Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Featured AI POCs

Top 50 recently published CVEs with comprehensive Shenlong AI analysis. Each entry includes vulnerability mechanism, trigger conditions, exploit chain, and reproducible POC. Free users get 3 free unlocks per month. JSON

CVE-2021-21321CriticalCVSS 10.0
Prefix escape
fastify / fastify-reply-from
CVE-2018-21268CriticalCVSS 10.0
traceroute 注入漏洞
n/a / n/a
CVE-2026-7415CriticalCVSS 9.8
Open MQTT orchestration without read/write ACLs in Yarbo robot firmware
Yarbo / Firmware
CVE-2020-15086CriticalCVSS 9.8
Potential Remote Code Execution in TYPO3 with mediace extension
FriendsOfTYPO3 / mediace
CVE-2026-5853CriticalCVSS 9.8
Totolink A7100RU CGI cstecgi.cgi setIpv6LanCfg os command injection
Totolink / A7100RU
CVE-2026-5854CriticalCVSS 9.8
Totolink A7100RU CGI cstecgi.cgi setWiFiEasyCfg os command injection
Totolink / A7100RU
CVE-2020-15124CriticalCVSS 9.6
Path traversal in Goobi viewer Core
intranda / goobi-viewer-core
CVE-2022-35924CriticalCVSS 9.1
Verification requests (magic link) sent to unwanted emails
nextauthjs / next-auth
CVE-2020-15152CriticalCVSS 9.1
Server-Side Request Forgery in ftp-srv
autovance / ftp-srv
CVE-2026-5605HighCVSS 8.8
Tenda CH22 WrlExtraSet formWrlExtraSet stack-based overflow
Tenda / CH22
CVE-2026-41143HighCVSS 8.8
YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::
YesWiki / yeswiki
CVE-2026-7855HighCVSS 8.8
D-Link DI-8100 HTTP Request tggl.asp tggl_asp buffer overflow
D-Link / DI-8100
CVE-2026-5548HighCVSS 8.8
Tenda AC10 httpd fromSysToolChangePwd stack-based overflow
Tenda / AC10
CVE-2026-5550HighCVSS 8.8
Tenda AC10 httpd fromSysToolChangePwd stack-based overflow
Tenda / AC10
CVE-2026-5544HighCVSS 8.8
UTT HiPER 1250GW formRemoteControl stack-based overflow
UTT / HiPER 1250GW
CVE-2026-5567HighCVSS 8.8
Tenda M3 Destination setAdvPolicyData buffer overflow
Tenda / M3
CVE-2019-25673HighCVSS 8.8
UniSharp Laravel File Manager v2.0.0-alpha7 Arbitrary File Upload
UniSharp / Laravel File Manager
CVE-2026-5604HighCVSS 8.8
Tenda CH22 Parameter CertLocalPrecreate formCertLocalPrecreate stack-based overf
Tenda / CH22
CVE-2026-5608HighCVSS 8.8
Belkin F9K1122 formWlanSetup stack-based overflow
Belkin / F9K1122
CVE-2026-5611HighCVSS 8.8
Belkin F9K1015 formCrossBandSwitch stack-based overflow
Belkin / F9K1015
CVE-2026-5610HighCVSS 8.8
Belkin F9K1015 formWISP5G stack-based overflow
Belkin / F9K1015
CVE-2026-5612HighCVSS 8.8
Belkin F9K1015 formWlEncrypt stack-based overflow
Belkin / F9K1015
CVE-2026-5609HighCVSS 8.8
Tenda i12 Parameter wifiSSIDset formwrlSSIDset stack-based overflow
Tenda / i12
CVE-2026-5708HighCVSS 8.8
Improper Control of User-Modifiable Attributes in RES CreateSession API
AWS / Research and Engineering Studio (RES)
CVE-2026-5707HighCVSS 8.8
Command Injection via Virtual Desktop Session Name in AWS Research and Engineeri
AWS / Research and Engineering Studio (RES)
CVE-2026-5004HighCVSS 8.8
Wavlink WL-WN579X3-C UPNP firewall.cgi sub_4019FC stack-based overflow
Wavlink / WL-WN579X3-C
CVE-2026-5024HighCVSS 8.8
D-Link DIR-513 formSetEmail stack-based overflow
D-Link / DIR-513
CVE-2026-5021HighCVSS 8.8
Tenda F453 httpd PPTPUserSetting fromPPTPUserSetting stack-based overflow
Tenda / F453
CVE-2026-41938HighCVSS 8.8
Vvveb < 1.0.8.2 RCE via Media Upload Handler
givanz / Vvveb
CVE-2026-5036HighCVSS 8.8
Tenda 4G06 Endpoint DhcpListClient fromDhcpListClient stack-based overflow
Tenda / 4G06
CVE-2026-5043HighCVSS 8.8
Belkin F9K1122 Parameter formSetPassword stack-based overflow
Belkin / F9K1122
CVE-2026-5042HighCVSS 8.8
Belkin F9K1122 Parameter formCrossBandSwitch stack-based overflow
Belkin / F9K1122
CVE-2020-4062HighCVSS 8.7
Improper Access Control in Conjur OSS Helm Chart
CyberArk / Conjur OSS Helm Chart
CVE-2026-35595HighCVSS 8.3
Vikunja Affected by Privilege Escalation via Project Reparenting
go-vikunja / vikunja
CVE-2019-25674HighCVSS 8.2
CMSsite 1.0 SQL Injection via post Parameter
VictorAlagwu / CMSsite
CVE-2026-34982HighCVSS 8.2
Vim modeline bypass via various options affects Vim < 9.2.0276
vim / vim
CVE-2026-33979HighCVSS 8.2
Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive
AhmedAdelFahim / express-xss-sanitizer
CVE-2026-34578HighCVSS 8.2
OPNsense has an LDAP Injection via Unsanitized Username in Authentication
opnsense / core
CVE-2026-35607HighCVSS 8.1
File Browser: Proxy auth auto-provisioned users inherit Execute permission and C
filebrowser / filebrowser
CVE-2026-5436HighCVSS 8.1
MW WP Form <= 5.1.1 - Unauthenticated Arbitrary File Move via regenerate_upload_
inc2734 / MW WP Form
CVE-2026-35045HighCVSS 8.1
Tandoor Recipes Affected by Private Recipe Exposure and Unauthorized Modificatio
TandoorRecipes / recipes
CVE-2026-33938HighCVSS 8.1
Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @part
handlebars-lang / handlebars.js
CVE-2026-42239HighCVSS 8.1
Budibase auth session cookies are set with httpOnly:false — any XSS can lead to
Budibase / budibase
CVE-2026-5684HighCVSS 8.0
Tenda CX12L webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow
Tenda / CX12L
CVE-2021-29437HighCVSS 8.0
Account compromise by man-in-the-middle attack
ScratchVerifier / ScratchOAuth2
CVE-2026-40029HighCVSS 7.8
parseusbs < 1.9 Command Injection via Crafted LNK Filename
khyrenz / parseusbs
CVE-2026-40030HighCVSS 7.8
parseusbs < 1.9 Command Injection via Volume Path Argument
khyrenz / parseusbs
CVE-2026-39361HighCVSS 7.7
OpenObserve has a SSRF Protection Bypass via IPv6 Bracket Notation in validate_e
openobserve / openobserve
CVE-2021-21402HighCVSS 7.7
Unauthenticated Arbitrary File Access in Jellyfin
jellyfin / jellyfin
CVE-2020-11075HighCVSS 7.7
Shell Escape in Anchore Engine
anchore / anchore-engine

📥 Want the latest list as JSON? /api/featured-pocs.json

Open repo: github.com/imfht/cve-cn — README auto-generated weekly from this list.