神龙 AI 精选 POC 榜

近期 50 条由神龙 Agent 完整分析的高 CVSS CVE，每条含漏洞原理、触发条件、利用链与可复现 POC。免费用户每月可解锁 3 条。 JSON

CVE-2026-7414CriticalCVSS 9.8

Hardcoded credentials in Yarbo robot firmware

Yarbo / Firmware

CVE-2026-7415CriticalCVSS 9.8

Open MQTT orchestration without read/write ACLs in Yarbo robot firmware

Yarbo / Firmware

CVE-2026-33937CriticalCVSS 9.8

Handlebars.js has JavaScript Injection via AST Type Confusion

handlebars-lang / handlebars.js

CVE-2026-32714CriticalCVSS 9.8

SciTokens vulnerable to SQL Injection in KeyCache

scitokens / scitokens

CVE-2026-33757CriticalCVSS 9.6

OpenBao lacks user confirmation for OIDC direct callback mode

openbao / openbao

CVE-2026-41589CriticalCVSS 9.6

Wish has SCP Path Traversal that allows arbitrary file read/write

charmbracelet / wish

CVE-2026-34714CriticalCVSS 9.2

Vim 操作系统命令注入漏洞

Vim / Vim

CVE-2026-33152CriticalCVSS 9.1

Tandoor Recipes Vulnerable to Unrestricted Brute-Force via BasicAuthentication

TandoorRecipes / recipes

CVE-2026-41902CriticalCVSS 9.1

FreeScout's user invitation hash never expires: permanent unauthenticated accoun

freescout-help-desk / freescout

CVE-2026-30877CriticalCVSS 9.1

baserCMS: OS Command Injection in the baserCMS Update Functionality

baserproject / basercms

CVE-2026-21861CriticalCVSS 9.1

baserCMS: OS Command Injection Leading to Remote Code Execution (RCE)

baserproject / basercms

CVE-2026-42215HighCVSS 8.8

GitPython: Command injection via Git options bypass

gitpython-developers / GitPython

CVE-2026-27893HighCVSS 8.8

vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user

vllm-project / vllm

CVE-2026-33506HighCVSS 8.8

DOM-Based XSS in Ory Polis Login Page

ory / polis

CVE-2026-7875HighCVSS 8.8

NanoClaw Host/Container Filesystem Boundary Vulnerability via Outbound Attachmen

Qwibit / NanoClaw

CVE-2026-41934HighCVSS 8.8

Vvveb < 1.0.8.2 Authenticated RCE via Code Editor

givanz / Vvveb

CVE-2026-41938HighCVSS 8.8

Vvveb < 1.0.8.2 RCE via Media Upload Handler

givanz / Vvveb

CVE-2026-41142HighCVSS 8.8

OpenEXR is Vulnerable to Integer overflow in ImageChannel::resize leads to heap

AcademySoftwareFoundation / openexr

CVE-2026-33943HighCVSS 8.8

Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as

capricorn86 / happy-dom

CVE-2026-5004HighCVSS 8.8

Wavlink WL-WN579X3-C UPNP firewall.cgi sub_4019FC stack-based overflow

Wavlink / WL-WN579X3-C

CVE-2026-5024HighCVSS 8.8

D-Link DIR-513 formSetEmail stack-based overflow

D-Link / DIR-513

CVE-2026-5021HighCVSS 8.8

Tenda F453 httpd PPTPUserSetting fromPPTPUserSetting stack-based overflow

Tenda / F453

CVE-2026-5036HighCVSS 8.8

Tenda 4G06 Endpoint DhcpListClient fromDhcpListClient stack-based overflow

Tenda / 4G06

CVE-2026-5042HighCVSS 8.8

Belkin F9K1122 Parameter formCrossBandSwitch stack-based overflow

Belkin / F9K1122

CVE-2026-5043HighCVSS 8.8

Belkin F9K1122 Parameter formSetPassword stack-based overflow

Belkin / F9K1122

CVE-2026-5044HighCVSS 8.8

Belkin F9K1122 Setting formSetSystemSettings stack-based overflow

Belkin / F9K1122

CVE-2026-5046HighCVSS 8.8

Tenda FH1201 Parameter WrlExtraSet formWrlExtraSet stack-based overflow

Tenda / FH1201

CVE-2026-5045HighCVSS 8.8

Tenda FH1201 Parameter WrlclientSet stack-based overflow

Tenda / FH1201

CVE-2026-5152HighCVSS 8.8

Tenda CH22 createFileName formCreateFileName stack-based overflow

Tenda / CH22

CVE-2026-5155HighCVSS 8.8

Tenda CH22 Parameter AdvSetWan fromAdvSetWan stack-based overflow

Tenda / CH22

CVE-2026-5156HighCVSS 8.8

Tenda CH22 Parameter QuickIndex formQuickIndex stack-based overflow

Tenda / CH22

CVE-2026-5154HighCVSS 8.8

Tenda CH22 Parameter setcfm fromSetCfm stack-based overflow

Tenda / CH22

CVE-2026-33631HighCVSS 8.7

ClearanceKit: opfilter policy bypass via non-open file operations

craigjbass / clearancekit

CVE-2026-41505HighCVSS 8.7

RELATE: Predictable Token Generation in auth.py and exam.py

inducer / relate

CVE-2025-32957HighCVSS 8.7

baserCMS: unsafe File Upload Leading to Remote Code Execution (RCE)

baserproject / basercms

CVE-2026-33661HighCVSS 8.6

WeChat Pay callback signature verification bypassed when Host header is localhos

yansongda / pay

CVE-2026-34352HighCVSS 8.5

TigerVNC 安全漏洞

TigerVNC / TigerVNC

CVE-2026-33747HighCVSS 8.4

BuildKit vulnerable to malicious frontend causing file escape outside of storage

moby / buildkit

CVE-2026-41422HighCVSS 8.3

Daptin vulnerable to SQL injection via unvalidated goqu.L() calls in aggregate A

daptin / daptin

CVE-2026-33941HighCVSS 8.3

Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names an

handlebars-lang / handlebars.js

CVE-2026-33980HighCVSS 8.3

Azure Data Explorer MCP Server: KQL Injection in multiple tools allows MCP clien

pab1it0 / adx-mcp-server

CVE-2026-41670HighCVSS 8.2

Admidio: SAML Response Sent to Unvalidated Assertion Consumer Service URL from A

Admidio / admidio

CVE-2026-33979HighCVSS 8.2

Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive

AhmedAdelFahim / express-xss-sanitizer

CVE-2026-34042HighCVSS 8.2

act: actions/cache server allows malicious cache injection

nektos / act

CVE-2026-33496HighCVSS 8.1

Ory Oathkeeper has an authentication bypass by cache key confusion

ory / oathkeeper

CVE-2026-42284HighCVSS 8.1

GitPython: Unsafe option check validates multi_options before shlex.split transf

gitpython-developers / GitPython

CVE-2026-42239HighCVSS 8.1

Budibase auth session cookies are set with httpOnly:false — any XSS can lead to

Budibase / budibase

CVE-2026-41936HighCVSS 8.1

Vvveb < 1.0.8.2 XML External Entity Injection via Import

givanz / Vvveb

CVE-2026-44331HighCVSS 8.1

ProFTPD 1.3.9a之前存在SQL注入漏洞

ProFTPD / ProFTPD

CVE-2026-33938HighCVSS 8.1

Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @part

handlebars-lang / handlebars.js

📥 拉 JSON 自动同步到你自己的工具：/api/featured-pocs.json

配套仓库：github.com/imfht/cve-cn — 每周从此榜单自动生成 README。

目標達成 すべての支援者に感謝 — 100%達成しました！

神龙 AI 精选 POC 榜

CVE-2026-7414CriticalCVSS 9.8

CVE-2026-7415CriticalCVSS 9.8

CVE-2026-33937CriticalCVSS 9.8

CVE-2026-32714CriticalCVSS 9.8

CVE-2026-33757CriticalCVSS 9.6

CVE-2026-41589CriticalCVSS 9.6

CVE-2026-34714CriticalCVSS 9.2

CVE-2026-33152CriticalCVSS 9.1

CVE-2026-41902CriticalCVSS 9.1

CVE-2026-30877CriticalCVSS 9.1

CVE-2026-21861CriticalCVSS 9.1

CVE-2026-42215HighCVSS 8.8

CVE-2026-27893HighCVSS 8.8

CVE-2026-33506HighCVSS 8.8

CVE-2026-7875HighCVSS 8.8

CVE-2026-41934HighCVSS 8.8

CVE-2026-41938HighCVSS 8.8

CVE-2026-41142HighCVSS 8.8

CVE-2026-33943HighCVSS 8.8

CVE-2026-5004HighCVSS 8.8

CVE-2026-5024HighCVSS 8.8

CVE-2026-5021HighCVSS 8.8

CVE-2026-5036HighCVSS 8.8

CVE-2026-5042HighCVSS 8.8

CVE-2026-5043HighCVSS 8.8

CVE-2026-5044HighCVSS 8.8

CVE-2026-5046HighCVSS 8.8

CVE-2026-5045HighCVSS 8.8

CVE-2026-5152HighCVSS 8.8

CVE-2026-5155HighCVSS 8.8

CVE-2026-5156HighCVSS 8.8

CVE-2026-5154HighCVSS 8.8

CVE-2026-33631HighCVSS 8.7

CVE-2026-41505HighCVSS 8.7

CVE-2025-32957HighCVSS 8.7

CVE-2026-33661HighCVSS 8.6

CVE-2026-34352HighCVSS 8.5

CVE-2026-33747HighCVSS 8.4

CVE-2026-41422HighCVSS 8.3

CVE-2026-33941HighCVSS 8.3

CVE-2026-33980HighCVSS 8.3

CVE-2026-41670HighCVSS 8.2

CVE-2026-33979HighCVSS 8.2

CVE-2026-34042HighCVSS 8.2

CVE-2026-33496HighCVSS 8.1

CVE-2026-42284HighCVSS 8.1

CVE-2026-42239HighCVSS 8.1

CVE-2026-41936HighCVSS 8.1

CVE-2026-44331HighCVSS 8.1

CVE-2026-33938HighCVSS 8.1

目標達成すべての支援者に感謝 — 100%達成しました！