{"pocs":[{"id":"1237694722","cve_id":"CVE-2025-67303","name":"CVE-2025-67303","owner":"jcaz2378","full_name":"jcaz2378\/CVE-2025-67303","html_url":"https:\/\/github.com\/jcaz2378\/CVE-2025-67303","description":"Git CVE-2025-67303 payload","stargazers_count":"0","vuln_description":"An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface","created_at":"2026-05-13 21:23:22","updated_at":"2026-05-13 21:24:24","pushed_at":"2026-05-13 21:23:40","inserted_at":"2026-05-13 22:36:31"},{"id":"1237635372","cve_id":"CVE-2026-45321","name":"mini-shai-hulud-scanner","owner":"Intrudify","full_name":"Intrudify\/mini-shai-hulud-scanner","html_url":"https:\/\/github.com\/Intrudify\/mini-shai-hulud-scanner","description":"Scanner for the Mini Shai-Hulud npm\/PyPI supply chain worm (NHS CC-4781 \u00b7 CVE-2026-45321). Detects gh-token-monitor persistence, payload artefacts, and attacker commits. Python, Bash, PowerShell.","stargazers_count":"0","vuln_description":"On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack\/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack\/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes \u2014 a pull_request_target \"Pwn Request\" misconfiguration, GitHub Actions cache poisoning across the fork\u2194base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process \u2014 to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.","created_at":"2026-05-13 20:12:50","updated_at":"2026-05-13 20:34:39","pushed_at":"2026-05-13 20:34:35","inserted_at":"2026-05-13 22:36:32"},{"id":"1237516631","cve_id":"CVE-2026-31431","name":"Copyfail-sh","owner":"Koshmare-Blossom","full_name":"Koshmare-Blossom\/Copyfail-sh","html_url":"https:\/\/github.com\/Koshmare-Blossom\/Copyfail-sh","description":"A Bash implementation of copyfail (CVE-2026-31431)","stargazers_count":"1","vuln_description":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly.","created_at":"2026-05-13 17:55:17","updated_at":"2026-05-13 21:15:22","pushed_at":"2026-05-13 18:07:12","inserted_at":"2026-05-13 22:36:32"},{"id":"1237498749","cve_id":"CVE-2026-31156","name":"CVE-2026-31156","owner":"unicorn-hyh","full_name":"unicorn-hyh\/CVE-2026-31156","html_url":"https:\/\/github.com\/unicorn-hyh\/CVE-2026-31156","description":"There is a path injection vulnerability in OpenPLC-v3, which arises from the program not performing any validity checks on the file path parameters passed in from the command line. Attackers can read any readable file by constructing malicious paths, posing a risk of information leakage.","stargazers_count":"0","vuln_description":null,"created_at":"2026-05-13 17:34:45","updated_at":"2026-05-13 18:45:41","pushed_at":"2026-05-13 18:45:25","inserted_at":"2026-05-13 22:36:32"},{"id":"1237419923","cve_id":"CVE-2026-8196","name":"CVE-2026-8196","owner":"HORKimhab","full_name":"HORKimhab\/CVE-2026-8196","html_url":"https:\/\/github.com\/HORKimhab\/CVE-2026-8196","description":"CVE-2026-8196","stargazers_count":"0","vuln_description":"A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system\/jeecg-system-biz\/src\/main\/java\/org\/jeecg\/modules\/system\/controller\/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.","created_at":"2026-05-13 16:01:17","updated_at":"2026-05-13 16:05:21","pushed_at":"2026-05-13 16:05:14","inserted_at":"2026-05-13 22:36:32"},{"id":"1237401826","cve_id":"CVE-2026-0001","name":"CVE-2026-0001","owner":"HORKimhab","full_name":"HORKimhab\/CVE-2026-0001","html_url":"https:\/\/github.com\/HORKimhab\/CVE-2026-0001","description":"CVE-2026-0001. Do with your own risk","stargazers_count":"0","vuln_description":null,"created_at":"2026-05-13 15:38:16","updated_at":"2026-05-13 15:46:41","pushed_at":"2026-05-13 15:46:37","inserted_at":"2026-05-13 16:36:31"},{"id":"1237366425","cve_id":"CVE-2026-44578","name":"verify-ghsa-c4j6-fc7j-m34r","owner":"panchocosil","full_name":"panchocosil\/verify-ghsa-c4j6-fc7j-m34r","html_url":"https:\/\/github.com\/panchocosil\/verify-ghsa-c4j6-fc7j-m34r","description":"OOB verifier for GHSA-c4j6-fc7j-m34r \/ CVE-2026-44578 (Next.js WebSocket-upgrade SSRF)","stargazers_count":"0","vuln_description":null,"created_at":"2026-05-13 14:49:11","updated_at":"2026-05-13 15:31:57","pushed_at":"2026-05-13 15:31:53","inserted_at":"2026-05-13 16:36:31"},{"id":"1237310853","cve_id":"CVE-2019-9053","name":"SimpleCTF-THM-Relatory","owner":"paulameg","full_name":"paulameg\/SimpleCTF-THM-Relatory","html_url":"https:\/\/github.com\/paulameg\/SimpleCTF-THM-Relatory","description":"First CTF successfully completed! This repo documents my walkthrough of TryHackMe's Simple CTF. It covers network reconnaissance (Nmap), web exploitation (CVE-2019-9053), and credential cracking. As a dev, it was great to pivot from SQLi to a Root shell by leveraging Sudo misconfigurations. Educational purposes only. ","stargazers_count":"0","vuln_description":"An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.","created_at":"2026-05-13 13:17:22","updated_at":"2026-05-13 13:19:53","pushed_at":"2026-05-13 13:19:50","inserted_at":"2026-05-13 16:36:27"},{"id":"1237309226","cve_id":"CVE-2023-20938","name":"cve-2023-20938","owner":"Cyb3rCr0wCC","full_name":"Cyb3rCr0wCC\/cve-2023-20938","html_url":"https:\/\/github.com\/Cyb3rCr0wCC\/cve-2023-20938","description":"My note while studying cve-2023-20938 vulnerability.","stargazers_count":"0","vuln_description":"In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257685302References: Upstream kernel","created_at":"2026-05-13 13:14:22","updated_at":"2026-05-13 13:20:00","pushed_at":"2026-05-13 13:19:56","inserted_at":"2026-05-13 16:36:29"},{"id":"1237291395","cve_id":"CVE-2025-54236","name":"magento-upload-auto-submit-zoneh","owner":"Jenderal92","full_name":"Jenderal92\/magento-upload-auto-submit-zoneh","html_url":"https:\/\/github.com\/Jenderal92\/magento-upload-auto-submit-zoneh","description":"SessionReaper-CVE-2025-54236","stargazers_count":"0","vuln_description":"Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.","created_at":"2026-05-13 12:42:51","updated_at":"2026-05-13 13:38:45","pushed_at":"2026-05-13 13:38:42","inserted_at":"2026-05-13 16:36:30"},{"id":"1237284854","cve_id":"CVE-2017-0144","name":"eternalblue-ms17-010-research","owner":"trinadh-dasari-cyber","full_name":"trinadh-dasari-cyber\/eternalblue-ms17-010-research","html_url":"https:\/\/github.com\/trinadh-dasari-cyber\/eternalblue-ms17-010-research","description":"Controlled reproduction of CVE-2017-0144 (EternalBlue) in an isolated AWS EC2 lab \u2014 exploit analysis, Wireshark traffic capture, and MITRE ATT&CK mapping","stargazers_count":"0","vuln_description":"The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows SMB Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.","created_at":"2026-05-13 12:31:47","updated_at":"2026-05-13 12:32:12","pushed_at":"2026-05-13 12:32:09","inserted_at":"2026-05-13 16:36:27"},{"id":"1237230551","cve_id":"CVE-2026-31431","name":"SplicePrivillegeEscalationFIX","owner":"DroPZsec","full_name":"DroPZsec\/SplicePrivillegeEscalationFIX","html_url":"https:\/\/github.com\/DroPZsec\/SplicePrivillegeEscalationFIX","description":"this little script blocks the new splice-ram-privlilleg ecalation fastly befor the contributers do it ( CVE-2026-31431)  (CopyFail fix)","stargazers_count":"0","vuln_description":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly.","created_at":"2026-05-13 11:01:30","updated_at":"2026-05-13 11:14:23","pushed_at":"2026-05-13 11:02:08","inserted_at":"2026-05-13 16:36:31"},{"id":"1237228334","cve_id":"CVE-2024-44258","name":"SparstanBoogie-CVE-2024-44258","owner":"fuzzlove","full_name":"fuzzlove\/SparstanBoogie-CVE-2024-44258","html_url":"https:\/\/github.com\/fuzzlove\/SparstanBoogie-CVE-2024-44258","description":"CVE-2024-44258","stargazers_count":"1","vuln_description":"This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.","created_at":"2026-05-13 10:57:49","updated_at":"2026-05-13 11:17:45","pushed_at":"2026-05-13 11:11:10","inserted_at":"2026-05-13 16:36:30"},{"id":"1237161931","cve_id":"CVE-2026-45321","name":"shai-hulud-scan","owner":"shayr1","full_name":"shayr1\/shai-hulud-scan","html_url":"https:\/\/github.com\/shayr1\/shai-hulud-scan","description":"Claude Code skill to scan machines for Mini Shai-Hulud (CVE-2026-45321) supply chain worm IOCs","stargazers_count":"0","vuln_description":"On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack\/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack\/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes \u2014 a pull_request_target \"Pwn Request\" misconfiguration, GitHub Actions cache poisoning across the fork\u2194base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process \u2014 to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.","created_at":"2026-05-13 08:54:59","updated_at":"2026-05-13 09:01:04","pushed_at":"2026-05-13 09:01:00","inserted_at":"2026-05-13 10:36:31"},{"id":"1237135474","cve_id":"CVE-2024-21413","name":"monikerlinktest","owner":"KaiHaoChen04","full_name":"KaiHaoChen04\/monikerlinktest","html_url":"https:\/\/github.com\/KaiHaoChen04\/monikerlinktest","description":"cve-2024-21413","stargazers_count":"0","vuln_description":"Microsoft Outlook Remote Code Execution Vulnerability","created_at":"2026-05-13 08:00:12","updated_at":"2026-05-13 08:05:04","pushed_at":"2026-05-13 08:05:01","inserted_at":"2026-05-13 10:36:30"},{"id":"1237076626","cve_id":"CVE-2025-29927","name":"auth-header-trust-rules","owner":"bk-security","full_name":"bk-security\/auth-header-trust-rules","html_url":"https:\/\/github.com\/bk-security\/auth-header-trust-rules","description":"Semgrep rules that flag header-trust auth bypass patterns (CVE-2025-29927 class). Companion to bk-security.github.io.","stargazers_count":"0","vuln_description":"Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.","created_at":"2026-05-13 06:15:47","updated_at":"2026-05-13 06:15:55","pushed_at":"2026-05-13 06:15:50","inserted_at":"2026-05-13 10:36:31"},{"id":"1237076521","cve_id":"CVE-2024-2961","name":"demo-php-cve-2024-2961","owner":"rcribelar-nucleus","full_name":"rcribelar-nucleus\/demo-php-cve-2024-2961","html_url":"https:\/\/github.com\/rcribelar-nucleus\/demo-php-cve-2024-2961","description":"PHP RCE CVE-2024-2961 Nucleus Hackathon Demo","stargazers_count":"0","vuln_description":"The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\n","created_at":"2026-05-13 06:15:39","updated_at":"2026-05-13 06:19:41","pushed_at":"2026-05-13 06:19:37","inserted_at":"2026-05-13 10:36:30"},{"id":"1237045364","cve_id":"CVE-2024-0582","name":"CVE-2024-0582","owner":"nanabingies","full_name":"nanabingies\/CVE-2024-0582","html_url":"https:\/\/github.com\/nanabingies\/CVE-2024-0582","description":"An exploit for a Use-After-Free vulnerability in the io_uring subsystem in the linux kernel","stargazers_count":"0","vuln_description":"A memory leak flaw was found in the Linux kernel\u2019s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.","created_at":"2026-05-13 05:29:01","updated_at":"2026-05-13 07:23:30","pushed_at":"2026-05-13 07:23:26","inserted_at":"2026-05-13 10:36:30"},{"id":"1237037761","cve_id":"CVE-2026-45321","name":"scan-shai-hulud","owner":"qi-scape","full_name":"qi-scape\/scan-shai-hulud","html_url":"https:\/\/github.com\/qi-scape\/scan-shai-hulud","description":"Detect CVE-2026-45321 Mini Shai-Hulud supply chain compromise \u2014 scans for 170 npm + 2 PyPI poisoned packages across TanStack, Mistral AI, UiPath, OpenSearch, Guardrails AI","stargazers_count":"0","vuln_description":"On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack\/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack\/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes \u2014 a pull_request_target \"Pwn Request\" misconfiguration, GitHub Actions cache poisoning across the fork\u2194base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process \u2014 to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.","created_at":"2026-05-13 05:18:18","updated_at":"2026-05-13 07:41:35","pushed_at":"2026-05-13 07:41:31","inserted_at":"2026-05-13 10:36:31"},{"id":"1237024116","cve_id":"CVE-2026-45321","name":"tanstack-shield","owner":"Caixa-git","full_name":"Caixa-git\/tanstack-shield","html_url":"https:\/\/github.com\/Caixa-git\/tanstack-shield","description":"\ud83d\udee1\ufe0f One-command scanner for CVE-2026-45321 \u2014 TanStack npm supply-chain attack","stargazers_count":"0","vuln_description":"On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack\/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack\/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes \u2014 a pull_request_target \"Pwn Request\" misconfiguration, GitHub Actions cache poisoning across the fork\u2194base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process \u2014 to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.","created_at":"2026-05-13 04:58:56","updated_at":"2026-05-13 05:14:11","pushed_at":"2026-05-13 05:14:07","inserted_at":"2026-05-13 10:36:31"},{"id":"1236925198","cve_id":"CVE-2026-45185","name":"Dead.Letter-CVE-2026-45185","owner":"liamromanis101","full_name":"liamromanis101\/Dead.Letter-CVE-2026-45185","html_url":"https:\/\/github.com\/liamromanis101\/Dead.Letter-CVE-2026-45185","description":"Dead.Letter CVE-2026-45185 EXIM Vulnerability Detection Script","stargazers_count":"0","vuln_description":"Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.","created_at":"2026-05-13 02:51:05","updated_at":"2026-05-13 06:36:31","pushed_at":"2026-05-13 06:34:16","inserted_at":"2026-05-13 10:36:31"},{"id":"1236889263","cve_id":"CVE-2026-35455","name":"immich-exfiltration-demo","owner":"emanuelepns","full_name":"emanuelepns\/immich-exfiltration-demo","html_url":"https:\/\/github.com\/emanuelepns\/immich-exfiltration-demo","description":"Cybersecurity demo exploiting CVE-2026-35455 with automatic API key generation and exfiltration","stargazers_count":"0","vuln_description":"immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting (XSS) in the 360\u00b0 panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious panorama with the OCR overlay enabled. The attacker uploads an equirectangular image containing crafted text; OCR extracts it, and the panorama viewer renders it via innerHTML without sanitization. This enables session hijacking (via persistent API key creation), private photo exfiltration, and access to GPS location history and face biometric data. This vulnerability is fixed in 2.7.0.","created_at":"2026-05-13 02:08:09","updated_at":"2026-05-13 02:16:46","pushed_at":"2026-05-13 02:08:10","inserted_at":"2026-05-13 04:36:30"},{"id":"1236864518","cve_id":"CVE-2026-6664","name":"bouncer-overflow","owner":"nicolasjulian","full_name":"nicolasjulian\/bouncer-overflow","html_url":"https:\/\/github.com\/nicolasjulian\/bouncer-overflow","description":"Working POC of CVE-2026-6664 written by Sonnet 4.6","stargazers_count":"0","vuln_description":"An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.","created_at":"2026-05-13 01:39:59","updated_at":"2026-05-13 02:01:47","pushed_at":"2026-05-13 01:44:57","inserted_at":"2026-05-13 04:36:31"},{"id":"1236831869","cve_id":"CVE-2026-29000","name":"CVE-2026-29000-PoC-Exploit","owner":"tc4dy","full_name":"tc4dy\/CVE-2026-29000-PoC-Exploit","html_url":"https:\/\/github.com\/tc4dy\/CVE-2026-29000-PoC-Exploit","description":"CVE-2026-29000 \u2013 pac4j-jwt Authentication Bypass (\ud83d\udd25 CVSS 10.0). One-click admin forge via public key JWE wrapping. Leaks configs, users, secrets. Keep-alive, proxy, custom JWKS.\u2699\ufe0f Educational PoC Exploit tool.","stargazers_count":"0","vuln_description":"pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators.","created_at":"2026-05-13 01:03:01","updated_at":"2026-05-13 02:01:57","pushed_at":"2026-05-13 01:30:13","inserted_at":"2026-05-13 04:36:30"},{"id":"1236764293","cve_id":"CVE-2026-31431","name":"copyfail-fix","owner":"paulorlima9","full_name":"paulorlima9\/copyfail-fix","html_url":"https:\/\/github.com\/paulorlima9\/copyfail-fix","description":"Quick mitigation and patch script for CVE-2026-31431 (Copy Fail) on Ubuntu\/Debian VPS","stargazers_count":"1","vuln_description":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly.","created_at":"2026-05-12 23:50:38","updated_at":"2026-05-13 01:28:48","pushed_at":"2026-05-13 00:25:59","inserted_at":"2026-05-13 04:36:30"},{"id":"1236761147","cve_id":"CVE-2026-41940","name":"CVE-2026-41940-POC-Exploit","owner":"tc4dy","full_name":"tc4dy\/CVE-2026-41940-POC-Exploit","html_url":"https:\/\/github.com\/tc4dy\/CVE-2026-41940-POC-Exploit","description":"\ud83d\ude80 CVE-2026-41940 cPanel\/WHM Auth Bypass Exploit - Professional Edition \ud83d\udca5 CRLF injection leads to auth bypass, session hijacking & account leak. \u2705 Proxy, custom UA, keep-alive, retries, SSL verify, colored output, file save support. \u26a1 Advanced PoC for pentesters. ","stargazers_count":"0","vuln_description":"cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.","created_at":"2026-05-12 23:47:21","updated_at":"2026-05-13 00:51:20","pushed_at":"2026-05-12 23:59:11","inserted_at":"2026-05-13 04:36:31"},{"id":"1236665876","cve_id":"CVE-2026-45321","name":"are-you-get-tanstack-attack","owner":"Yomisana","full_name":"Yomisana\/are-you-get-tanstack-attack","html_url":"https:\/\/github.com\/Yomisana\/are-you-get-tanstack-attack","description":"Are you get Tanstack Supply chain attack attack of 5\/11? CVE-2026-45321 \/ GHSA-g7cv-rxg3-hmpx","stargazers_count":"0","vuln_description":"On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack\/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack\/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes \u2014 a pull_request_target \"Pwn Request\" misconfiguration, GitHub Actions cache poisoning across the fork\u2194base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process \u2014 to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.","created_at":"2026-05-12 22:08:36","updated_at":"2026-05-13 11:33:45","pushed_at":"2026-05-13 11:27:46","inserted_at":"2026-05-13 16:36:31"},{"id":"1236461570","cve_id":"CVE-2026-45321","name":"tanstack-compromise-checker","owner":"ry-allan","full_name":"ry-allan\/tanstack-compromise-checker","html_url":"https:\/\/github.com\/ry-allan\/tanstack-compromise-checker","description":"Detects CVE-2026-45321 (TanStack supply chain compromise) and Mini Shai-Hulud worm artifacts. Scans node_modules, lockfiles, persistence hooks (Claude Code, VS Code, systemd, LaunchAgent), GitHub workflows, git history, C2 domains, and AI tool configs.","stargazers_count":"0","vuln_description":"On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack\/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack\/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes \u2014 a pull_request_target \"Pwn Request\" misconfiguration, GitHub Actions cache poisoning across the fork\u2194base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process \u2014 to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.","created_at":"2026-05-12 18:11:30","updated_at":"2026-05-12 18:42:02","pushed_at":"2026-05-12 18:41:27","inserted_at":"2026-05-12 22:36:31"},{"id":"1236416923","cve_id":"CVE-2026-3609","name":"CredsHunter","owner":"BlackSnufkin","full_name":"BlackSnufkin\/CredsHunter","html_url":"https:\/\/github.com\/BlackSnufkin\/CredsHunter","description":"PoC for CVE-2026-3609 - XIGNCODE3 xhunter1.sys handle leak enabling PPL bypass and LSASS dumping","stargazers_count":"3","vuln_description":"Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vulnerability provides access to IRP_MJ_REITS command interface, which allows any user process to request a PROCESS_ALL_ACCESS.\r\nCross reference to KVE 2023-5589 (https:\/\/krcert.or.kr)","created_at":"2026-05-12 17:21:00","updated_at":"2026-05-12 20:03:43","pushed_at":"2026-05-12 17:38:56","inserted_at":"2026-05-12 22:36:31"},{"id":"1236387411","cve_id":"CVE-2010-2039","name":"CVE-2010-2039","owner":"RajeshTiwiva","full_name":"RajeshTiwiva\/CVE-2010-2039","html_url":"https:\/\/github.com\/RajeshTiwiva\/CVE-2010-2039","description":"CSRF (Cross-Site Request Forgery) vulnerability in gpEasy 1.5-16.3","stargazers_count":"0","vuln_description":null,"created_at":"2026-05-12 16:46:33","updated_at":"2026-05-12 16:50:29","pushed_at":"2026-05-12 16:50:26","inserted_at":"2026-05-12 22:36:26"}]}