{"pocs":[{"id":"1206925150","cve_id":"CVE-2025-55182","name":"rust-cve-2025-55182-scanner","owner":"kaxm23","full_name":"kaxm23\/rust-cve-2025-55182-scanner","html_url":"https:\/\/github.com\/kaxm23\/rust-cve-2025-55182-scanner","description":"powerfull rust cve-2025-55182-scanner used for ctf & ethical purpose only ","stargazers_count":"0","vuln_description":"A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.","created_at":"2026-04-10 20:49:46","updated_at":"2026-04-10 21:21:34","pushed_at":"2026-04-10 21:21:27","inserted_at":"2026-04-10 22:36:27"},{"id":"1206902926","cve_id":"CVE-2025-5548","name":"CVE-2025-5548","owner":"CryptoMachio","full_name":"CryptoMachio\/CVE-2025-5548","html_url":"https:\/\/github.com\/CryptoMachio\/CVE-2025-5548","description":"Estudio t\u00e9cnico de la vulnerabilidad CVE-2025-5548","stargazers_count":"0","vuln_description":"A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component NOOP Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.","created_at":"2026-04-10 20:19:44","updated_at":"2026-04-10 20:22:40","pushed_at":"2026-04-10 20:22:35","inserted_at":"2026-04-10 22:36:27"},{"id":"1206893862","cve_id":"CVE-2025-55182","name":"CVE-2025-55182-Auto-Scanner","owner":"kaxm23","full_name":"kaxm23\/CVE-2025-55182-Auto-Scanner","html_url":"https:\/\/github.com\/kaxm23\/CVE-2025-55182-Auto-Scanner","description":"CVE-2025-55182 Auto Scanner - Improved Version For authorized CTF\/testing purposes only","stargazers_count":"0","vuln_description":"A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.","created_at":"2026-04-10 20:07:12","updated_at":"2026-04-10 20:29:59","pushed_at":"2026-04-10 20:29:56","inserted_at":"2026-04-10 22:36:27"},{"id":"1206806071","cve_id":"CVE-2021-22911","name":"rocketcat-cve-2021-22911-exploit","owner":"roshanrajbanshi","full_name":"roshanrajbanshi\/rocketcat-cve-2021-22911-exploit","html_url":"https:\/\/github.com\/roshanrajbanshi\/rocketcat-cve-2021-22911-exploit","description":"CVE-2021-22911 Rocket.Chat NoSQL Injection RCE Exploit - Educational Purpose","stargazers_count":"0","vuln_description":"A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.","created_at":"2026-04-10 18:16:26","updated_at":"2026-04-10 18:45:41","pushed_at":"2026-04-10 18:45:34","inserted_at":"2026-04-10 22:36:19"},{"id":"1206678402","cve_id":"CVE-2026-23869","name":"CVE-2026-23869","owner":"yohannslm","full_name":"yohannslm\/CVE-2026-23869","html_url":"https:\/\/github.com\/yohannslm\/CVE-2026-23869","description":"POC for CVE-2026-23869","stargazers_count":"0","vuln_description":"A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack (versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4). The vulnerability is triggered by sending specially crafted HTTP requests to Server Function endpoints.The payload of the HTTP request causes excessive CPU usage for up to a minute ending in a thrown error that is catchable.","created_at":"2026-04-10 15:34:17","updated_at":"2026-04-10 15:45:54","pushed_at":"2026-04-10 15:45:49","inserted_at":"2026-04-10 16:36:23"},{"id":"1206650375","cve_id":"CVE-2026-23744","name":"exploit-CVE-2026-23744","owner":"luiskrnr","full_name":"luiskrnr\/exploit-CVE-2026-23744","html_url":"https:\/\/github.com\/luiskrnr\/exploit-CVE-2026-23744","description":"MCPJam Inspector is a local-first development platform for MCP servers. In versions 1.4.2 (and earlier), a RCE flaw lets attackers send crafted HTTP request that installs an MCP server and runs code remotely, because the service listens on 0.0.0.0 (instead of 127.0.0.1) by default.","stargazers_count":"0","vuln_description":"MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.","created_at":"2026-04-10 14:52:49","updated_at":"2026-04-10 15:37:18","pushed_at":"2026-04-10 15:37:14","inserted_at":"2026-04-10 16:36:23"},{"id":"1206642045","cve_id":"CVE-2026-39376","name":"CVE-2026-39376","owner":"redyank","full_name":"redyank\/CVE-2026-39376","html_url":"https:\/\/github.com\/redyank\/CVE-2026-39376","description":"CVE-2026-39376(Infinite redirect loop DoS via meta-refresh chain)","stargazers_count":"0","vuln_description":"FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse() fetches a URL that returns an HTML page containing a <meta http-equiv=\"refresh\"> tag, it recursively calls itself with the redirect URL \u2014 with no depth limit, no visited-URL deduplication, and no redirect count cap. An attacker-controlled server that returns an infinite chain of HTML meta-refresh responses causes unbounded recursion, exhausting the Python call stack and crashing the process. This vulnerability can also be chained with the companion SSRF issue to reach internal network targets after bypassing the initial URL check. This vulnerability is fixed in 0.5.10.","created_at":"2026-04-10 14:39:38","updated_at":"2026-04-10 14:41:00","pushed_at":"2026-04-10 14:40:38","inserted_at":"2026-04-10 16:36:23"},{"id":"1206632857","cve_id":"CVE-2021-44228","name":"EXPLOIT-CVE-2021-44228","owner":"joaovicdev","full_name":"joaovicdev\/EXPLOIT-CVE-2021-44228","html_url":"https:\/\/github.com\/joaovicdev\/EXPLOIT-CVE-2021-44228","description":"PoC of CVE-2021-44228","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2026-04-10 14:24:43","updated_at":"2026-04-10 14:26:42","pushed_at":"2026-04-10 14:26:37","inserted_at":"2026-04-10 16:36:17"},{"id":"1206612140","cve_id":"CVE-2026-35584","name":"CVE-2026-35584","owner":"LeonardoNovais7","full_name":"LeonardoNovais7\/CVE-2026-35584","html_url":"https:\/\/github.com\/LeonardoNovais7\/CVE-2026-35584","description":"POC - CVE-2026-35584","stargazers_count":"0","vuln_description":"FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET \/thread\/read\/{conversation_id}\/{thread_id} does not require authentication and does not validate whether the given thread_id belongs to the given conversation_id. This allows any unauthenticated attacker to mark any thread as read by passing arbitrary IDs, enumerate valid thread IDs via HTTP response codes (200 vs 404), and manipulate opened_at timestamps across conversations (IDOR). This vulnerability is fixed in 1.8.212.","created_at":"2026-04-10 13:49:07","updated_at":"2026-04-10 13:59:06","pushed_at":"2026-04-10 13:59:02","inserted_at":"2026-04-10 16:36:23"},{"id":"1206581732","cve_id":"CVE-2026-5530","name":"CVE-2026-5530","owner":"davidrxchester","full_name":"davidrxchester\/CVE-2026-5530","html_url":"https:\/\/github.com\/davidrxchester\/CVE-2026-5530","description":"POC for CVE-2026-5530 - SSRF via Ollama Pull\/Push API","stargazers_count":"0","vuln_description":"A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server\/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.","created_at":"2026-04-10 12:52:57","updated_at":"2026-04-10 12:53:16","pushed_at":"2026-04-10 12:53:13","inserted_at":"2026-04-10 16:36:23"},{"id":"1206571703","cve_id":"CVE-2025-55182","name":"CVE-2025-55182-React2Shell-PoC","owner":"masterwok","full_name":"masterwok\/CVE-2025-55182-React2Shell-PoC","html_url":"https:\/\/github.com\/masterwok\/CVE-2025-55182-React2Shell-PoC","description":"Proof-of-concept exploit for CVE-2025-55182 (React2Shell)","stargazers_count":"0","vuln_description":"A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.","created_at":"2026-04-10 12:34:25","updated_at":"2026-04-10 13:17:43","pushed_at":"2026-04-10 13:17:39","inserted_at":"2026-04-10 16:36:23"},{"id":"1206522114","cve_id":"CVE-2026-33033","name":"CVE-2026-33033-PoC","owner":"ch4n3-yoon","full_name":"ch4n3-yoon\/CVE-2026-33033-PoC","html_url":"https:\/\/github.com\/ch4n3-yoon\/CVE-2026-33033-PoC","description":"A PoC script for demonstrating CVE-2026-33033","stargazers_count":"0","vuln_description":"An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.\n`MultiPartParser` allows remote attackers to degrade performance by submitting multipart uploads with `Content-Transfer-Encoding: base64` including excessive whitespace.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Seokchan Yoon for reporting this issue.","created_at":"2026-04-10 11:04:12","updated_at":"2026-04-10 11:25:54","pushed_at":"2026-04-10 11:25:51","inserted_at":"2026-04-10 16:36:23"},{"id":"1206521532","cve_id":"CVE-2023-20198","name":"forwardnetworksdemo","owner":"telly251","full_name":"telly251\/forwardnetworksdemo","html_url":"https:\/\/github.com\/telly251\/forwardnetworksdemo","description":"Demo to remediate CVE-2023-20198 using forward networks and tines","stargazers_count":"0","vuln_description":"Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.\r\n\r For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory\u00a0\r\n\r Cisco will provide updates on the status of this investigation and when a software patch is available.","created_at":"2026-04-10 11:03:05","updated_at":"2026-04-10 12:45:07","pushed_at":"2026-04-10 12:44:59","inserted_at":"2026-04-10 16:36:19"},{"id":"1206503415","cve_id":"CVE-2026-34197","name":"CVE-2026-34197","owner":"hg0434hongzh0","full_name":"hg0434hongzh0\/CVE-2026-34197","html_url":"https:\/\/github.com\/hg0434hongzh0\/CVE-2026-34197","description":"POC","stargazers_count":"0","vuln_description":"Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ.\n\nApache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at \/api\/jolokia\/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including\nBrokerService.addNetworkConnector(String) and BrokerService.addConnector(String).\n\nAn authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext.\nBecause Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec().\n\n\n\nThis issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ All: before 5.19.4,","created_at":"2026-04-10 10:29:12","updated_at":"2026-04-10 10:45:02","pushed_at":"2026-04-10 10:44:58","inserted_at":"2026-04-10 16:36:23"},{"id":"1206492765","cve_id":"CVE-2025-49596","name":"trust-boundary-ctf","owner":"acseguin21","full_name":"acseguin21\/trust-boundary-ctf","html_url":"https:\/\/github.com\/acseguin21\/trust-boundary-ctf","description":"Browser-based MCP CTF \u2014 OAuth token confusion and session isolation failure (CVE-2025-49596 pattern). DevTools only.","stargazers_count":"0","vuln_description":"The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities.","created_at":"2026-04-10 10:09:30","updated_at":"2026-04-10 10:09:43","pushed_at":"2026-04-10 10:09:33","inserted_at":"2026-04-10 16:36:22"},{"id":"1206445621","cve_id":"CVE-2026-21876","name":"CVE-2026-21876","owner":"daytriftnewgen","full_name":"daytriftnewgen\/CVE-2026-21876","html_url":"https:\/\/github.com\/daytriftnewgen\/CVE-2026-21876","description":"[Reupload] CVE-2026-21876 minimal PoC with docker container.","stargazers_count":"0","vuln_description":"The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a collection (like `MULTIPART_PART_HEADERS`), the capture variables (`TX:0`, `TX:1`) get overwritten with each iteration. Only the last captured value is available to the chained rule, which means malicious charsets in earlier parts can be missed if a later part has a legitimate charset. Versions 4.22.0 and 3.3.8 patch the issue.","created_at":"2026-04-10 08:30:57","updated_at":"2026-04-10 09:10:53","pushed_at":"2026-04-10 08:50:11","inserted_at":"2026-04-10 10:36:23"},{"id":"1206419643","cve_id":"CVE-2018-16763","name":"CVE-2018-16763-Fuel-CMS-1.4.1-Remote-Code-Execution-PoC","owner":"estebanzarate","full_name":"estebanzarate\/CVE-2018-16763-Fuel-CMS-1.4.1-Remote-Code-Execution-PoC","html_url":"https:\/\/github.com\/estebanzarate\/CVE-2018-16763-Fuel-CMS-1.4.1-Remote-Code-Execution-PoC","description":"Unauthenticated RCE vulnerability in Fuel CMS 1.4.1.","stargazers_count":"0","vuln_description":"FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages\/select\/ filter parameter or the preview\/ data parameter. This can lead to Pre-Auth Remote Code Execution.","created_at":"2026-04-10 07:37:08","updated_at":"2026-04-10 07:53:02","pushed_at":"2026-04-10 07:47:16","inserted_at":"2026-04-10 10:36:14"},{"id":"1206342981","cve_id":"CVE-2025-63353","name":"CVE-2025-63353","owner":"r0otk3r","full_name":"r0otk3r\/CVE-2025-63353","html_url":"https:\/\/github.com\/r0otk3r\/CVE-2025-63353","description":"CVE-2025-63353","stargazers_count":"0","vuln_description":"A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA\/WPA2 pre-shared key) to be predicted from the SSID. The device generates default passwords using a deterministic algorithm that derives the router passphrase from the SSID, enabling an attacker who can observe the SSID to predict the default password without authentication or user interaction.","created_at":"2026-04-10 05:24:55","updated_at":"2026-04-10 05:40:17","pushed_at":"2026-04-10 05:40:13","inserted_at":"2026-04-10 10:36:23"},{"id":"1206312496","cve_id":"CVE-2026-34197","name":"CVE-2026-34197","owner":"KONDORDEVSECURITYCORP","full_name":"KONDORDEVSECURITYCORP\/CVE-2026-34197","html_url":"https:\/\/github.com\/KONDORDEVSECURITYCORP\/CVE-2026-34197","description":"CVE-2026-34197 \u2014 Apache ActiveMQ RCE via Jolokia API | PoC Exploit","stargazers_count":"0","vuln_description":"Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ.\n\nApache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at \/api\/jolokia\/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including\nBrokerService.addNetworkConnector(String) and BrokerService.addConnector(String).\n\nAn authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext.\nBecause Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec().\n\n\n\nThis issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ All: before 5.19.4,","created_at":"2026-04-10 04:41:30","updated_at":"2026-04-10 04:42:58","pushed_at":"2026-04-10 04:42:54","inserted_at":"2026-04-10 10:36:23"},{"id":"1206297058","cve_id":"CVE-2025-60709","name":"CVE-2025-60709","owner":"KONDORDEVSECURITYCORP","full_name":"KONDORDEVSECURITYCORP\/CVE-2025-60709","html_url":"https:\/\/github.com\/KONDORDEVSECURITYCORP\/CVE-2025-60709","description":"Windows CLFS LPE exploit PoC for security research","stargazers_count":"0","vuln_description":"Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.","created_at":"2026-04-10 04:19:50","updated_at":"2026-04-10 04:20:03","pushed_at":"2026-04-10 04:19:58","inserted_at":"2026-04-10 10:36:23"},{"id":"1206290660","cve_id":"CVE-2026-31402","name":"CVE-2026-31402","owner":"0xBlackash","full_name":"0xBlackash\/CVE-2026-31402","html_url":"https:\/\/github.com\/0xBlackash\/CVE-2026-31402","description":"CVE-2026-31402","stargazers_count":"0","vuln_description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the den","created_at":"2026-04-10 04:10:44","updated_at":"2026-04-10 04:31:45","pushed_at":"2026-04-10 04:31:39","inserted_at":"2026-04-10 10:36:23"},{"id":"1206263773","cve_id":"CVE-2026-39912","name":"CVE-2026-39912","owner":"Chocapikk","full_name":"Chocapikk\/CVE-2026-39912","html_url":"https:\/\/github.com\/Chocapikk\/CVE-2026-39912","description":"Xboard \/ V2Board Unauth Account Takeover - Magic Link Token Leak (CVE-2026-39912)","stargazers_count":"0","vuln_description":"V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the login_with_mail_link_enable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receive the full authentication URL in the response, then exchange the token at the token2Login endpoint to obtain a valid bearer token with complete account access including admin privileges.","created_at":"2026-04-10 03:34:39","updated_at":"2026-04-10 03:35:05","pushed_at":"2026-04-10 03:34:41","inserted_at":"2026-04-10 04:36:21"},{"id":"1206259526","cve_id":"CVE-2024-3094","name":"CVE-2024-3094","owner":"h3raklez","full_name":"h3raklez\/CVE-2024-3094","html_url":"https:\/\/github.com\/h3raklez\/CVE-2024-3094","description":"CVE-2024-3094 - XZ Utils Backdoor","stargazers_count":"0","vuln_description":"Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.","created_at":"2026-04-10 03:29:04","updated_at":"2026-04-10 03:29:04","pushed_at":"2026-04-10 03:29:04","inserted_at":"2026-04-10 04:36:19"},{"id":"1206245617","cve_id":"CVE-2025-14893","name":"CVE-2025-14893","owner":"d3kc4rt1","full_name":"d3kc4rt1\/CVE-2025-14893","html_url":"https:\/\/github.com\/d3kc4rt1\/CVE-2025-14893","description":"Authenticated Stored Cross-Site Scripting (XSS) in IndieWeb WordPress Plugin","stargazers_count":"0","vuln_description":"The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Telephone' parameter in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","created_at":"2026-04-10 03:11:31","updated_at":"2026-04-10 03:11:58","pushed_at":"2026-04-10 03:11:53","inserted_at":"2026-04-10 04:36:20"},{"id":"1206240800","cve_id":"CVE-2026-3516","name":"CVE-2026-3516","owner":"d3kc4rt1","full_name":"d3kc4rt1\/CVE-2026-3516","html_url":"https:\/\/github.com\/d3kc4rt1\/CVE-2026-3516","description":"Authenticated Stored Cross-Site Scripting (XSS) in Contact List Plugin","stargazers_count":"0","vuln_description":"The Contact List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_cl_map_iframe' parameter in all versions up to, and including, 3.0.18. This is due to insufficient input sanitization and output escaping when handling the Google Maps iframe custom field. The saveCustomFields() function in class-contact-list-custom-fields.php uses a regex to extract <iframe> tags from user input but does not validate or sanitize the iframe's attributes, allowing event handlers like 'onload' to be included. The extracted iframe HTML is stored via update_post_meta() and later rendered on the front-end in class-cl-public-card.php without any escaping or wp_kses filtering. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","created_at":"2026-04-10 03:05:32","updated_at":"2026-04-10 03:06:04","pushed_at":"2026-04-10 03:05:59","inserted_at":"2026-04-10 04:36:21"},{"id":"1206230626","cve_id":"CVE-2026-1657","name":"CVE-2026-1657","owner":"d3kc4rt1","full_name":"d3kc4rt1\/CVE-2026-1657","html_url":"https:\/\/github.com\/d3kc4rt1\/CVE-2026-1657","description":"Unauthenticated Arbitrary File Upload in EventPrime Plugin","stargazers_count":"0","vuln_description":"The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload_file_media AJAX action as publicly accessible (nopriv-enabled) without implementing any authentication, authorization, or nonce verification despite a nonce being created. This makes it possible for unauthenticated attackers to upload image files to the WordPress uploads directory and create Media Library attachments via the ep_upload_file_media endpoint.","created_at":"2026-04-10 02:53:07","updated_at":"2026-04-10 02:53:36","pushed_at":"2026-04-10 02:53:32","inserted_at":"2026-04-10 04:36:21"},{"id":"1206222595","cve_id":"CVE-2025-34077","name":"Web-Penetration-Test","owner":"salimelh94","full_name":"salimelh94\/Web-Penetration-Test","html_url":"https:\/\/github.com\/salimelh94\/Web-Penetration-Test","description":"Exploiting WordPress vulnerabilities (CVE-2025-34077), authentication bypass via cookie injection, and privilege escalation to root. Part of my Cybersecurity Specialization.","stargazers_count":"0","vuln_description":"An authentication bypass vulnerability exists in the WordPress Pie Register plugin = 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting social_site=true and manipulating the user_id_social_site parameter, an attacker can generate a valid WordPress session cookie for any user ID, including administrators. Once authenticated, the attacker may exploit plugin upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server.","created_at":"2026-04-10 02:43:27","updated_at":"2026-04-10 03:42:15","pushed_at":"2026-04-10 03:42:10","inserted_at":"2026-04-10 04:36:21"},{"id":"1206217758","cve_id":"CVE-2026-1375","name":"CVE-2026-1375","owner":"d3kc4rt1","full_name":"d3kc4rt1\/CVE-2026-1375","html_url":"https:\/\/github.com\/d3kc4rt1\/CVE-2026-1375","description":"Authenticated IDOR \/ Broken Access Control in Tutor LMS Plugin","stargazers_count":"0","vuln_description":"The Tutor LMS \u2013 eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object References (IDOR) in all versions up to, and including, 3.9.5. This is due to missing object-level authorization checks in the `course_list_bulk_action()`, `bulk_delete_course()`, and `update_course_status()` functions. This makes it possible for authenticated attackers, with Tutor Instructor-level access and above, to modify or delete arbitrary courses they do not own by manipulating course IDs in bulk action requests.","created_at":"2026-04-10 02:37:39","updated_at":"2026-04-10 02:38:14","pushed_at":"2026-04-10 02:38:08","inserted_at":"2026-04-10 04:36:21"},{"id":"1206194896","cve_id":"CVE-2023-33177","name":"-CVE-2023-33177-","owner":"kaxm23","full_name":"kaxm23\/-CVE-2023-33177-","html_url":"https:\/\/github.com\/kaxm23\/-CVE-2023-33177-","description":"Xibo CMS CVE-2023-33177 Vulnerability Tester","stargazers_count":"0","vuln_description":"Xibo is a content management system (CMS). A path traversal vulnerability exists in the Xibo CMS whereby a specially crafted zip file can be uploaded to the CMS via the layout import function by an authenticated user which would allow creation of files outside of the CMS library directory as the webserver user. This can be used to upload a PHP webshell inside the web root directory and achieve remote code execution as the webserver user. Users should upgrade to version 2.3.17 or 3.3.5, which fix this issue. Customers who host their CMS with Xibo Signage have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running.","created_at":"2026-04-10 02:10:49","updated_at":"2026-04-10 02:50:24","pushed_at":"2026-04-10 02:49:32","inserted_at":"2026-04-10 04:36:19"},{"id":"1206171016","cve_id":"CVE-2025-15260","name":"CVE-2025-15260","owner":"d3kc4rt1","full_name":"d3kc4rt1\/CVE-2025-15260","html_url":"https:\/\/github.com\/d3kc4rt1\/CVE-2025-15260","description":"Missing Authorization \/ Broken Access Control in Plugin - MyRewards \u2013 Loyalty Points and Rewards for WooCommerce","stargazers_count":"0","vuln_description":"The MyRewards \u2013 Loyalty Points and Rewards for WooCommerce plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'ajax' function. This makes it possible for authenticated attackers, with subscriber level access and above, to modify, add, or delete loyalty program earning rules, including manipulating point multipliers to arbitrary values.","created_at":"2026-04-10 01:42:37","updated_at":"2026-04-10 01:43:13","pushed_at":"2026-04-10 01:43:10","inserted_at":"2026-04-10 04:36:20"}]}