https://poc-in-github.motikan2010.net/ PoC auto collect from GitHub. Be careful Malware. Wed, 13 May 2026 08:05:32 +0900 https://github.com/DepthFirstDisclosures/Nginx-Rift [GitHub]exploit for CVE-2026-42945 Wed, 13 May 2026 08:05:32 +0900 CVE-2026-42945 https://github.com/elvinsuleymanov/CVE-2026-45616 [GitHub]Stored XSS in Vvveb CMS Wed, 13 May 2026 22:42:10 +0900 CVE-2026-45616 https://github.com/0xBlackash/CVE-2026-44277 [GitHub]CVE-2026-44277 Wed, 13 May 2026 23:15:37 +0900 CVE-2026-44277 https://github.com/tc4dy/CVE-2026-0073-PoC-Exploit In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for exploitation.
[GitHub]🚀 CVE-2026-0073 - Android ADB Wireless Debugging Exploit (CVSS 8.8) 🔓 Zero-click authentication bypass via TLS type confusion. Gain interactive shell, execute commands, scan networks. Educational red-team tool. 🐚⚡ Wed, 13 May 2026 23:28:00 +0900 CVE-2026-0073 https://github.com/SilverRuler/copy-fail-CVE-2026-31431 In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
[GitHub]copy-fail-CVE-2026-31431 Wed, 13 May 2026 23:43:00 +0900 CVE-2026-31431 https://github.com/jcaz2378/ComfyUIrce An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface
[GitHub]Git CVE-2025-67303 payload Wed, 13 May 2026 23:46:40 +0900 CVE-2025-67303 https://github.com/emresandikci/nextjs-cve-2026-23870-checker [GitHub]Checker and fixer for all 13 vulnerabilities in the Next.js May 2026 security release (CVE-2026-23870) Wed, 13 May 2026 23:47:03 +0900 CVE-2026-23870 https://github.com/var77/CVE-2026-2005 [GitHub]PoC for CVE-2026-2005 Thu, 14 May 2026 00:29:43 +0900 CVE-2026-2005 https://github.com/ChernStepanov/DirtyFrag-for-dummies In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packet data can first make a private copy. The IPv4/IPv6 datagram append paths did not set this flag when splicing pages into UDP skbs. That leaves an ESP-in-UDP packet made from shared pipe pages looking like an ordinary uncloned nonlinear skb. ESP input then takes the no-COW fast path for uncloned skbs without a frag_list and decrypts in place over data that is not owned privately by the skb. Mark IPv4/IPv6 datagram splice frags with SKBFL_SHARED_FRAG, matching TCP. Also make ESP input fall back to skb_cow_data() when the flag is present, so ESP does not decrypt externally backed frags in place. Private nonlinear skb frags still use the existing fast path. This intentionally does not change ESP output. In esp_output
[GitHub]A tiny explanation + PoC for CVE-2026-43284 Thu, 14 May 2026 03:40:04 +0900 CVE-2026-43284 https://github.com/HORKimhab/CVE-2026-8196 A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
[GitHub]CVE-2026-8196 Wed, 13 May 2026 16:01:17 +0900 CVE-2026-8196