{"pocs":[{"id":"1175219479","cve_id":"CVE-2026-1492","name":"CVE-2026-1492-POC","owner":"dreamboyim66-boop","full_name":"dreamboyim66-boop\/CVE-2026-1492-POC","html_url":"https:\/\/github.com\/dreamboyim66-boop\/CVE-2026-1492-POC","description":"User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration","stargazers_count":"0","vuln_description":"The User Registration & Membership \u2013 Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and including, 5.1.2. This is due to the plugin accepting a user-supplied role during membership registration without properly enforcing a server-side allowlist. This makes it possible for unauthenticated attackers to create administrator accounts by supplying a role value during membership registration.","created_at":"2026-03-07 21:01:53","updated_at":"2026-03-07 21:03:41","pushed_at":"2026-03-07 21:03:38","inserted_at":"2026-03-07 22:36:06"},{"id":"1175192277","cve_id":"CVE-2020-1350","name":"CVE-2020-1350-SigRed","owner":"sty886","full_name":"sty886\/CVE-2020-1350-SigRed","html_url":"https:\/\/github.com\/sty886\/CVE-2020-1350-SigRed","description":"CVE-2020-1350\u7684PoC","stargazers_count":"0","vuln_description":"A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.","created_at":"2026-03-07 20:10:17","updated_at":"2026-03-07 21:11:39","pushed_at":"2026-03-07 21:11:36","inserted_at":"2026-03-07 22:36:01"},{"id":"1175114004","cve_id":"CVE-2025-60787","name":"CVE-2025-60787-MotionEye-RCE","owner":"Rohitberiwala","full_name":"Rohitberiwala\/CVE-2025-60787-MotionEye-RCE","html_url":"https:\/\/github.com\/Rohitberiwala\/CVE-2025-60787-MotionEye-RCE","description":"Professional PoC for CVE-2025-60787: Remote Code Execution in MotionEye (<= 0.43.1b4). This exploit demonstrates an OS Command Injection vulnerability through client-side validation bypass, allowing attackers to execute arbitrary commands via configuration files.","stargazers_count":"0","vuln_description":"MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.","created_at":"2026-03-07 17:45:30","updated_at":"2026-03-07 17:53:24","pushed_at":"2026-03-07 17:53:21","inserted_at":"2026-03-07 22:36:06"},{"id":"1175024083","cve_id":"CVE-2024-31317","name":"CVE-2024-31317-PoC","owner":"chengfeng30121","full_name":"chengfeng30121\/CVE-2024-31317-PoC","html_url":"https:\/\/github.com\/chengfeng30121\/CVE-2024-31317-PoC","description":"\u9488\u5bf9Android\u7cfb\u7edf\u7684CVE-2024-31317\u6f0f\u6d1e\u7684\u6982\u5ff5\u9a8c\u8bc1\u811a\u672c\u96c6\u5408","stargazers_count":"0","vuln_description":"In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.","created_at":"2026-03-07 14:51:12","updated_at":"2026-03-07 14:52:43","pushed_at":"2026-03-07 14:52:40","inserted_at":"2026-03-07 16:36:05"},{"id":"1175014507","cve_id":"CVE-2026-28372","name":"CVE-2026-28372","owner":"Rohitberiwala","full_name":"Rohitberiwala\/CVE-2026-28372","html_url":"https:\/\/github.com\/Rohitberiwala\/CVE-2026-28372","description":"This Proof\u2011of\u2011Concept demonstrates a **Local Privilege Escalation** vulnerability in GNU inetutils `telnetd`.  `telnetd` improperly passes client\u2011controlled environment variables to `login(1)`. By setting:","stargazers_count":"0","vuln_description":"telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.","created_at":"2026-03-07 14:31:00","updated_at":"2026-03-07 14:36:11","pushed_at":"2026-03-07 14:36:08","inserted_at":"2026-03-07 16:36:07"},{"id":"1174881120","cve_id":"CVE-2023-27372","name":"CVE-2023-27372","owner":"scriniariii","full_name":"scriniariii\/CVE-2023-27372","html_url":"https:\/\/github.com\/scriniariii\/CVE-2023-27372","description":"exploit for CVE-2023-27372","stargazers_count":"0","vuln_description":"SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.","created_at":"2026-03-07 09:14:12","updated_at":"2026-03-07 09:14:16","pushed_at":"2026-03-07 09:14:12","inserted_at":"2026-03-07 10:36:03"},{"id":"1174831163","cve_id":"CVE-2002-0936","name":"Full-Attack-Lifecycle-Simulation-on-Metasploitable","owner":"omarsallam2309-star","full_name":"omarsallam2309-star\/Full-Attack-Lifecycle-Simulation-on-Metasploitable","html_url":"https:\/\/github.com\/omarsallam2309-star\/Full-Attack-Lifecycle-Simulation-on-Metasploitable","description":"Full-cycle Pentest on Metasploitable (VMware\/Kali). Scanned services (Apache Tomcat\/8180), researched CVE-2002-0936 via Exploit-DB, and gained access using default creds (Metasploit). Performed local enumeration for SUID misconfigs, exploiting a legacy Nmap binary to escalate privileges to Root.","stargazers_count":"0","vuln_description":null,"created_at":"2026-03-07 07:21:31","updated_at":"2026-03-07 07:47:25","pushed_at":"2026-03-07 07:47:21","inserted_at":"2026-03-07 10:35:59"},{"id":"1174605544","cve_id":"CVE-2026-0651","name":"tapo-c260-rce","owner":"l0lsec","full_name":"l0lsec\/tapo-c260-rce","html_url":"https:\/\/github.com\/l0lsec\/tapo-c260-rce","description":"PoC exploit chain for TP-Link Tapo C260 camera \u2014 CVE-2026-0651\/0652\/0653. Research by @spaceraccoon.","stargazers_count":"0","vuln_description":"On TP-Link Tapo C260 v1, path traversal is possible due to improper handling of specific GET request paths via https, allowing local unauthenticated probing of filesystem paths. An attacker on the local network can determine whether certain files exists on the device, with no read, write or code execution possibilities.","created_at":"2026-03-07 01:26:00","updated_at":"2026-03-07 01:26:07","pushed_at":"2026-03-07 01:26:03","inserted_at":"2026-03-07 04:36:05"},{"id":"1174511512","cve_id":"CVE-2026-22722","name":"CVE-2026-22722","owner":"D7EAD","full_name":"D7EAD\/CVE-2026-22722","html_url":"https:\/\/github.com\/D7EAD\/CVE-2026-22722","description":"A State-based logic vulnerability in VMWare Workstation Pro's Kernel NUIF","stargazers_count":"1","vuln_description":"A malicious actor with authenticated user privileges on a Windows based Workstation host may be able to cause a null pointer dereference error. To Remediate CVE-2026-22722, apply the patches listed in the \"Fixed version\" column of the 'Response Matrix'","created_at":"2026-03-06 23:26:52","updated_at":"2026-03-07 02:58:41","pushed_at":"2026-03-06 23:27:42","inserted_at":"2026-03-07 04:36:05"},{"id":"1174445534","cve_id":"CVE-2014-6271","name":"CVE-2014-6271","owner":"0xAshwesker","full_name":"0xAshwesker\/CVE-2014-6271","html_url":"https:\/\/github.com\/0xAshwesker\/CVE-2014-6271","description":"CVE-2014-6271","stargazers_count":"0","vuln_description":"GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka \"ShellShock.\"  NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.","created_at":"2026-03-06 21:59:16","updated_at":"2026-03-06 22:27:39","pushed_at":"2026-03-06 22:27:35","inserted_at":"2026-03-07 04:35:59"},{"id":"1174332531","cve_id":"CVE-2023-21746","name":"PEREDBOEMPATAT-BOF","owner":"TailoredSecOps","full_name":"TailoredSecOps\/PEREDBOEMPATAT-BOF","html_url":"https:\/\/github.com\/TailoredSecOps\/PEREDBOEMPATAT-BOF","description":"LocalPotato NTLM reflection exploit (CVE-2023-21746) as a Cobalt Strike Beacon Object File","stargazers_count":"0","vuln_description":"Windows NTLM Elevation of Privilege Vulnerability","created_at":"2026-03-06 19:18:26","updated_at":"2026-03-06 19:18:37","pushed_at":"2026-03-06 19:18:34","inserted_at":"2026-03-06 22:36:02"},{"id":"1174315237","cve_id":"CVE-2026-29041","name":"CVE-2026-29041","owner":"celeboy711-hue","full_name":"celeboy711-hue\/CVE-2026-29041","html_url":"https:\/\/github.com\/celeboy711-hue\/CVE-2026-29041","description":"Hi, I\u2019m K, This is my first CVE, which is a Remote Code Execution (RCE) vulnerability. It is the beginning of my journey as a security researcher.","stargazers_count":"0","vuln_description":"Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not adequately validate file extensions or enforce safe server-side storage restrictions. As a result, an authenticated low-privileged user can upload a crafted file containing executable code and subsequently execute arbitrary commands on the server. This issue has been patched in version 1.11.34.","created_at":"2026-03-06 18:54:58","updated_at":"2026-03-06 19:48:39","pushed_at":"2026-03-06 19:26:04","inserted_at":"2026-03-06 22:36:05"},{"id":"1174276519","cve_id":"CVE-2024-43425","name":"CVE-2024-43425","owner":"wvverez","full_name":"wvverez\/CVE-2024-43425","html_url":"https:\/\/github.com\/wvverez\/CVE-2024-43425","description":"PoC para ejecuci\u00f3n remota de comandos en Moodle v4.4.0","stargazers_count":"1","vuln_description":"A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add\/update questions.","created_at":"2026-03-06 18:02:33","updated_at":"2026-03-06 18:21:38","pushed_at":"2026-03-06 18:03:44","inserted_at":"2026-03-06 22:36:03"},{"id":"1174228220","cve_id":"CVE-2026-27483","name":"cve-2026-27483","owner":"thewhiteh4t","full_name":"thewhiteh4t\/cve-2026-27483","html_url":"https:\/\/github.com\/thewhiteh4t\/cve-2026-27483","description":"MindsDB Path Traversal to RCE PoC","stargazers_count":"0","vuln_description":"MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's \/api\/files interface, which an authenticated attacker can exploit to achieve remote command execution. The vulnerability exists in the \"Upload File\" module, which corresponds to the API endpoint \/api\/files. Since the multipart file upload does not perform security checks on the uploaded file path, an attacker can perform path traversal by using `..\/` sequences in the filename field. The file write operation occurs before calling clear_filename and save_file, meaning there is no filtering of filenames or file types, allowing arbitrary content to be written to any path on the server. Version 25.9.1.1 patches the issue.","created_at":"2026-03-06 16:52:36","updated_at":"2026-03-06 18:50:52","pushed_at":"2026-03-06 18:50:49","inserted_at":"2026-03-06 22:36:05"},{"id":"1174166531","cve_id":"CVE-2026-20131","name":"CVE-2026-20131","owner":"Sushilsin","full_name":"Sushilsin\/CVE-2026-20131","html_url":"https:\/\/github.com\/Sushilsin\/CVE-2026-20131","description":"CVE-2026-20131 \u2014 Cisco FMC Insecure Java Deserialization (RCE)","stargazers_count":"0","vuln_description":"A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.\r\n\r This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root.\r\n\r Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.","created_at":"2026-03-06 15:18:46","updated_at":"2026-03-06 15:19:30","pushed_at":"2026-03-06 15:19:07","inserted_at":"2026-03-06 16:36:06"},{"id":"1174139212","cve_id":"CVE-2026-20079","name":"CVE-2026-20079","owner":"Sushilsin","full_name":"Sushilsin\/CVE-2026-20079","html_url":"https:\/\/github.com\/Sushilsin\/CVE-2026-20079","description":"CVE-2026-20079 \u2014 Cisco FMC Authentication Bypass","stargazers_count":"0","vuln_description":"A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system.\r\n\r This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.","created_at":"2026-03-06 14:32:18","updated_at":"2026-03-06 15:20:31","pushed_at":"2026-03-06 14:33:20","inserted_at":"2026-03-06 16:36:06"},{"id":"1174047001","cve_id":"CVE-2023-3452","name":"Metasploit-Wordpress-Canto-Exploit-RCE","owner":"puppetma4ster","full_name":"puppetma4ster\/Metasploit-Wordpress-Canto-Exploit-RCE","html_url":"https:\/\/github.com\/puppetma4ster\/Metasploit-Wordpress-Canto-Exploit-RCE","description":" this is a metasploit exploit module for CVE-2024-25096 and CVE-2023-3452 ","stargazers_count":"0","vuln_description":"The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allow_url_include is enabled. Local File Inclusion is also possible, albeit less useful because it requires that the attacker be able to upload a malicious php file via FTP or some other means into a directory readable by the web server.","created_at":"2026-03-06 11:34:05","updated_at":"2026-03-06 11:34:30","pushed_at":"2026-03-06 11:34:27","inserted_at":"2026-03-06 16:36:03"},{"id":"1174033646","cve_id":"CVE-2019-3980","name":"dameflare","owner":"boydhacks","full_name":"boydhacks\/dameflare","html_url":"https:\/\/github.com\/boydhacks\/dameflare","description":"Python 3 exploit for CVE-2019-3980. Unauthenticated RCE as SYSTEM via SolarWinds Dameware MRC smart card authentication bypass.","stargazers_count":"0","vuln_description":"The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.","created_at":"2026-03-06 11:07:36","updated_at":"2026-03-06 11:37:31","pushed_at":"2026-03-06 11:37:27","inserted_at":"2026-03-06 16:36:00"},{"id":"1174026842","cve_id":"CVE-2024-3912","name":"CVE-2024-3912","owner":"H4rk3nz0","full_name":"H4rk3nz0\/CVE-2024-3912","html_url":"https:\/\/github.com\/H4rk3nz0\/CVE-2024-3912","description":"Asus Router Arbitrary File Write to Remote Code Execution PoC - Fk Mirai","stargazers_count":"0","vuln_description":"Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device.","created_at":"2026-03-06 10:54:12","updated_at":"2026-03-06 11:05:43","pushed_at":"2026-03-06 11:05:40","inserted_at":"2026-03-06 16:36:04"},{"id":"1173939877","cve_id":"CVE-2026-29786","name":"CVE-2026-29786","owner":"Jvr2022","full_name":"Jvr2022\/CVE-2026-29786","html_url":"https:\/\/github.com\/Jvr2022\/CVE-2026-29786","description":"PoC for CVE-2026-29786 demonstrating a node-tar hardlink path traversal that allows overwriting files outside the extraction directory.","stargazers_count":"1","vuln_description":null,"created_at":"2026-03-06 07:53:22","updated_at":"2026-03-06 07:57:04","pushed_at":"2026-03-06 07:56:51","inserted_at":"2026-03-06 10:36:05"},{"id":"1173849939","cve_id":"CVE-2026-29000","name":"CVE-2026-29000","owner":"kernelzeroday","full_name":"kernelzeroday\/CVE-2026-29000","html_url":"https:\/\/github.com\/kernelzeroday\/CVE-2026-29000","description":"pac4j-jwt JwtAuthenticator auth bypass (CVE-2026-29000) writeup and PoCs","stargazers_count":"1","vuln_description":"pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators.","created_at":"2026-03-06 05:19:58","updated_at":"2026-03-06 09:04:52","pushed_at":"2026-03-06 09:04:49","inserted_at":"2026-03-06 10:36:05"},{"id":"1173846036","cve_id":"CVE-2019-3980","name":"dameflare","owner":"boydhacks","full_name":"boydhacks\/dameflare","html_url":"https:\/\/github.com\/boydhacks\/dameflare","description":"Python 3 exploit for CVE-2019-3980. Unauthenticated RCE as SYSTEM via SolarWinds Dameware MRC smart card authentication bypass.","stargazers_count":"0","vuln_description":"The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.","created_at":"2026-03-06 05:13:57","updated_at":"2026-03-06 05:42:19","pushed_at":"2026-03-06 05:42:16","inserted_at":"2026-03-06 10:36:00"},{"id":"1173744396","cve_id":"CVE-2026-28289","name":"CVE-2026-28289","owner":"0xAshwesker","full_name":"0xAshwesker\/CVE-2026-28289","html_url":"https:\/\/github.com\/0xAshwesker\/CVE-2026-28289","description":"CVE-2026-28289","stargazers_count":"0","vuln_description":"FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Execution (RCE) on the server by uploading a malicious .htaccess file using a zero-width space character prefix to bypass the security check. The vulnerability exists in the sanitizeUploadedFileName() function in app\/Http\/Helper.php. The function contains a Time-of-Check to Time-of-Use (TOCTOU) flaw where the dot-prefix check occurs before sanitization removes invisible characters. This vulnerability is fixed in 1.8.207.","created_at":"2026-03-06 02:48:00","updated_at":"2026-03-06 02:48:04","pushed_at":"2026-03-06 02:48:00","inserted_at":"2026-03-06 04:36:04"},{"id":"1173670263","cve_id":"CVE-2026-20079","name":"CVE-2026-20079","owner":"b1gchoi","full_name":"b1gchoi\/CVE-2026-20079","html_url":"https:\/\/github.com\/b1gchoi\/CVE-2026-20079","description":"Cisco FMC Authentication Bypass PoC","stargazers_count":"0","vuln_description":"A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system.\r\n\r This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.","created_at":"2026-03-06 01:12:29","updated_at":"2026-03-06 01:39:25","pushed_at":"2026-03-06 01:36:26","inserted_at":"2026-03-06 04:36:04"},{"id":"1173633761","cve_id":"CVE-2026-20127","name":"CVE-2026-20127_EXP","owner":"BugFor-Pings","full_name":"BugFor-Pings\/CVE-2026-20127_EXP","html_url":"https:\/\/github.com\/BugFor-Pings\/CVE-2026-20127_EXP","description":"Cisco Catalyst SD-WAN \u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e(CVE-2026-20127)\u5229\u7528EXP","stargazers_count":"0","vuln_description":"A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.\r\n\r\nThis vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root&nbsp;user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.&nbsp;","created_at":"2026-03-06 00:28:31","updated_at":"2026-03-06 00:37:57","pushed_at":"2026-03-06 00:36:00","inserted_at":"2026-03-06 04:36:04"},{"id":"1173561528","cve_id":"CVE-2011-1473","name":"CVE-2011-1473-POC","owner":"khaledibnalwalid","full_name":"khaledibnalwalid\/CVE-2011-1473-POC","html_url":"https:\/\/github.com\/khaledibnalwalid\/CVE-2011-1473-POC","description":"CVE-2011-1473 POC script","stargazers_count":"0","vuln_description":"** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094.  NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment.","created_at":"2026-03-05 23:01:44","updated_at":"2026-03-05 23:03:38","pushed_at":"2026-03-05 23:03:14","inserted_at":"2026-03-06 04:35:58"},{"id":"1173492822","cve_id":"CVE-2024-2997","name":"CVE-2024-2997","owner":"0xUho","full_name":"0xUho\/CVE-2024-2997","html_url":"https:\/\/github.com\/0xUho\/CVE-2024-2997","description":" The tool helps in quickly identifying vulnerabilities by examining a comprehensive list of potential paths on a website, making it useful for security assessments. ","stargazers_count":"0","vuln_description":"A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Category Name\/Model Name\/Brand Name\/Unit Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258199. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.","created_at":"2026-03-05 21:31:42","updated_at":"2026-03-05 21:32:04","pushed_at":"2026-03-05 21:32:00","inserted_at":"2026-03-05 22:36:06"},{"id":"1173109201","cve_id":"CVE-2026-20127","name":"CVE-2026-20127","owner":"leemuun","full_name":"leemuun\/CVE-2026-20127","html_url":"https:\/\/github.com\/leemuun\/CVE-2026-20127","description":"CVE-2026\u201120127 \u2013 Remote Authentication Bypass for Cisco Catalyst SD\u2011WAN","stargazers_count":"0","vuln_description":"A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.\r\n\r\nThis vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root&nbsp;user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.&nbsp;","created_at":"2026-03-05 11:40:55","updated_at":"2026-03-05 12:40:22","pushed_at":"2026-03-05 12:40:19","inserted_at":"2026-03-05 16:36:06"},{"id":"1173056825","cve_id":"CVE-2024-2997","name":"CVE-2024-2997","owner":"NullEssa","full_name":"NullEssa\/CVE-2024-2997","html_url":"https:\/\/github.com\/NullEssa\/CVE-2024-2997","description":" The tool helps in quickly identifying vulnerabilities by examining a comprehensive list of potential paths on a website, making it useful for security assessments. ","stargazers_count":"1","vuln_description":"A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Category Name\/Model Name\/Brand Name\/Unit Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258199. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.","created_at":"2026-03-05 09:57:01","updated_at":"2026-03-05 09:58:57","pushed_at":"2026-03-05 09:58:20","inserted_at":"2026-03-05 16:36:04"},{"id":"1172880699","cve_id":"CVE-2026-3224","name":"CVE-2026-3224-Exploit","owner":"HiZisec","full_name":"HiZisec\/CVE-2026-3224-Exploit","html_url":"https:\/\/github.com\/HiZisec\/CVE-2026-3224-Exploit","description":"Improper Authentication (CWE-287)","stargazers_count":"0","vuln_description":"Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT).","created_at":"2026-03-05 04:35:37","updated_at":"2026-03-05 04:53:02","pushed_at":"2026-03-05 04:52:04","inserted_at":"2026-03-05 10:36:07"}]}