{"pocs":[{"id":"1175219479","cve_id":"CVE-2026-1492","name":"CVE-2026-1492-POC","owner":"dreamboyim66-boop","full_name":"dreamboyim66-boop\/CVE-2026-1492-POC","html_url":"https:\/\/github.com\/dreamboyim66-boop\/CVE-2026-1492-POC","description":"User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration","stargazers_count":"0","vuln_description":"The User Registration & Membership \u2013 Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and including, 5.1.2. This is due to the plugin accepting a user-supplied role during membership registration without properly enforcing a server-side allowlist. This makes it possible for unauthenticated attackers to create administrator accounts by supplying a role value during membership registration.","created_at":"2026-03-07 21:01:53","updated_at":"2026-03-07 21:03:41","pushed_at":"2026-03-07 21:03:38","inserted_at":"2026-03-07 22:36:06"},{"id":"1175192277","cve_id":"CVE-2020-1350","name":"CVE-2020-1350-SigRed","owner":"sty886","full_name":"sty886\/CVE-2020-1350-SigRed","html_url":"https:\/\/github.com\/sty886\/CVE-2020-1350-SigRed","description":"CVE-2020-1350\u7684PoC","stargazers_count":"0","vuln_description":"A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.","created_at":"2026-03-07 20:10:17","updated_at":"2026-03-07 21:11:39","pushed_at":"2026-03-07 21:11:36","inserted_at":"2026-03-07 22:36:01"},{"id":"1175114004","cve_id":"CVE-2025-60787","name":"CVE-2025-60787-MotionEye-RCE","owner":"Rohitberiwala","full_name":"Rohitberiwala\/CVE-2025-60787-MotionEye-RCE","html_url":"https:\/\/github.com\/Rohitberiwala\/CVE-2025-60787-MotionEye-RCE","description":"Professional PoC for CVE-2025-60787: Remote Code Execution in MotionEye (<= 0.43.1b4). This exploit demonstrates an OS Command Injection vulnerability through client-side validation bypass, allowing attackers to execute arbitrary commands via configuration files.","stargazers_count":"0","vuln_description":"MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.","created_at":"2026-03-07 17:45:30","updated_at":"2026-03-07 17:53:24","pushed_at":"2026-03-07 17:53:21","inserted_at":"2026-03-07 22:36:06"}]}