Archive by year
Every proof-of-concept grouped by CVE year. Entries without an assigned CVE are grouped by disclosure year.
2026
61 entriesCritical
libssh2 Unchecked SSH packet_length Integer Wrap to RCE (CVE-2026-55200)
CVE-2026-55200·
libssh2, ssh2_transport_read() in src/transport.c
patched
Critical
Fortinet FortiClient EMS Pre-Auth Bypass — "FortiBleed" (CVE-2026-35616)
CVE-2026-35616·
Fortinet FortiClient Endpoint Management Server (EMS)
unpatched
High
Citrix NetScaler ADC/Gateway Pre-Auth SAML Memory Overread — "CitrixBleed"-style Leak (CVE-2026-8451)
CVE-2026-8451·
Citrix NetScaler ADC and NetScaler Gateway
unpatched
Critical
Unauthenticated RCE in Mirasvit Full Page Cache Warmer for Magento 2 (CVE-2026-45247)
CVE-2026-45247·
Mirasvit Full Page Cache Warmer extension for Magento 2
unpatched
Critical
Unauthenticated RCE in Joomla Content Editor (JCE) Profile Import (CVE-2026-48907)
CVE-2026-48907·
Joomla Content Editor (JCE) extension by Widget Factory
unpatched
Medium
Squidbleed — Squid Proxy FTP Gateway Out-of-Bounds Heap Read (CVE-2026-47729)
CVE-2026-47729·
Squid Proxy — FTP gateway / directory-listing parser
patched
High
PAN-OS GlobalProtect Authentication Bypass via Forged Cookie (CVE-2026-0257)
CVE-2026-0257·
Palo Alto Networks PAN-OS — GlobalProtect portal and gateway (also affects certain Prisma Access deployments)
unpatched
High
Google Chromium V8 Out-of-Bounds Read/Write — Crash PoC (CVE-2026-11645)
CVE-2026-11645·
Google Chrome / Chromium — V8 JavaScript and WebAssembly engine
unpatched
Critical
Cisco Unified CM WebDialer SSRF to Arbitrary File Write / RCE (CVE-2026-20230)
CVE-2026-20230·
Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (SME)
unpatched
Medium
Cisco Catalyst SD-WAN Manager Arbitrary File Write (CVE-2026-20262)
CVE-2026-20262·
Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage)
unpatched
High
Authenticated Command Injection in LiteLLM MCP Test Endpoints (CVE-2026-42271)
CVE-2026-42271·
BerriAI LiteLLM (proxy) — MCP preview/test endpoints
patched
Critical
SP Page Builder (Joomla) Unauthenticated File Upload RCE (CVE-2026-48908)
CVE-2026-48908·
SP Page Builder extension for Joomla (joomshaper.net)
patched
High
Linux Kernel act_pedit Partial COW Page-Cache LPE (CVE-2026-46331)
CVE-2026-46331·
Linux Kernel — net/sched/act_pedit (traffic control packet editing)
unpatched
Critical
libssh2 SSH Packet Length OOB Heap Write / Unauthenticated RCE (CVE-2026-55200)
CVE-2026-55200·
libssh2 (SSH client library)
patched
Low
libcurl mTLS Connection Reuse Authentication Bypass (CVE-2026-8932)
CVE-2026-8932·
libcurl (embedded library; standalone curl CLI unaffected)
patched
Critical
GNU Inetutils telnetd Unauthenticated Root RCE via NEW-ENVIRON (CVE-2026-24061)
CVE-2026-24061·
GNU Inetutils telnetd
patched
Critical
GeoVision GV-I/O Box 4E DVRSearch Unauthenticated Stack Buffer Overflow RCE (CVE-2026-12485)
CVE-2026-12485·
GeoVision GV-I/O Box 4E (Linux-based smart embedded I/O device)
patched
High
FFmpeg MagicYUV Decoder Out-of-Bounds Write / RCE — PixelSmash (CVE-2026-8461)
CVE-2026-8461·
FFmpeg libavcodec — MagicYUV video decoder
patched
High
Claude Desktop Cowork VM Image Integrity Bypass / Local Persistence (CVE-2026-7574)
CVE-2026-7574·
Anthropic Claude Desktop — Cowork feature
unpatched
High
Windows CTFMON Arbitrary Section Object EoP — GreenPlasma (CVE-2026-45586)
CVE-2026-45586·
Windows Collaborative Translation Framework (CTFMON service)
patched
Critical
Ubiquiti UniFi OS Unauthenticated RCE Chain (CVE-2026-34908 / CVE-2026-34909 / CVE-2026-34910)
CVE-2026-34908, CVE-2026-34909, CVE-2026-34910·
Ubiquiti UniFi OS Server
patched
Critical
Splunk Enterprise Pre-Auth RCE via PostgreSQL Sidecar (CVE-2026-20253)
CVE-2026-20253·
Splunk Enterprise
patched
Critical
Ivanti Sentry Pre-Auth RCE + Auth Bypass (CVE-2026-10520 / CVE-2026-10523)
CVE-2026-10520, CVE-2026-10523·
Ivanti Sentry (formerly MobileIron Sentry)
patched
High
DirtyClone — Linux Kernel LPE via Cloned Packet Page-Cache Overwrite (CVE-2026-43503)
CVE-2026-43503·
Linux kernel (netfilter TEE / __pskb_copy_fclone())
patched
High
Cisco Catalyst SD-WAN Manager Privilege Escalation (CVE-2026-20245)
CVE-2026-20245·
Cisco Catalyst SD-WAN Manager (vManage), SD-WAN Controller (vSmart), SD-WAN Validator (vBond)
unpatched
Critical
Check Point Remote Access VPN IKEv1 Auth Bypass (CVE-2026-50751)
CVE-2026-50751·
Check Point Remote Access VPN / Mobile Access / Spark Firewall
patched
Medium
YellowKey — BitLocker Bypass via WinRE autofstx.exe (CVE-2026-45585)
CVE-2026-45585·
Windows BitLocker / WinRE (autofstx.exe)
patched
High
CVE-2026-50656 RoguePlanet — Safe Vulnerability Checker (Resurface)
CVE-2026-50656·
Microsoft Malware Protection Engine (mpengine.dll, MsMpEng.exe)
patched
High
RoguePlanet — Windows Defender LPE via ISO Mount + Task Scheduler Race Condition
CVE-2026-50656·
Microsoft Windows Defender / Windows Error Reporting Task Scheduler
unpatched
Critical
FirefUXSS: Universal XSS in Firefox Focus for iOS via Redirect-Scheme Validation Race Condition
Firefox Focus for iOS
unpatched
High
ssh-keysign-pwn: pidfd_getfd FD Theft via mm-NULL Exit Window (CVE-2026-46333)
CVE-2026-46333·
Linux kernel plus privileged userland binaries (ssh-keysign, chage)
patched
Critical
Netlogon CLDAP Stack Buffer Overflow (CVE-2026-41089)
CVE-2026-41089·
Microsoft Windows Netlogon (Domain Controller CLDAP path)
patched
High
LiteSpeed User-End cPanel Plugin Local Privilege Escalation (CVE-2026-48172)
CVE-2026-48172·
LiteSpeed cPanel Plugin
unpatched
Critical
Drupal Core PostgreSQL SQL Injection (CVE-2026-9082)
CVE-2026-9082 / SA-CORE-2026-004·
Drupal Core
unpatched
High
Notepad++ <= 8.9.6 Multiple Vulnerabilities (CVE-2026-48770, CVE-2026-48778, CVE-2026-48800)
CVE-2026-48770, CVE-2026-48778, CVE-2026-48800·
Notepad++
unpatched
High
PinTheft: RDS Double-Free → LPE
Linux kernel (RDS subsystem + io_uring)
unpatched
High
Chrome WebGPU Use-After-Free (CVE-2026-5281)
CVE-2026-5281·
Google Chrome / Chromium WebGPU (Dawn backend)
unpatched
Low
Next.js x-nextjs-data Cache Poisoning (CVE-2026-44572)
CVE-2026-44572·
Next.js Pages Router (redirect handling via middleware or next.config.js)
patched
High
Next.js WebSocket Upgrade SSRF (Self-Hosted) (CVE-2026-44578)
CVE-2026-44578·
Next.js standalone router server (next start)
unpatched
High
Next.js RSC Server-Action DoS via Flight Deserialization (CVE-2026-23870)
CVE-2026-23870·
Next.js App Router (React server-action / RSC reply parser)
unpatched
Medium
Next.js RSC Response Cache Poisoning (CVE-2026-44576)
CVE-2026-44576·
Next.js App Router deployments using React Server Components (RSC) behind shared caches
patched
Low
Next.js RSC Cache-Busting Weak Hash Collision (CVE-2026-44582)
CVE-2026-44582·
Next.js App Router
patched
Medium
Next.js Image Optimization API OOM DoS (Self-Hosted) (CVE-2026-44577)
CVE-2026-44577·
Next.js Image Optimization API (/_next/image) on self-hosted deployments
unpatched
High
Next.js i18n Middleware Bypass (CVE-2026-44573)
CVE-2026-44573·
Next.js Pages Router with i18n configuration
unpatched
High
Next.js Dynamic Route Injection Auth Bypass (CVE-2026-44574)
CVE-2026-44574·
Next.js App Router with dynamic route segments and middleware-based access control
unpatched
Medium
Next.js CSP Nonce Cache-Poisoned XSS (CVE-2026-44581)
CVE-2026-44581·
Next.js App Router applications using CSP nonces
patched
High
Next.js Cache Components Connection Exhaustion DoS (CVE-2026-44579)
CVE-2026-44579·
Next.js applications using Cache Components / Partial Prerendering (PPR)
patched
Medium
Next.js beforeInteractive Script XSS (CVE-2026-44580)
CVE-2026-44580·
Next.js applications using next/script with strategy="beforeInteractive"
patched
High
Next.js App Router Segment-Prefetch Middleware Bypass (CVE-2026-44575)
CVE-2026-44575·
Next.js App Router applications that rely on middleware.ts matchers to protect routes
patched
High
Copy Fail Linux Kernel Local Privilege Escalation (CVE-2026-31431)
CVE-2026-31431·
Linux kernel (crypto / AF_ALG AEAD path)
unpatched
Critical
Apache httpd mod_http2 Double-Free Pre-Auth RCE - CVE-2026-23918
CVE-2026-23918·
Apache HTTP Server (httpd) with mod_http2
patched
Critical
QEMUtiny - QEMU CXL Type-3 Memory Corruption Chain
QEMU CXL Type-3 device emulation (hw/cxl/cxl-mailbox-utils.c)
unpatched
Critical
cPanel & WHM Authentication Bypass via Session-File CRLF Injection (CVE-2026-41940)
CVE-2026-41940·
cPanel & WHM
patched
High
Chrome CSSFontFeatureValuesMap Use-After-Free (CVE-2026-2441)
CVE-2026-2441·
Google Chrome / Chromium-based browsers (Blink CSS engine)
unpatched
Critical
Adobe Acrobat/Reader Prototype Pollution Sandbox Escape (CVE-2026-34621)
CVE-2026-34621·
Adobe Acrobat DC / Adobe Acrobat Reader DC / Adobe Acrobat 2024 JavaScript engine sandbox boundary
unpatched
High
RedSun Privileged File Write (CVE-2026-33825)
CVE-2026-33825·
Microsoft Defender Antivirus (real-time protection) on Windows with Cloud Files APIs
patched
Medium
Exchange Health Checker Outbound Rule Blind Spot (CVE-2026-42897)
CVE-2026-42897·
Microsoft CSS-Exchange Health Checker (HealthChecker.ps1)
unpatched
High
BlueHammer Defender Local Privilege Escalation (CVE-2026-33825)
CVE-2026-33825·
Microsoft Defender Antivirus update/scan workflow on Windows
patched
Critical
NGINX Rift — Heap Buffer Overflow RCE (CVE-2026-42945)
CVE-2026-42945·
NGINX Open Source / NGINX Plus
unpatched
High
Linux XFRM ESP-in-TCP Local Privilege Escalation (Fragnesia)
CVE-2026-46300·
Linux kernel (XFRM ESP-in-TCP subsystem)
unpatched
Critical
Dirty Frag: Linux XFRM/RxRPC Page Cache Write Chain LPE
CVE-2026-43500, CVE-2026-43284·
Linux kernel
patched
2025
19 entriesCritical
Langflow Missing-Authentication Remote Code Execution (CVE-2025-3248)
CVE-2025-3248·
Langflow (open-source AI/LLM workflow builder)
patched
High
WinRAR Windows Path Traversal via NTFS Alternate Data Streams (CVE-2025-8088)
CVE-2025-8088·
WinRAR (Windows)
patched
Medium
Windows NTLM Hash Disclosure via File Explorer - CVE-2025-24054
CVE-2025-24054·
Windows File Explorer (Windows Shell)
patched
High
Windows MMC MSC EvilTwin - CVE-2025-26633
CVE-2025-26633·
Microsoft Management Console (MMC), Windows
patched
High
Windows Kernel Elevation of Privilege - Race Condition / Double-Free (CVE-2025-62215)
CVE-2025-62215·
Windows Kernel (ntoskrnl.exe / kernel resource synchronization)
patched
Critical
ToolShell - SharePoint Unauthenticated RCE Chain
CVE-2025-53770, CVE-2025-53771, CVE-2025-49704, CVE-2025-49706·
Microsoft SharePoint Server
patched
Critical
React2Shell - Next.js RSC Unauthenticated RCE
CVE-2025-55182·
Next.js (App Router with React Server Components), React
patched
High
Linux vsock Use-After-Free VM Escape (CVE-2025-21756)
CVE-2025-21756·
Linux kernel (vsock / virtual socket subsystem)
patched
Critical
Ivanti Connect Secure Pre-Auth RCE (Stack Overflow)
CVE-2025-0282·
Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateways
unpatched
Critical
IngressNightmare - Kubernetes Ingress-NGINX Unauthenticated RCE
CVE-2025-1974 (primary); also CVE-2025-1097, CVE-2025-1098, CVE-2025-24514·
Kubernetes Ingress-NGINX Controller (ingress-nginx)
unpatched
Critical
Fortinet FortiCloud SSO Authentication Bypass
CVE-2025-59718, CVE-2025-59719 (Advisory: FG-IR-25-647)·
Fortinet FortiOS, FortiProxy, FortiSwitchManager (FortiCloud SSO feature)
unpatched
Critical
Erlang/OTP SSH Pre-Auth RCE - CVE-2025-32433
CVE-2025-32433·
Erlang/OTP SSH server daemon
patched
Critical
Azure Networking Privilege Escalation via Missing Privilege Check
CVE-2025-54914·
Microsoft Azure Networking service (GetRouteTable API)
patched
Critical
Windows OLE Zero-Click RCE via Outlook RTF (CVE-2025-21298)
CVE-2025-21298·
Microsoft Windows OLE (ole32.dll) as reached by Outlook/Word RTF parsing
patched
Critical
Palo Alto PAN-OS Management Interface Authentication Bypass (CVE-2025-0108)
CVE-2025-0108·
Palo Alto Networks PAN-OS management web interface
patched
Critical
Citrix NetScaler CitrixBleed 2 Session Token Disclosure (CVE-2025-5777)
CVE-2025-5777·
Citrix NetScaler ADC / NetScaler Gateway login interface
patched
Critical
Apache Parquet Java Unsafe Deserialization RCE (CVE-2025-30065)
CVE-2025-30065·
Apache Parquet Java (parquet-avro) schema parsing consumers
unpatched
High
WinRAR Archive Extraction Path Traversal (CVE-2025-6218)
CVE-2025-6218·
WinRAR archive extraction workflow
unpatched
Critical
Next.js Corrupt Middleware Auth Bypass (CVE-2025-29927)
CVE-2025-29927·
Next.js (Vercel)
patched
2024
12 entriesCritical
Palo Alto PAN-OS GlobalProtect Unauthenticated RCE (CVE-2024-3400)
CVE-2024-3400·
Palo Alto Networks PAN-OS GlobalProtect gateway
patched
High
Linux nf_tables Use-After-Free Local Privilege Escalation (CVE-2024-1086)
CVE-2024-1086·
Linux kernel (netfilter nf_tables subsystem)
patched
Critical
Jenkins CLI Arbitrary File Read to RCE (CVE-2024-23897)
CVE-2024-23897·
Jenkins controller (CLI endpoint)
unpatched
Critical
Fortinet FortiManager FortiJump Unauthenticated RCE (CVE-2024-47575)
CVE-2024-47575·
Fortinet FortiManager / FortiManager Cloud (fgfmd daemon)
unpatched
High
Confluence Post-Auth RCE - CVE-2024-21683
CVE-2024-21683·
Atlassian Confluence Data Center and Server
unpatched
Critical
VMware vCenter Server DCE/RPC Heap Overflow RCE (CVE-2024-37079)
CVE-2024-37079·
VMware vCenter Server
patched
Medium
VMware ESXi Active Directory Authentication Bypass (CVE-2024-37085)
CVE-2024-37085·
VMware ESXi hosts joined to Microsoft Active Directory
unpatched
High
OpenSSH regreSSHion Signal-Handler Race Unauthenticated RCE (CVE-2024-6387)
CVE-2024-6387·
OpenSSH server daemon (sshd) on glibc-based Linux
patched
Critical
Fortinet FortiOS SSL VPN Unauthenticated RCE (CVE-2024-21762)
CVE-2024-21762·
Fortinet FortiOS SSL VPN (sslvpnd)
patched
Critical
Fortinet FortiOS / FortiProxy Authentication Bypass (CVE-2024-55591)
CVE-2024-55591·
Fortinet FortiOS/FortiProxy management interfaces
unpatched
Critical
LDAP Nightmare — Windows LDAP Client RCE/DoS (CVE-2024-49113)
CVE-2024-49113·
Microsoft Windows LDAP client / Netlogon interaction path
patched
High
CVE-2024-21338 — Local Privilege Escalation from Admin to Kernel
CVE-2024-21338·
Microsoft Windows AppLocker driver path (\\Device\\AppID)
patched
2023
2 entries2021
1 entry2020
1 entry(ven
1 entry(rep
1 entryass
33 entriesMedium
VLC Bundled FFmpeg VP9 Decoder Resolution-Change Heap Crash
None assigned as of 2026-07-03·
VLC media player, bundled FFmpeg VP9 decoder (plugins/codec/libavcodec_plugin.dll)
unpatched
High
System Informer phsvc Trusted-Host Confused Deputy LPE
None assigned as of 2026-07-03·
System Informer (Process Hacker successor), phsvc helper process
unpatched
High
RustDesk Relay Session Downgrade and FileTransfer Authorization Scope Bypass
None assigned as of 2026-07-03·
RustDesk (rustdesk/rustdesk) — client relay/session setup and server-side connection dispatcher
unpatched
Critical
Redis Vector Set Duplicate HNSW Node ID RCE
None assigned as of 2026-07-03·
Redis server, Vector Set module (modules/vector-sets)
unpatched
Critical
QEMU CXL Type-3 Mailbox Guest-to-Host Escape
None assigned as of 2026-07-03·
QEMU (CXL Type-3 device emulation, hw/cxl/cxl-mailbox-utils.c)
unpatched
High
Pillow ImageCms Mutable output_mode Heap OOB Write
None assigned as of 2026-07-03·
Pillow (Python Imaging Library fork), PIL.ImageCms module
unpatched
Critical
PHP 8.5.7 StreamBucket-to-SOAP Numeric Cookie Remote Code Execution
None assigned as of 2026-07-03·
PHP CLI (Zend Engine) — ArrayIterator, StreamBucket, SoapClient internals
unpatched
High
OpenVPN Connect Server-Pushed Option Current-User Command Execution
None assigned as of 2026-07-03·
OpenVPN Connect for Windows
unpatched
Medium
objdump DLX ELF Backend Out-of-Bounds Write (Crash-to-Calc)
None assigned as of 2026-07-03·
GNU Binutils objdump — DLX ELF backend (elf32-dlx)
unpatched
High
NodeBB ActivityPub attributedTo Local UID Spoof
None assigned as of 2026-07-03·
NodeBB — ActivityPub server-to-server inbox
unpatched
Low
Nmap IPv6 Extension-Header Length Wrap
None assigned as of 2026-07-03·
Nmap — shared packet parsing code (libnetutil/netutil.cc, tcpip.cc)
unpatched
High
nghttpx HTTP/1.1 Upgrade Request Body Response Queue Poisoning
None assigned as of 2026-07-03·
nghttp2's nghttpx reverse proxy
patched
High
Nextcloud Federated Share OCM Bearer Token Scope Escalation to Sender WebDAV Access
None assigned as of 2026-07-03·
Nextcloud Server — federated file sharing, OCM token exchange, WebDAV bearer authentication
unpatched
High
Next.js unstable_cache Object-Argument Cache-Key Collision
None assigned as of 2026-07-03·
Next.js (App Router, Data Cache)
unpatched
High
MyBB 1.8.40 Limited Admin CP User-Manager to Full Administrator Privilege Escalation
None assigned as of 2026-07-03 (see Notes — CVE-2026-45115 identifies a separate, already-patched MyBB issue)·
MyBB forum software, Admin CP add-user flow
unpatched
Critical
Lunar Client Modrinth Explore Raw-HTML to Local Launcher Execution Chain
None assigned as of 2026-07-03·
Lunar Client (Electron desktop application), Modrinth Explore integration
unpatched
Critical
libssh2 Publickey Subsystem List Parser Heap Corruption to Code Execution
None assigned as of 2026-07-03·
libssh2, publickey subsystem list parser (src/publickey.c)
unpatched
Medium
libarchive ZIP Declared-Size Boundary Bypass via debuginfod
None assigned as of 2026-07-03·
libarchive (ZIP reader) and elfutils debuginfod
unpatched
Critical
Ladybird Browser WebAssembly ESM Host-Function Use-After-Free RCE
None assigned as of 2026-07-03·
Ladybird web browser (WebContent process, LibWeb / LibWasm)
unpatched
High
ImageMagick Ghostscript Delegate Search Path Hijack
None assigned as of 2026-07-03·
ImageMagick (Ghostscript delegate for PDF/PS/EPS conversion) on Windows
unpatched
Critical
Gogs Admin User Edit CSRF to Git Hook RCE
None assigned as of 2026-07-03·
Gogs (self-hosted Git service)
unpatched
High
Gitea act_runner container.options Host Namespace Escape
None assigned as of 2026-07-03·
Gitea Actions act_runner (Docker-backed)
unpatched
Medium
Ghidra 12.1.2 Conditional Swift Demangler ACE (plus TraceRMI RCE and SevenZipJBinding Reachability)
None assigned as of 2026-07-03·
Ghidra (NSA reverse-engineering suite)
unpatched
High
Flowise Custom MCP Environment Variable Case Bypass
None assigned as of 2026-07-03·
Flowise / flowise-components
unpatched
Critical
Floci API Gateway VTL RCE + IAM Scope Bypass
None assigned as of 2026-07-03·
Floci (AWS-compatible local cloud emulator)
unpatched
High
Firefox Smart Window Private URL Exfiltration
None assigned as of 2026-07-03·
Firefox Smart Window (AI browsing assistant feature)
unpatched
Critical
FFmpeg RASC Decoder DLTA Heap Out-of-Bounds Write
None assigned as of 2026-07-03·
FFmpeg, libavcodec RASC decoder (AV_CODEC_ID_RASC)
unpatched
Medium
Docker cp Copy-Out Destination Escape via Symlink Race
None assigned as of 2026-07-03·
Docker Engine / CLI
unpatched
High
Discourse Scoped API Key Pre-Route Authorization Bypass
None assigned as of 2026-07-03·
Discourse (forum platform)
unpatched
Medium
curl SMTP EXPN Recipient CRLF Command Injection
None assigned as of 2026-07-03·
curl / libcurl (SMTP support)
unpatched
High
c-ares TCP ares_getaddrinfo() Use-After-Free Code Execution
None assigned as of 2026-07-03·
c-ares (async DNS resolver library)
unpatched
High
AnyDesk Printer Pipe COM Impersonation Local Privilege Escalation
None assigned as of 2026-07-03·
AnyDesk for Windows 9.7.6
unpatched
High
7-Zip RAR5 Mark-of-the-Web / ADS Full-Chain Bypass
None assigned as of 2026-07-03·
7-Zip 26.01 x64 for Windows
unpatched