13008,8 @@
"description": "🛡️ Scan and assess vulnerabilities in Next.js\/Waku with the CVE-2025-55182-Scanner, combining static and dynamic analysis for robust security.",
"fork": false,
"created_at": "2026-01-02T01:28:57Z",
"updated_at": "2026-05-05T18:50:52Z",
"pushed_at": "2026-05-05T18:50:48Z",
"updated_at": "2026-05-05T22:51:47Z",
"pushed_at": "2026-05-05T22:51:43Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
@ -13529,8 +13529,8 @@
"description": "🔍 Exploit CVE-2025-55182 vulnerabilities in Next.js and React with this efficient framework for rapid testing and assessment.",
"fork": false,
"created_at": "2026-01-08T16:28:04Z",
"updated_at": "2026-05-05T12:41:10Z",
"pushed_at": "2026-05-05T12:41:06Z",
"updated_at": "2026-05-05T22:56:52Z",
"pushed_at": "2026-05-05T22:56:48Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,

4
2025/CVE-2025-55184.json
View file

@ -289,8 +289,8 @@
"description": "🛠️ Test and validate the CVE-2025-55184 vulnerability in React Server Components to enhance your application's security against denial-of-service attacks.",
"fork": false,
"created_at": "2026-01-02T05:04:03Z",
"updated_at": "2026-05-05T18:51:12Z",
"pushed_at": "2026-05-05T18:51:07Z",
"updated_at": "2026-05-05T22:52:17Z",
"pushed_at": "2026-05-05T22:52:12Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,

4
2025/CVE-2025-59287.json
View file

@ -200,8 +200,8 @@
"description": "🔍 Analyze WSUS deserialization behavior to enhance security, generate reports, and identify configuration weaknesses in your infrastructure.",
"fork": false,
"created_at": "2026-01-29T02:16:04Z",
"updated_at": "2026-05-05T13:12:05Z",
"pushed_at": "2026-05-05T13:10:57Z",
"updated_at": "2026-05-05T23:11:12Z",
"pushed_at": "2026-05-05T23:11:09Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2025/CVE-2025-61882.json
View file

@ -14,8 +14,8 @@
"description": "🔍 Detect vulnerabilities CVE-2025-61882 and CVE-2025-61884 in Oracle E-Business Suite to help secure your systems from potential remote code execution threats.",
"fork": false,
"created_at": "2025-03-04T15:38:32Z",
"updated_at": "2026-05-05T18:09:06Z",
"pushed_at": "2026-05-05T18:09:02Z",
"updated_at": "2026-05-05T22:14:36Z",
"pushed_at": "2026-05-05T22:14:32Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

8
2025/CVE-2025-62215.json
View file

@ -179,10 +179,10 @@
"description": null,
"fork": false,
"created_at": "2026-03-02T10:34:07Z",
"updated_at": "2026-05-05T18:28:13Z",
"updated_at": "2026-05-05T23:30:38Z",
"pushed_at": "2026-05-05T04:45:36Z",
"stargazers_count": 2,
"watchers_count": 2,
"stargazers_count": 3,
"watchers_count": 3,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@ -193,7 +193,7 @@
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 2,
"watchers": 3,
"score": 0,
"subscribers_count": 0
}

22
2026/CVE-2026-26416.json → 2025/CVE-2025-6264.json
View file

@ -1,21 +1,21 @@
[
{
"id": 1172051057,
"name": "CVE-2026-26416",
"full_name": "aksalsalimi\/CVE-2026-26416",
"id": 1230222763,
"name": "velociraptor_CVE-2025-6264_PoC",
"full_name": "Mauzy0x00\/velociraptor_CVE-2025-6264_PoC",
"owner": {
"login": "aksalsalimi",
"id": 89083035,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/89083035?v=4",
"html_url": "https:\/\/github.com\/aksalsalimi",
"login": "Mauzy0x00",
"id": 127632417,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/127632417?v=4",
"html_url": "https:\/\/github.com\/Mauzy0x00",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/aksalsalimi\/CVE-2026-26416",
"html_url": "https:\/\/github.com\/Mauzy0x00\/velociraptor_CVE-2025-6264_PoC",
"description": null,
"fork": false,
"created_at": "2026-03-03T22:28:49Z",
"updated_at": "2026-03-05T18:14:29Z",
"pushed_at": "2026-03-05T18:13:38Z",
"created_at": "2026-05-05T19:48:06Z",
"updated_at": "2026-05-05T20:28:06Z",
"pushed_at": "2026-05-05T20:28:02Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2025/CVE-2025-6554.json
View file

@ -179,8 +179,8 @@
"description": "🔍 Demonstrate and validate the `addressof` and `fakeobj` primitives in the V8 sandbox for advanced security research on CVE-2025-6554.",
"fork": false,
"created_at": "2025-08-10T21:07:43Z",
"updated_at": "2026-05-05T18:39:28Z",
"pushed_at": "2026-05-05T18:39:25Z",
"updated_at": "2026-05-05T22:41:25Z",
"pushed_at": "2026-05-05T22:41:21Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,

4
2025/CVE-2025-66398.json
View file

@ -64,8 +64,8 @@
"description": "Demonstrate exploitation of Signal K Server CVE-2025-66398 allowing unauthenticated attackers to inject backdoor and enable remote code execution.",
"fork": false,
"created_at": "2026-03-23T09:09:21Z",
"updated_at": "2026-05-05T13:52:25Z",
"pushed_at": "2026-05-05T13:50:00Z",
"updated_at": "2026-05-05T23:44:25Z",
"pushed_at": "2026-05-05T23:44:22Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,

4
2025/CVE-2025-66478.json
View file

@ -14,8 +14,8 @@
"description": "🔧 Fix vulnerable versions in Next.js and React RSC apps with one command to secure against CVE-2025-66478. Improve your app's safety effortlessly.",
"fork": false,
"created_at": "2025-10-01T07:40:09Z",
"updated_at": "2026-05-05T18:46:31Z",
"pushed_at": "2026-05-05T18:46:26Z",
"updated_at": "2026-05-05T22:47:45Z",
"pushed_at": "2026-05-05T22:47:42Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2025/CVE-2025-68921.json
View file

@ -47,8 +47,8 @@
"description": "🔍 Identify and understand the local privilege escalation vulnerability (CVE-2025-68921) in Nahimic audio software, impacting many gaming laptops.",
"fork": false,
"created_at": "2026-01-24T21:00:41Z",
"updated_at": "2026-05-05T13:07:43Z",
"pushed_at": "2026-05-05T13:07:39Z",
"updated_at": "2026-05-05T23:08:17Z",
"pushed_at": "2026-05-05T23:08:13Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2025/CVE-2025-69985.json
View file

@ -14,8 +14,8 @@
"description": "Exploit CVE-2025-69985 to bypass authentication and execute remote commands on FUXA versions ≤ 1.2.8 via the \/api\/runscript endpoint.",
"fork": false,
"created_at": "2025-04-10T09:18:30Z",
"updated_at": "2026-05-05T13:37:46Z",
"pushed_at": "2026-05-05T13:37:40Z",
"updated_at": "2026-05-05T23:32:12Z",
"pushed_at": "2026-05-05T23:32:08Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

12
2025/CVE-2025-70795.json
View file

@ -14,8 +14,8 @@
"description": "🛠 Exploit and control Windows processes using CVE-2025-70795 and CVE-2026-0828 with driver-based termination tools.",
"fork": false,
"created_at": "2024-04-20T04:18:24Z",
"updated_at": "2026-05-05T13:33:02Z",
"pushed_at": "2026-05-05T13:30:51Z",
"updated_at": "2026-05-05T23:28:05Z",
"pushed_at": "2026-05-05T23:28:02Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,
@ -68,10 +68,10 @@
"description": "The PoC for CVE-2025-70795 \/ CVE-2026-0828 and updated driver",
"fork": false,
"created_at": "2026-02-14T11:50:08Z",
"updated_at": "2026-05-01T02:44:43Z",
"updated_at": "2026-05-05T20:16:55Z",
"pushed_at": "2026-03-13T09:52:10Z",
"stargazers_count": 45,
"watchers_count": 45,
"stargazers_count": 46,
"watchers_count": 46,
"has_discussions": false,
"forks_count": 8,
"allow_forking": true,
@ -82,7 +82,7 @@
"topics": [],
"visibility": "public",
"forks": 8,
"watchers": 45,
"watchers": 46,
"score": 0,
"subscribers_count": 0
}

8
2025/CVE-2025-7771.json
View file

@ -256,10 +256,10 @@
"description": "Advanced PoC & Research for CVE-2026-0828 (Safetica) and CVE-2025-7771 (ThrottleStop). Analysis of BYOVD (Bring Your Own Vulnerable Driver) TTPs for Ring 0 process termination and physical memory R\/W. Researching EDR-Killer patterns, PPL bypasses, and kernel-mode primitives used by MedusaLocker and other threat actors.",
"fork": false,
"created_at": "2026-02-04T01:47:36Z",
"updated_at": "2026-04-25T09:32:04Z",
"updated_at": "2026-05-05T20:16:50Z",
"pushed_at": "2026-02-04T02:20:21Z",
"stargazers_count": 37,
"watchers_count": 37,
"stargazers_count": 38,
"watchers_count": 38,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
@ -270,7 +270,7 @@
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 37,
"watchers": 38,
"score": 0,
"subscribers_count": 1
},

4
2025/CVE-2025-8088.json
View file

@ -838,8 +838,8 @@
"description": "🛠 Exploit CVE-2025-8088 with this Python tool to generate malicious WinRAR archives that ensure payload persistence in Windows startup folders.",
"fork": false,
"created_at": "2025-12-20T13:52:21Z",
"updated_at": "2026-05-05T18:41:28Z",
"pushed_at": "2026-05-05T18:41:24Z",
"updated_at": "2026-05-05T22:42:37Z",
"pushed_at": "2026-05-05T22:42:33Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,

4
2025/CVE-2025-8110.json
View file

@ -146,8 +146,8 @@
"description": "🔍 Detect improper symbolic link handling in Gogs' PutContents API, exposing local code execution risks for versions 0.13.3 and earlier.",
"fork": false,
"created_at": "2025-12-31T13:25:07Z",
"updated_at": "2026-05-05T12:21:20Z",
"pushed_at": "2026-05-05T12:21:16Z",
"updated_at": "2026-05-05T22:51:19Z",
"pushed_at": "2026-05-05T22:51:15Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2025/CVE-2025-9074.json
View file

@ -14,8 +14,8 @@
"description": "🚀 Exploit CVE-2025-9074 with this Docker escape framework, simplifying API vulnerabilities and enhancing security testing for developers and researchers.",
"fork": false,
"created_at": "2024-06-19T23:21:41Z",
"updated_at": "2026-05-05T12:26:47Z",
"pushed_at": "2026-05-05T12:26:43Z",
"updated_at": "2026-05-05T22:52:45Z",
"pushed_at": "2026-05-05T22:52:41Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

68
2026/CVE-2026-0073.json Normal file
View file

@ -0,0 +1,68 @@
[
{
"id": 1230289580,
"name": "CVE-2026-0073-Research",
"full_name": "novaek\/CVE-2026-0073-Research",
"owner": {
"login": "novaek",
"id": 115405298,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/115405298?v=4",
"html_url": "https:\/\/github.com\/novaek",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/novaek\/CVE-2026-0073-Research",
"description": "CVE-2026-0073 is an RCE with a CVSS severity score of 8.3, and here we will explain how it works.",
"fork": false,
"created_at": "2026-05-05T21:22:41Z",
"updated_at": "2026-05-05T23:13:36Z",
"pushed_at": "2026-05-05T23:13:33Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1230308713,
"name": "CVE-2026-0073-Android-adbd-authentication-bypass-POC",
"full_name": "SecTestAnnaQuinn\/CVE-2026-0073-Android-adbd-authentication-bypass-POC",
"owner": {
"login": "SecTestAnnaQuinn",
"id": 88168208,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/88168208?v=4",
"html_url": "https:\/\/github.com\/SecTestAnnaQuinn",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/SecTestAnnaQuinn\/CVE-2026-0073-Android-adbd-authentication-bypass-POC",
"description": null,
"fork": false,
"created_at": "2026-05-05T21:53:08Z",
"updated_at": "2026-05-06T00:43:03Z",
"pushed_at": "2026-05-05T22:11:24Z",
"stargazers_count": 3,
"watchers_count": 3,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 3,
"score": 0,
"subscribers_count": 0
}
]

28
2026/CVE-2026-0828.json
View file

@ -14,8 +14,8 @@
"description": "🛠 Exploit and control Windows processes using CVE-2025-70795 and CVE-2026-0828 with driver-based termination tools.",
"fork": false,
"created_at": "2024-04-20T04:18:24Z",
"updated_at": "2026-05-05T13:33:02Z",
"pushed_at": "2026-05-05T13:30:51Z",
"updated_at": "2026-05-05T23:28:05Z",
"pushed_at": "2026-05-05T23:28:02Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,
@ -68,10 +68,10 @@
"description": "BYOVD research performed by KOSEC. Includes vulnerable drivers and writeups (CVE-2026-0828).",
"fork": false,
"created_at": "2025-10-15T02:11:59Z",
"updated_at": "2026-04-30T08:11:58Z",
"updated_at": "2026-05-05T20:16:29Z",
"pushed_at": "2026-03-18T00:25:06Z",
"stargazers_count": 6,
"watchers_count": 6,
"stargazers_count": 7,
"watchers_count": 7,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -82,7 +82,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 6,
"watchers": 7,
"score": 0,
"subscribers_count": 2
},
@ -101,10 +101,10 @@
"description": "The PoC for CVE-2025-70795 \/ CVE-2026-0828 and updated driver",
"fork": false,
"created_at": "2026-02-14T11:50:08Z",
"updated_at": "2026-05-01T02:44:43Z",
"updated_at": "2026-05-05T20:16:55Z",
"pushed_at": "2026-03-13T09:52:10Z",
"stargazers_count": 45,
"watchers_count": 45,
"stargazers_count": 46,
"watchers_count": 46,
"has_discussions": false,
"forks_count": 8,
"allow_forking": true,
@ -115,7 +115,7 @@
"topics": [],
"visibility": "public",
"forks": 8,
"watchers": 45,
"watchers": 46,
"score": 0,
"subscribers_count": 0
},
@ -134,10 +134,10 @@
"description": "Kernel Process Termination Tool ( CVE-2026-0828 exploit)",
"fork": false,
"created_at": "2026-04-02T14:28:37Z",
"updated_at": "2026-05-04T12:58:14Z",
"updated_at": "2026-05-05T20:16:33Z",
"pushed_at": "2026-04-02T14:32:56Z",
"stargazers_count": 26,
"watchers_count": 26,
"stargazers_count": 27,
"watchers_count": 27,
"has_discussions": false,
"forks_count": 6,
"allow_forking": true,
@ -148,7 +148,7 @@
"topics": [],
"visibility": "public",
"forks": 6,
"watchers": 26,
"watchers": 27,
"score": 0,
"subscribers_count": 2
}

103
2026/CVE-2026-20127.json
View file

@ -1,107 +1,4 @@
[
{
"id": 1172134172,
"name": "CVE-2026-20127---Cisco-SD-WAN-Preauth-RCE",
"full_name": "zerozenxlabs\/CVE-2026-20127---Cisco-SD-WAN-Preauth-RCE",
"owner": {
"login": "zerozenxlabs",
"id": 18348468,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18348468?v=4",
"html_url": "https:\/\/github.com\/zerozenxlabs",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/zerozenxlabs\/CVE-2026-20127---Cisco-SD-WAN-Preauth-RCE",
"description": null,
"fork": false,
"created_at": "2026-03-04T01:20:17Z",
"updated_at": "2026-03-23T05:02:53Z",
"pushed_at": "2026-03-04T01:36:00Z",
"stargazers_count": 31,
"watchers_count": 31,
"has_discussions": false,
"forks_count": 10,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 10,
"watchers": 31,
"score": 0,
"subscribers_count": 0
},
{
"id": 1172198312,
"name": "CVE-2026-20127",
"full_name": "randeepajayasekara\/CVE-2026-20127",
"owner": {
"login": "randeepajayasekara",
"id": 147414352,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/147414352?v=4",
"html_url": "https:\/\/github.com\/randeepajayasekara",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/randeepajayasekara\/CVE-2026-20127",
"description": "Walkthrough of the CVSS 10.0 authentication bypass in Cisco Catalyst SD-WAN from first malformed peering request to root on the management plane.",
"fork": false,
"created_at": "2026-03-04T03:25:57Z",
"updated_at": "2026-03-12T06:34:04Z",
"pushed_at": "2026-03-04T05:19:18Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [
"authentication-bypass",
"cve",
"vulnerability"
],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1173633761,
"name": "CVE-2026-20127_EXP",
"full_name": "BugFor-Pings\/CVE-2026-20127_EXP",
"owner": {
"login": "BugFor-Pings",
"id": 96440773,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/96440773?v=4",
"html_url": "https:\/\/github.com\/BugFor-Pings",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/BugFor-Pings\/CVE-2026-20127_EXP",
"description": "Cisco Catalyst SD-WAN 身份验证绕过漏洞(CVE-2026-20127)利用EXP",
"fork": false,
"created_at": "2026-03-05T15:28:31Z",
"updated_at": "2026-03-31T13:50:52Z",
"pushed_at": "2026-03-05T15:36:00Z",
"stargazers_count": 4,
"watchers_count": 4,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 4,
"score": 0,
"subscribers_count": 0
},
{
"id": 1175143169,
"name": "CVE-2026-20127-Cisco-SD-WAN-Preauth-RCE",

8
2026/CVE-2026-20841.json
View file

@ -14,8 +14,8 @@
"description": "🛠 Demonstrate remote code execution in Windows Notepad via markdown links exploiting unsecured URL protocols.",
"fork": false,
"created_at": "2024-09-22T12:19:06Z",
"updated_at": "2026-05-05T13:30:37Z",
"pushed_at": "2026-05-05T13:29:40Z",
"updated_at": "2026-05-05T23:27:24Z",
"pushed_at": "2026-05-05T23:27:21Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
@ -66,8 +66,8 @@
"description": "🛠 Demonstrate remote code execution in Windows Notepad versions below 11.2510 using the CVE-2026-20841 proof of concept.",
"fork": false,
"created_at": "2026-02-26T05:21:28Z",
"updated_at": "2026-05-05T13:30:38Z",
"pushed_at": "2026-05-05T13:28:59Z",
"updated_at": "2026-05-05T23:26:24Z",
"pushed_at": "2026-05-05T23:26:21Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

42
2026/CVE-2026-21385.json
View file

@ -1,42 +0,0 @@
[
{
"id": 1172144473,
"name": "qualcomm-vulnerability-scanner",
"full_name": "automate-it0\/qualcomm-vulnerability-scanner",
"owner": {
"login": "automate-it0",
"id": 192937380,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/192937380?v=4",
"html_url": "https:\/\/github.com\/automate-it0",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/automate-it0\/qualcomm-vulnerability-scanner",
"description": "A tool to scan Android devices for the recently exploited Qualcomm flaw CVE-2026-21385, providing a simple and efficient way to identify vulnerable devices and apply necessary patches.",
"fork": false,
"created_at": "2026-03-04T01:40:18Z",
"updated_at": "2026-04-18T13:08:22Z",
"pushed_at": "2026-03-04T01:40:35Z",
"stargazers_count": 8,
"watchers_count": 8,
"has_discussions": false,
"forks_count": 3,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [
"automation",
"cve",
"cybersecurity",
"scanner",
"security",
"tool"
],
"visibility": "public",
"forks": 3,
"watchers": 8,
"score": 0,
"subscribers_count": 1
}
]

43
2026/CVE-2026-21509.json
View file

@ -1,47 +1,4 @@
[
{
"id": 1170074722,
"name": "CVE-2026-21509-handler",
"full_name": "suuhm\/CVE-2026-21509-handler",
"owner": {
"login": "suuhm",
"id": 11504990,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/11504990?v=4",
"html_url": "https:\/\/github.com\/suuhm",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/suuhm\/CVE-2026-21509-handler",
"description": "PowerShell script to check, apply, and test the Kill-Bit protection for the CVE-2026-21509 Microsoft Office zero-day vulnerability affecting Office 2016\/2019\/LTSC.",
"fork": false,
"created_at": "2026-03-01T17:00:37Z",
"updated_at": "2026-03-09T16:36:05Z",
"pushed_at": "2026-03-05T15:02:27Z",
"stargazers_count": 7,
"watchers_count": 7,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [
"apt28",
"cve-2026-21509",
"dcom",
"microsoft-office",
"ole-files",
"powershell-se",
"sysadmin-tool",
"zero-day",
"zeroday"
],
"visibility": "public",
"forks": 1,
"watchers": 7,
"score": 0,
"subscribers_count": 0
},
{
"id": 1180157824,
"name": "CVE-2026-21509-POC",

35
2026/CVE-2026-22686.json
View file

@ -1,35 +0,0 @@
[
{
"id": 1173202986,
"name": "CVE-2026-22686-RemoteCodeExecution-RCE-PoC",
"full_name": "moltengama\/CVE-2026-22686-RemoteCodeExecution-RCE-PoC",
"owner": {
"login": "moltengama",
"id": 88944546,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/88944546?v=4",
"html_url": "https:\/\/github.com\/moltengama",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/moltengama\/CVE-2026-22686-RemoteCodeExecution-RCE-PoC",
"description": null,
"fork": false,
"created_at": "2026-03-05T05:35:27Z",
"updated_at": "2026-03-06T01:12:44Z",
"pushed_at": "2026-03-05T05:50:03Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 2,
"score": 0,
"subscribers_count": 0
}
]

8
2026/CVE-2026-23869.json
View file

@ -47,10 +47,10 @@
"description": null,
"fork": false,
"created_at": "2026-04-11T05:00:48Z",
"updated_at": "2026-04-13T18:12:29Z",
"updated_at": "2026-05-06T00:46:40Z",
"pushed_at": "2026-04-11T05:19:55Z",
"stargazers_count": 6,
"watchers_count": 6,
"stargazers_count": 7,
"watchers_count": 7,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@ -61,7 +61,7 @@
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 6,
"watchers": 7,
"score": 0,
"subscribers_count": 0
}

4
2026/CVE-2026-23918.json
View file

@ -47,7 +47,7 @@
"description": "This repository contains a Proof of Concept (PoC) demonstrating the Double Free vulnerability (CVE-2026-23918) in Apache HTTP Server 2.4.66 `mod_http2`.",
"fork": false,
"created_at": "2026-05-05T11:31:35Z",
"updated_at": "2026-05-05T15:16:24Z",
"updated_at": "2026-05-06T00:27:28Z",
"pushed_at": "2026-05-05T15:04:59Z",
"stargazers_count": 1,
"watchers_count": 1,
@ -113,7 +113,7 @@
"description": "Passive HTTP metadata auditor for CVE-2026-23918 exposure triage",
"fork": false,
"created_at": "2026-05-05T17:55:08Z",
"updated_at": "2026-05-05T18:39:57Z",
"updated_at": "2026-05-06T00:42:42Z",
"pushed_at": "2026-05-05T18:39:53Z",
"stargazers_count": 0,
"watchers_count": 0,

4
2026/CVE-2026-2406.json
View file

@ -14,8 +14,8 @@
"description": "🔍 Analyze and detect CVE-2026-2406 vulnerabilities in Telnet to enhance security and prevent unauthorized access with this professional research engine.",
"fork": false,
"created_at": "2025-04-16T07:20:12Z",
"updated_at": "2026-05-05T13:23:17Z",
"pushed_at": "2026-05-05T13:20:46Z",
"updated_at": "2026-05-05T23:18:38Z",
"pushed_at": "2026-05-05T23:18:35Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2026/CVE-2026-24061.json
View file

@ -47,8 +47,8 @@
"description": "🚨 Exploit CVE-2026-24061, a critical remote authentication bypass in GNU inetutils-telnetd, for instant root shell access without authentication.",
"fork": false,
"created_at": "2026-02-03T19:46:10Z",
"updated_at": "2026-05-05T13:17:49Z",
"pushed_at": "2026-05-05T13:15:45Z",
"updated_at": "2026-05-05T23:15:23Z",
"pushed_at": "2026-05-05T23:15:20Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2026/CVE-2026-24072.json
View file

@ -14,8 +14,8 @@
"description": "Analysis of CVE-2026-24072",
"fork": false,
"created_at": "2026-05-05T18:48:29Z",
"updated_at": "2026-05-05T18:48:30Z",
"pushed_at": "2026-05-05T18:48:30Z",
"updated_at": "2026-05-05T21:09:31Z",
"pushed_at": "2026-05-05T21:09:25Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2026/CVE-2026-24291.json
View file

@ -80,8 +80,8 @@
"description": "Exploit Windows local privilege escalation on clients and servers using tested code for CVE-2026-24291 across multiple Windows versions",
"fork": false,
"created_at": "2026-03-26T04:38:27Z",
"updated_at": "2026-05-05T14:01:44Z",
"pushed_at": "2026-05-05T13:58:15Z",
"updated_at": "2026-05-05T23:46:20Z",
"pushed_at": "2026-05-05T23:46:16Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,

4
2026/CVE-2026-2441.json
View file

@ -14,8 +14,8 @@
"description": "Demonstrate a proof-of-concept exploit for CVE-2026-2441, a high-risk Chrome use-after-free vulnerability in the Blink CSS engine.",
"fork": false,
"created_at": "2026-03-03T14:19:18Z",
"updated_at": "2026-05-05T13:32:58Z",
"pushed_at": "2026-05-05T13:32:40Z",
"updated_at": "2026-05-05T23:29:39Z",
"pushed_at": "2026-05-05T23:29:35Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,

4
2026/CVE-2026-2472.json
View file

@ -14,8 +14,8 @@
"description": "Expose and detail an unauthenticated stored XSS vulnerability in the Google Cloud Vertex AI Python SDK affecting versions 1.98.0 to 1.130.9.",
"fork": false,
"created_at": "2026-03-10T14:40:04Z",
"updated_at": "2026-05-05T13:40:55Z",
"pushed_at": "2026-05-05T13:39:33Z",
"updated_at": "2026-05-05T23:34:49Z",
"pushed_at": "2026-05-05T23:34:46Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,

4
2026/CVE-2026-25643.json
View file

@ -14,8 +14,8 @@
"description": "Exploit Frigate NVR ≤0.16.3 to execute commands remotely by abusing a configuration flaw without needing shell access or output capture.",
"fork": false,
"created_at": "2026-03-07T20:23:08Z",
"updated_at": "2026-05-05T13:38:04Z",
"pushed_at": "2026-05-05T13:37:07Z",
"updated_at": "2026-05-05T23:33:35Z",
"pushed_at": "2026-05-05T23:33:31Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,

35
2026/CVE-2026-26128.json Normal file
View file

@ -0,0 +1,35 @@
[
{
"id": 1230252108,
"name": "CVE-2026-26128",
"full_name": "jarnovandenbrink\/CVE-2026-26128",
"owner": {
"login": "jarnovandenbrink",
"id": 84376146,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/84376146?v=4",
"html_url": "https:\/\/github.com\/jarnovandenbrink",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/jarnovandenbrink\/CVE-2026-26128",
"description": "PoC for exploiting CVE-2026-26128.",
"fork": false,
"created_at": "2026-05-05T20:27:35Z",
"updated_at": "2026-05-05T20:34:27Z",
"pushed_at": "2026-05-05T20:34:22Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

4
2026/CVE-2026-26268.json
View file

@ -14,8 +14,8 @@
"description": "IOC scanner for agentic AI coding tools — detects Mini Shai-Hulud, Gemini CLI RCE, Cursor CVE-2026-26268, and DPRK PromptMink.",
"fork": false,
"created_at": "2026-05-05T14:57:30Z",
"updated_at": "2026-05-05T18:37:41Z",
"pushed_at": "2026-05-05T17:32:50Z",
"updated_at": "2026-05-05T19:31:47Z",
"pushed_at": "2026-05-05T19:31:05Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

35
2026/CVE-2026-2763.json
View file

@ -1,35 +0,0 @@
[
{
"id": 1172905607,
"name": "CVE-2026-2763-POC",
"full_name": "ppwwiinn\/CVE-2026-2763-POC",
"owner": {
"login": "ppwwiinn",
"id": 28700275,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/28700275?v=4",
"html_url": "https:\/\/github.com\/ppwwiinn",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/ppwwiinn\/CVE-2026-2763-POC",
"description": null,
"fork": false,
"created_at": "2026-03-04T20:13:49Z",
"updated_at": "2026-03-07T15:15:56Z",
"pushed_at": "2026-03-04T22:32:55Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 2,
"score": 0,
"subscribers_count": 0
}
]

35
2026/CVE-2026-27636.json
View file

@ -1,35 +0,0 @@
[
{
"id": 1172191469,
"name": "CVE-2026-27636",
"full_name": "rav1010\/CVE-2026-27636",
"owner": {
"login": "rav1010",
"id": 187550295,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/187550295?v=4",
"html_url": "https:\/\/github.com\/rav1010",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/rav1010\/CVE-2026-27636",
"description": "Freescout-passive-scanner",
"fork": false,
"created_at": "2026-03-04T03:12:39Z",
"updated_at": "2026-03-12T10:57:26Z",
"pushed_at": "2026-03-04T03:17:43Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 0
}
]

33
2026/CVE-2026-29000.json
View file

@ -532,5 +532,38 @@
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1230312536,
"name": "CVE-2026-29000",
"full_name": "zF-tm\/CVE-2026-29000",
"owner": {
"login": "zF-tm",
"id": 73698972,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/73698972?v=4",
"html_url": "https:\/\/github.com\/zF-tm",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/zF-tm\/CVE-2026-29000",
"description": "PoC of the CVE-2026-29000 ",
"fork": false,
"created_at": "2026-05-05T21:59:34Z",
"updated_at": "2026-05-05T22:13:26Z",
"pushed_at": "2026-05-05T22:13:22Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

4
2026/CVE-2026-2991.json
View file

@ -62,8 +62,8 @@
"description": "Explore a PoC for CVE-2026-2991, an auth bypass in KiviCare 4.1.2 and earlier via the patient social-login REST endpoint",
"fork": false,
"created_at": "2026-04-03T20:26:43Z",
"updated_at": "2026-05-05T14:03:15Z",
"pushed_at": "2026-05-05T14:02:41Z",
"updated_at": "2026-05-05T23:50:04Z",
"pushed_at": "2026-05-05T23:50:01Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

107
2026/CVE-2026-31431.json
View file

@ -14,12 +14,12 @@
"description": "Copy Fail (CVE-2026-31431): 9-year-old Linux kernel LPE found by Theori's Xint Code",
"fork": false,
"created_at": "2026-04-29T12:15:28Z",
"updated_at": "2026-05-05T18:49:46Z",
"updated_at": "2026-05-06T00:45:06Z",
"pushed_at": "2026-04-29T21:21:46Z",
"stargazers_count": 3290,
"watchers_count": 3290,
"stargazers_count": 3317,
"watchers_count": 3317,
"has_discussions": false,
"forks_count": 706,
"forks_count": 713,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -38,8 +38,8 @@
"xint-code"
],
"visibility": "public",
"forks": 706,
"watchers": 3290,
"forks": 713,
"watchers": 3317,
"score": 0,
"subscribers_count": 29
},
@ -124,12 +124,12 @@
"description": "A Go implementation of copyfail (CVE-2026-31431)",
"fork": false,
"created_at": "2026-04-29T22:51:24Z",
"updated_at": "2026-05-05T16:45:51Z",
"updated_at": "2026-05-05T20:48:51Z",
"pushed_at": "2026-05-01T03:24:14Z",
"stargazers_count": 318,
"watchers_count": 318,
"has_discussions": false,
"forks_count": 63,
"forks_count": 64,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -137,7 +137,7 @@
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 63,
"forks": 64,
"watchers": 318,
"score": 0,
"subscribers_count": 1
@ -157,12 +157,12 @@
"description": "Cross-platform C port of the Copy Fail Linux LPE (CVE-2026-31431). Disclosed 2026-04-29 by Theori \/ Xint.",
"fork": false,
"created_at": "2026-04-29T23:29:14Z",
"updated_at": "2026-05-05T16:33:23Z",
"updated_at": "2026-05-05T20:42:54Z",
"pushed_at": "2026-04-30T17:04:09Z",
"stargazers_count": 294,
"watchers_count": 294,
"stargazers_count": 295,
"watchers_count": 295,
"has_discussions": true,
"forks_count": 83,
"forks_count": 84,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -183,8 +183,8 @@
"security-research"
],
"visibility": "public",
"forks": 83,
"watchers": 294,
"forks": 84,
"watchers": 295,
"score": 0,
"subscribers_count": 1
},
@ -1965,10 +1965,10 @@
"description": "CVE-2026-31431 (Copy Fail) - Analysis and Mitigation for RHEL and OpenShift",
"fork": false,
"created_at": "2026-04-30T11:01:20Z",
"updated_at": "2026-04-30T11:34:14Z",
"updated_at": "2026-05-05T20:40:07Z",
"pushed_at": "2026-04-30T11:34:11Z",
"stargazers_count": 0,
"watchers_count": 0,
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -1979,7 +1979,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 0
},
@ -2213,8 +2213,8 @@
"description": "CVE-2026-31431 golang hotfix",
"fork": false,
"created_at": "2026-04-30T12:27:15Z",
"updated_at": "2026-05-05T17:28:18Z",
"pushed_at": "2026-05-05T17:28:13Z",
"updated_at": "2026-05-05T22:37:51Z",
"pushed_at": "2026-05-05T22:38:09Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -2414,10 +2414,10 @@
"description": "CVE-2026-31431 is a bug in the handling of scatter-gather I\/O operations and page cache references in the Linux kernel cryptographic subsystem — specifically in the AF_ALG socket implementation for AEAD algorithms (crypto\/af_alg.c, crypto\/aead.c).",
"fork": false,
"created_at": "2026-04-30T13:38:34Z",
"updated_at": "2026-05-02T13:25:49Z",
"updated_at": "2026-05-05T18:58:32Z",
"pushed_at": "2026-04-30T14:46:40Z",
"stargazers_count": 3,
"watchers_count": 3,
"stargazers_count": 4,
"watchers_count": 4,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -2428,7 +2428,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 3,
"watchers": 4,
"score": 0,
"subscribers_count": 0
},
@ -3448,10 +3448,10 @@
"description": "Detection Only.. working on an exploit PoC",
"fork": false,
"created_at": "2026-04-30T20:54:56Z",
"updated_at": "2026-05-05T14:49:29Z",
"updated_at": "2026-05-05T23:21:48Z",
"pushed_at": "2026-05-01T11:26:51Z",
"stargazers_count": 8,
"watchers_count": 8,
"stargazers_count": 9,
"watchers_count": 9,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -3462,7 +3462,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 8,
"watchers": 9,
"score": 0,
"subscribers_count": 0
},
@ -6935,7 +6935,7 @@
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -6943,7 +6943,7 @@
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"forks": 1,
"watchers": 0,
"score": 0,
"subscribers_count": 0
@ -7694,8 +7694,8 @@
"description": "Mitigacion del CVE-2026-31431 BASH",
"fork": false,
"created_at": "2026-05-04T13:09:07Z",
"updated_at": "2026-05-05T18:41:17Z",
"pushed_at": "2026-05-05T18:41:13Z",
"updated_at": "2026-05-05T19:19:08Z",
"pushed_at": "2026-05-05T19:19:04Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -8125,8 +8125,8 @@
"description": "587-byte x86_64 LPE for CVE-2026-31431",
"fork": false,
"created_at": "2026-05-05T11:26:41Z",
"updated_at": "2026-05-05T14:34:23Z",
"pushed_at": "2026-05-05T14:27:38Z",
"updated_at": "2026-05-05T22:45:03Z",
"pushed_at": "2026-05-05T22:44:59Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -8290,8 +8290,8 @@
"description": null,
"fork": false,
"created_at": "2026-05-05T17:38:43Z",
"updated_at": "2026-05-05T17:40:49Z",
"pushed_at": "2026-05-05T17:40:46Z",
"updated_at": "2026-05-05T19:16:11Z",
"pushed_at": "2026-05-05T19:16:07Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -8387,5 +8387,38 @@
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1230211529,
"name": "GhostShell",
"full_name": "RazvanDuda\/GhostShell",
"owner": {
"login": "RazvanDuda",
"id": 7475595,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/7475595?v=4",
"html_url": "https:\/\/github.com\/RazvanDuda",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/RazvanDuda\/GhostShell",
"description": "CVE-2026-31431 — Local Privilege Escalation via Linux Kernel Page Cache Corruption",
"fork": false,
"created_at": "2026-05-05T19:33:48Z",
"updated_at": "2026-05-05T19:36:19Z",
"pushed_at": "2026-05-05T19:36:15Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

4
2026/CVE-2026-31802.json
View file

@ -59,8 +59,8 @@
"description": "Demonstrate and analyze the CVE-2026-31802 path traversal vulnerability in npm tar, enabling arbitrary file overwrite via symlink extraction.",
"fork": false,
"created_at": "2026-03-28T20:49:46Z",
"updated_at": "2026-05-05T13:59:29Z",
"pushed_at": "2026-05-05T13:59:25Z",
"updated_at": "2026-05-05T23:47:21Z",
"pushed_at": "2026-05-05T23:47:17Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2026/CVE-2026-33825.json
View file

@ -14,8 +14,8 @@
"description": "Microsoft Defender XDR KQL detections for RedSun, BlueHammer, UnDefend, and CVE-2026-33825-related Defender abuse behaviors.",
"fork": false,
"created_at": "2026-04-17T20:52:08Z",
"updated_at": "2026-04-29T12:45:56Z",
"pushed_at": "2026-05-05T10:30:39Z",
"updated_at": "2026-05-05T20:18:08Z",
"pushed_at": "2026-05-05T20:18:04Z",
"stargazers_count": 4,
"watchers_count": 4,
"has_discussions": false,

8
2026/CVE-2026-34486.json
View file

@ -47,10 +47,10 @@
"description": "CVE-2026-34486 Apache Tomcat EncryptInterceptor 绕过漏洞复现使用GLM5.1复现完成)",
"fork": false,
"created_at": "2026-04-15T07:30:15Z",
"updated_at": "2026-04-28T01:40:13Z",
"updated_at": "2026-05-05T21:09:39Z",
"pushed_at": "2026-04-15T07:33:28Z",
"stargazers_count": 9,
"watchers_count": 9,
"stargazers_count": 10,
"watchers_count": 10,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -61,7 +61,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 9,
"watchers": 10,
"score": 0,
"subscribers_count": 0
},

4
2026/CVE-2026-36356.json
View file

@ -14,8 +14,8 @@
"description": "CVE-2026-36356: MeiG Smart FORGE_SLT711 GoAhead - Unauthenticated OS Command Injection (RCE as root)",
"fork": false,
"created_at": "2026-05-03T20:57:17Z",
"updated_at": "2026-05-03T21:04:32Z",
"pushed_at": "2026-05-03T21:04:28Z",
"updated_at": "2026-05-05T22:51:32Z",
"pushed_at": "2026-05-05T22:51:28Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2026/CVE-2026-41651.json
View file

@ -118,7 +118,7 @@
"stargazers_count": 7,
"watchers_count": 7,
"has_discussions": false,
"forks_count": 2,
"forks_count": 3,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -126,7 +126,7 @@
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 2,
"forks": 3,
"watchers": 7,
"score": 0,
"subscribers_count": 0

147
2026/CVE-2026-41940.json
View file

@ -47,12 +47,12 @@
"description": "Post-Exploitation Session Validation Tool for CVE-2026-41940",
"fork": false,
"created_at": "2026-04-29T23:11:15Z",
"updated_at": "2026-05-04T21:02:11Z",
"updated_at": "2026-05-05T23:37:43Z",
"pushed_at": "2026-04-29T23:26:44Z",
"stargazers_count": 7,
"watchers_count": 7,
"stargazers_count": 8,
"watchers_count": 8,
"has_discussions": false,
"forks_count": 5,
"forks_count": 6,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -60,8 +60,8 @@
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 5,
"watchers": 7,
"forks": 6,
"watchers": 8,
"score": 0,
"subscribers_count": 0
},
@ -212,12 +212,12 @@
"description": "High fidelity scanner for CVE-2026-41940 (cPanel & WHM authentication bypass)",
"fork": false,
"created_at": "2026-04-30T08:11:23Z",
"updated_at": "2026-05-05T12:17:11Z",
"updated_at": "2026-05-06T00:07:15Z",
"pushed_at": "2026-04-30T08:22:31Z",
"stargazers_count": 68,
"watchers_count": 68,
"stargazers_count": 72,
"watchers_count": 72,
"has_discussions": false,
"forks_count": 17,
"forks_count": 18,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -225,8 +225,8 @@
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 17,
"watchers": 68,
"forks": 18,
"watchers": 72,
"score": 0,
"subscribers_count": 1
},
@ -317,8 +317,8 @@
"description": "Detection, mitigation, and reverse-engineering tooling for CVE-2026-41940 (SessionScribe): the cPanel\/WHM unauthenticated session-forgery vulnerability disclosed 2026-04-28. Defense-in-depth active mitigation shim, ModSec rule pack, remote probe, on-host IOC scanner, and per-tier RE snapshot collector. GPL v2.",
"fork": false,
"created_at": "2026-04-30T14:32:43Z",
"updated_at": "2026-05-05T17:17:48Z",
"pushed_at": "2026-05-05T17:17:44Z",
"updated_at": "2026-05-05T19:32:36Z",
"pushed_at": "2026-05-05T19:32:06Z",
"stargazers_count": 9,
"watchers_count": 9,
"has_discussions": false,
@ -738,12 +738,12 @@
"description": "CVE-2026-41940 — cPanel & WHM Authentication Bypass via Session-File CRLF Injection",
"fork": false,
"created_at": "2026-05-01T12:09:26Z",
"updated_at": "2026-05-05T18:15:43Z",
"updated_at": "2026-05-05T22:28:19Z",
"pushed_at": "2026-05-01T12:10:32Z",
"stargazers_count": 317,
"watchers_count": 317,
"stargazers_count": 320,
"watchers_count": 320,
"has_discussions": false,
"forks_count": 96,
"forks_count": 97,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -751,8 +751,8 @@
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 96,
"watchers": 317,
"forks": 97,
"watchers": 320,
"score": 0,
"subscribers_count": 1
},
@ -926,10 +926,10 @@
"description": null,
"fork": false,
"created_at": "2026-05-01T16:27:38Z",
"updated_at": "2026-05-05T18:00:48Z",
"updated_at": "2026-05-05T21:03:29Z",
"pushed_at": "2026-05-01T16:35:37Z",
"stargazers_count": 35,
"watchers_count": 35,
"stargazers_count": 39,
"watchers_count": 39,
"has_discussions": false,
"forks_count": 9,
"allow_forking": true,
@ -940,7 +940,7 @@
"topics": [],
"visibility": "public",
"forks": 9,
"watchers": 35,
"watchers": 39,
"score": 0,
"subscribers_count": 0
},
@ -1694,5 +1694,104 @@
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1229998345,
"name": "CVE-2026-41940-Detection",
"full_name": "Unfold-Security\/CVE-2026-41940-Detection",
"owner": {
"login": "Unfold-Security",
"id": 229762417,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/229762417?v=4",
"html_url": "https:\/\/github.com\/Unfold-Security",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/Unfold-Security\/CVE-2026-41940-Detection",
"description": "Detection signatures for CVE-2026-41940 and shemas for cPanel logs",
"fork": false,
"created_at": "2026-05-05T15:22:44Z",
"updated_at": "2026-05-05T19:59:40Z",
"pushed_at": "2026-05-05T18:03:01Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1230316885,
"name": "cpanel-pwn",
"full_name": "Richflexpix\/cpanel-pwn",
"owner": {
"login": "Richflexpix",
"id": 278217678,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/278217678?v=4",
"html_url": "https:\/\/github.com\/Richflexpix",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/Richflexpix\/cpanel-pwn",
"description": "cPanel\/WHM CVE-2026-41940 CRLF injection auth bypass exploit",
"fork": false,
"created_at": "2026-05-05T22:06:49Z",
"updated_at": "2026-05-05T22:39:28Z",
"pushed_at": "2026-05-05T22:39:23Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
},
{
"id": 1230365631,
"name": "cpanelCVE",
"full_name": "bughunt4me\/cpanelCVE",
"owner": {
"login": "bughunt4me",
"id": 249512181,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/249512181?v=4",
"html_url": "https:\/\/github.com\/bughunt4me",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/bughunt4me\/cpanelCVE",
"description": "CVE-2026-41940 Auto Root Login",
"fork": false,
"created_at": "2026-05-05T23:39:59Z",
"updated_at": "2026-05-06T00:41:10Z",
"pushed_at": "2026-05-06T00:40:23Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 0
}
]

8
2026/CVE-2026-6508.json
View file

@ -14,10 +14,10 @@
"description": "CVE-2026-6508 && CVE-2026-6509 LiderAhenk Merkezi Yönetim Sistemi mimarisinde, uç birimler (agents) arası tüm istemcilerin birbirleri üzerinde 'root' yetkisiyle kod çalıştırılmasına (unauthorized rce & lateral movement) olanak tanıyan kritik güvenlik zafiyeti.",
"fork": false,
"created_at": "2026-03-10T00:51:19Z",
"updated_at": "2026-05-05T15:45:31Z",
"updated_at": "2026-05-05T19:48:18Z",
"pushed_at": "2026-04-17T12:58:44Z",
"stargazers_count": 1,
"watchers_count": 1,
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -28,7 +28,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 1,
"watchers": 2,
"score": 0,
"subscribers_count": 0
}

35
2026/CVE-2026-7482.json Normal file
View file

@ -0,0 +1,35 @@
[
{
"id": 1230228315,
"name": "CVE-2026-7482-PoC",
"full_name": "0x0OZ\/CVE-2026-7482-PoC",
"owner": {
"login": "0x0OZ",
"id": 52073989,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/52073989?v=4",
"html_url": "https:\/\/github.com\/0x0OZ",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/0x0OZ\/CVE-2026-7482-PoC",
"description": "1day vuln research I guess",
"fork": false,
"created_at": "2026-05-05T19:55:32Z",
"updated_at": "2026-05-05T20:08:39Z",
"pushed_at": "2026-05-05T20:08:35Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"has_pull_requests": true,
"pull_request_creation_policy": "all",
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

4
2026/CVE-2026-7669.json
View file

@ -14,8 +14,8 @@
"description": "PoC for CVE-2026-7669: SGLang silent trust_remote_code override -> RCE",
"fork": false,
"created_at": "2026-05-04T00:58:27Z",
"updated_at": "2026-05-04T01:25:20Z",
"pushed_at": "2026-05-04T01:25:15Z",
"updated_at": "2026-05-05T21:15:11Z",
"pushed_at": "2026-05-05T21:15:07Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

82
README.md
View file

@ -15,6 +15,14 @@
- [mobilehackinglab/CVE-2026-0047-poc](https://github.com/mobilehackinglab/CVE-2026-0047-poc)
### CVE-2026-0073 (2026-05-04)
<code>In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for exploitation.
</code>
- [novaek/CVE-2026-0073-Research](https://github.com/novaek/CVE-2026-0073-Research)
- [SecTestAnnaQuinn/CVE-2026-0073-Android-adbd-authentication-bypass-POC](https://github.com/SecTestAnnaQuinn/CVE-2026-0073-Android-adbd-authentication-bypass-POC)
### CVE-2026-0603 (2026-01-23)
<code>A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application's database, resulting in an application level denial of service.
@ -317,13 +325,6 @@
- [watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699](https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699)
- [0xBlackash/CVE-2026-2699](https://github.com/0xBlackash/CVE-2026-2699)
### CVE-2026-2763 (2026-02-24)
<code>Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
</code>
- [ppwwiinn/CVE-2026-2763-POC](https://github.com/ppwwiinn/CVE-2026-2763-POC)
### CVE-2026-2796 (2026-02-24)
<code>JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
@ -841,6 +842,13 @@
- [Xmyronn/CVE-2026-7401-XSS](https://github.com/Xmyronn/CVE-2026-7401-XSS)
### CVE-2026-7482 (2026-05-04)
<code>Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and server/quantization.go (WriteTo()), the server reads past the allocated heap buffer. The leaked memory contents may include environment variables, API keys, system prompts, and concurrent users' conversation data, and can be exfiltrated by uploading the resulting model artifact through the /api/push endpoint to an attacker-controlled registry. The /api/create and /api/push endpoints have no authentication in the upstream distribution. Default deployments bind to 127.0.0.1, but the documented OLLAMA_HOST=0.0.0.0 configuration is widely used in practice (large public-internet exposure observed).
</code>
- [0x0OZ/CVE-2026-7482-PoC](https://github.com/0x0OZ/CVE-2026-7482-PoC)
### CVE-2026-7567 (2026-05-01)
<code>The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybe_login_temporary_user() function, which fails to verify that the 'temp-login-token' GET parameter is a scalar string before processing it. When the parameter is supplied as an array, PHP's empty() check is bypassed and sanitize_key() returns an empty string, which is then passed as the meta_value to get_users(). WordPress ignores an empty meta_value and returns all users matching the meta_key '_temporary_login_token', allowing authentication without a valid token. This makes it possible for unauthenticated attackers to authenticate as any active temporary login user by sending a single crafted GET request.
@ -874,9 +882,6 @@
<code>A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.\r\n\r\nThis vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root&amp;nbsp;user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.&amp;nbsp;
</code>
- [zerozenxlabs/CVE-2026-20127---Cisco-SD-WAN-Preauth-RCE](https://github.com/zerozenxlabs/CVE-2026-20127---Cisco-SD-WAN-Preauth-RCE)
- [randeepajayasekara/CVE-2026-20127](https://github.com/randeepajayasekara/CVE-2026-20127)
- [BugFor-Pings/CVE-2026-20127_EXP](https://github.com/BugFor-Pings/CVE-2026-20127_EXP)
- [yonathanpy/CVE-2026-20127-Cisco-SD-WAN-Preauth-RCE](https://github.com/yonathanpy/CVE-2026-20127-Cisco-SD-WAN-Preauth-RCE)
- [abrahamsurf/sdwan-scanner-CVE-2026-20127](https://github.com/abrahamsurf/sdwan-scanner-CVE-2026-20127)
- [sfewer-r7/CVE-2026-20127](https://github.com/sfewer-r7/CVE-2026-20127)
@ -973,19 +978,11 @@
- [kaleth4/CVE-2026-21250](https://github.com/kaleth4/CVE-2026-21250)
### CVE-2026-21385 (2026-03-02)
<code>Memory corruption while using alignments for memory allocation.
</code>
- [automate-it0/qualcomm-vulnerability-scanner](https://github.com/automate-it0/qualcomm-vulnerability-scanner)
### CVE-2026-21509 (2026-01-26)
<code>Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
</code>
- [suuhm/CVE-2026-21509-handler](https://github.com/suuhm/CVE-2026-21509-handler)
- [DameDode/CVE-2026-21509-POC](https://github.com/DameDode/CVE-2026-21509-POC)
### CVE-2026-21514 (2026-02-10)
@ -1158,13 +1155,6 @@
- [keraattin/CVE-2026-22679](https://github.com/keraattin/CVE-2026-22679)
### CVE-2026-22686 (2026-01-13)
<code>Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool invocation fails, enclave-vm exposes a host-side Error object to sandboxed code. This Error object retains its host realm prototype chain, which can be traversed to reach the host Function constructor. An attacker can intentionally trigger a host error, then climb the prototype chain. Using the host Function constructor, arbitrary JavaScript can be compiled and executed in the host context, fully bypassing the sandbox and granting access to sensitive resources such as process.env, filesystem, and network. This breaks enclave-vms core security guarantee of isolating untrusted code. This vulnerability is fixed in 2.7.0.
</code>
- [moltengama/CVE-2026-22686-RemoteCodeExecution-RCE-PoC](https://github.com/moltengama/CVE-2026-22686-RemoteCodeExecution-RCE-PoC)
### CVE-2026-22692 (2026-04-14)
<code>October is a Content Management System (CMS) and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in the optional Twig safe mode feature (CMS_SAFE_MODE). Certain methods on the collect() helper were not properly restricted, allowing authenticated users with template editing permissions to bypass sandbox protections. Exploitation requires authenticated backend access with CMS template editing permissions and only affects installations with CMS_SAFE_MODE enabled (disabled by default). This issue has been fixed in versions 3.7.13 and 4.1.5. To workaround this issue, users can disable CMS_SAFE_MODE if untrusted template editing is not required, and restrict CMS template editing permissions to fully trusted administrators only.
@ -1614,6 +1604,13 @@
- [j-dahl7/mcp-attack-detection-sentinel](https://github.com/j-dahl7/mcp-attack-detection-sentinel)
### CVE-2026-26128 (2026-03-10)
<code>Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.
</code>
- [jarnovandenbrink/CVE-2026-26128](https://github.com/jarnovandenbrink/CVE-2026-26128)
### CVE-2026-26198 (2026-02-24)
<code>Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into `sqlalchemy.text()` without any validation or sanitization. The `min()` and `max()` methods in the `QuerySet` class accept arbitrary string input as the column parameter. While `sum()` and `avg()` are partially protected by an `is_numeric` type check that rejects non-existent fields, `min()` and `max()` skip this validation entirely. As a result, an attacker-controlled string is embedded as raw SQL inside the aggregate function call. Any unauthorized user can exploit this vulnerability to read the entire database contents, including tables unrelated to the queried model, by injecting a subquery as the column parameter. Version 0.23.0 contains a patch.
@ -1636,13 +1633,6 @@
- [Acen28/CVE-2026-26399-Disclosure](https://github.com/Acen28/CVE-2026-26399-Disclosure)
### CVE-2026-26416 (2026-03-05)
<code>An authorization bypass vulnerability in Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to escalate privileges across role boundaries via crafted requests.
</code>
- [aksalsalimi/CVE-2026-26416](https://github.com/aksalsalimi/CVE-2026-26416)
### CVE-2026-26417 (2026-03-05)
<code>A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts via crafted requests.
@ -1774,13 +1764,6 @@
- [lukasz-rybak/CVE-2026-27621](https://github.com/lukasz-rybak/CVE-2026-27621)
### CVE-2026-27636 (2026-02-25)
<code>FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's file upload restriction list in `app/Misc/Helper.php` does not include `.htaccess` or `.user.ini` files. On Apache servers with `AllowOverride All` (a common configuration), an authenticated user can upload a `.htaccess` file to redefine how files are processed, enabling Remote Code Execution. This vulnerability can be exploited on its own or in combination with CVE-2026-27637. Version 1.8.206 fixes both vulnerabilities.
</code>
- [rav1010/CVE-2026-27636](https://github.com/rav1010/CVE-2026-27636)
### CVE-2026-27654 (2026-03-24)
<code>NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names outside the document root. This issue affects NGINX Open Source and NGINX Plus when the configuration file uses DAV module MOVE or COPY methods, prefix location (nonregular expression location configuration), and alias directives. The integrity impact is constrained because the NGINX worker process user has low privileges and does not have access to the entire system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
@ -1939,6 +1922,7 @@
- [jake-young-dev/CVE-2026-29000](https://github.com/jake-young-dev/CVE-2026-29000)
- [strikoder/CVE-2026-29000-pac4j-jwt](https://github.com/strikoder/CVE-2026-29000-pac4j-jwt)
- [ledksv/Principal-HackTheBox](https://github.com/ledksv/Principal-HackTheBox)
- [zF-tm/CVE-2026-29000](https://github.com/zF-tm/CVE-2026-29000)
### CVE-2026-29041 (2026-03-06)
@ -2496,6 +2480,7 @@
- [Raptoratack/CopyFail-Scanner-CVE-2026-31431](https://github.com/Raptoratack/CopyFail-Scanner-CVE-2026-31431)
- [devtint/CVE-2026-31431](https://github.com/devtint/CVE-2026-31431)
- [mrmtwoj/ubuntu-cve-2026-31431-mitigation](https://github.com/mrmtwoj/ubuntu-cve-2026-31431-mitigation)
- [RazvanDuda/GhostShell](https://github.com/RazvanDuda/GhostShell)
### CVE-2026-31717 (2026-05-01)
@ -2667,7 +2652,11 @@
- [MichaelAdamGroberman/CVE-2026-32662](https://github.com/MichaelAdamGroberman/CVE-2026-32662)
### CVE-2026-32699
### CVE-2026-32699 (2026-05-05)
<code>FacturaScripts is an open source accounting and invoicing software. In versions 2025.92 and earlier, the application fails to validate the nick parameter during a POST request to the EditUser controller. Although the user interface prevents editing this field, a user can bypass this restriction by intercepting the request and modifying the nick form-data parameter to rename any account, including the administrator account. This leads to unauthorized modification of a field intended to be immutable.
</code>
- [TurkiOS/cve-2026-32699-facturascripts-nick-bypass](https://github.com/TurkiOS/cve-2026-32699-facturascripts-nick-bypass)
### CVE-2026-32722 (2026-03-18)
@ -3623,6 +3612,9 @@
- [iSee857/cPanel-WHM-CVE-2026-41940-AuthBypass](https://github.com/iSee857/cPanel-WHM-CVE-2026-41940-AuthBypass)
- [itsismarcos/CVE-2026-41940](https://github.com/itsismarcos/CVE-2026-41940)
- [ZildanZ/CVE-2026-41940](https://github.com/ZildanZ/CVE-2026-41940)
- [Unfold-Security/CVE-2026-41940-Detection](https://github.com/Unfold-Security/CVE-2026-41940-Detection)
- [Richflexpix/cpanel-pwn](https://github.com/Richflexpix/cpanel-pwn)
- [bughunt4me/cpanelCVE](https://github.com/bughunt4me/cpanelCVE)
### CVE-2026-42141
- [H4zaz/CVE-2026-42141-xibo-ssrf](https://github.com/H4zaz/CVE-2026-42141-xibo-ssrf)
@ -5087,6 +5079,13 @@
- [d0n601/CVE-2025-6220](https://github.com/d0n601/CVE-2025-6220)
### CVE-2025-6264 (2025-06-20)
<code>Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions.  To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch.\n\nThe Admin.Client.UpdateClientConfig is an artifact used to update the client's configuration. This artifact did not enforce an additional required permission, allowing users with COLLECT_CLIENT permissions (normally given by the &quot;Investigator&quot; role) to collect it from endpoints and update the configuration. \n\nThis can lead to arbitrary command execution and endpoint takeover.\n\nTo successfully exploit this vulnerability the user must already have access to collect artifacts from the endpoint (i.e. have the COLLECT_CLIENT given typically by the &quot;Investigator' role).
</code>
- [Mauzy0x00/velociraptor_CVE-2025-6264_PoC](https://github.com/Mauzy0x00/velociraptor_CVE-2025-6264_PoC)
### CVE-2025-6335 (2025-06-20)
<code>Eine kritische Schwachstelle wurde in DedeCMS bis 5.7.2 gefunden. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /include/dedetag.class.php der Komponente Template Handler. Durch das Manipulieren des Arguments notes mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
@ -6819,6 +6818,7 @@
- [MrAle98/CVE-2025-21333-POC](https://github.com/MrAle98/CVE-2025-21333-POC)
- [aleongx/KQL_sentinel_CVE-2025-21333](https://github.com/aleongx/KQL_sentinel_CVE-2025-21333)
- [nu1lptr0/CVE-2025-21333](https://github.com/nu1lptr0/CVE-2025-21333)
### CVE-2025-21385 (2025-01-09)
@ -31165,6 +31165,7 @@
- [Naveenbana5250/CVE-2023-34362-Defense-Package](https://github.com/Naveenbana5250/CVE-2023-34362-Defense-Package)
- [khengar9274-web/moveit-transfer-2023-breach](https://github.com/khengar9274-web/moveit-transfer-2023-breach)
- [tubaaiftikhar-ui/MOVEit-Transfer-Data-Breach-Analysis.](https://github.com/tubaaiftikhar-ui/MOVEit-Transfer-Data-Breach-Analysis.)
- [KarmanyaT28/Multi-Stage-Exploitation-and-Detection-Engineering-Analysis-of-CVE-2023-34362-in-MOVEit-Transfer](https://github.com/KarmanyaT28/Multi-Stage-Exploitation-and-Detection-Engineering-Analysis-of-CVE-2023-34362-in-MOVEit-Transfer)
### CVE-2023-34468 (2023-06-12)
@ -35131,7 +35132,6 @@
- [LtmThink/CVE-2023-51385_test](https://github.com/LtmThink/CVE-2023-51385_test)
- [WLaoDuo/CVE-2023-51385_poc-test](https://github.com/WLaoDuo/CVE-2023-51385_poc-test)
- [power1314520/CVE-2023-51385_test](https://github.com/power1314520/CVE-2023-51385_test)
- [julienbrs/exploit-CVE-2023-51385](https://github.com/julienbrs/exploit-CVE-2023-51385)
- [julienbrs/malicious-exploit-CVE-2023-51385](https://github.com/julienbrs/malicious-exploit-CVE-2023-51385)
- [Sonicrrrr/CVE-2023-51385](https://github.com/Sonicrrrr/CVE-2023-51385)
- [farliy-hacker/CVE-2023-51385](https://github.com/farliy-hacker/CVE-2023-51385)