Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Featured AI POCs

Top 50 recently published CVEs with comprehensive Shenlong AI analysis. Each entry includes vulnerability mechanism, trigger conditions, exploit chain, and reproducible POC. Free users get 3 free unlocks per month. JSON

CVE-2020-25213CriticalCVSS 10.0
wordpress 代码问题漏洞
n/a / n/a
CVE-2020-35948CriticalCVSS 9.9
WordPress XCloner Backup and Restore plugin 安全漏洞
n/a / n/a
CVE-2021-42369CriticalCVSS 9.9
Imagicle Application Suite (For Cisco Uc) SQL注入漏洞
n/a / n/a
CVE-2026-6951CriticalCVSS 9.8
simple-git<3.36.0 RCE漏洞因--config未修复
n/a / simple-git
CVE-2020-7720CriticalCVSS 9.8
Prototype Pollution
n/a / node-forge
CVE-2020-7782CriticalCVSS 9.8
Command Injection
n/a / spritesheet-js
CVE-2020-7785CriticalCVSS 9.8
Command Injection
n/a / node-ps
CVE-2021-3120CriticalCVSS 9.8
WooCommerce for WordPress 代码问题漏洞
n/a / n/a
CVE-2021-23376CriticalCVSS 9.8
Arbitrary Command Injection
n/a / ffmpegdotjs
CVE-2021-23378CriticalCVSS 9.8
Arbitrary Command Injection
n/a / picotts
CVE-2021-23377CriticalCVSS 9.8
Arbitrary Command Injection
n/a / onion-oled-js
CVE-2021-3958CriticalCVSS 9.8
SQL Injection Vulnerability in Ipack SCADA Software
Ipack Automation Systems / Ipack SCADA Software
CVE-2026-23524CriticalCVSS 9.8
Laravel Redis Horizontal Scaling Insecure Deserialization
laravel / reverb
CVE-2026-23837CriticalCVSS 9.8
MyTube has an Authorization Bypass vulnerability
franklioxygen / MyTube
CVE-2020-27660CriticalCVSS 9.6
Synology SafeAccess SQL注入漏洞
Synology / Safe Access
CVE-2021-39185CriticalCVSS 9.1
Default CORS config allows any origin with credentials
http4s / http4s
CVE-2021-43834CriticalCVSS 9.1
Incorrect Authentication in elabftw
elabftw / elabftw
CVE-2021-42114CriticalCVSS 9.0
Scalable Rowhammering In the Frequency Domain to Bypass TRR Mitigations On Moder
Micron / Micron ddr4_sdram
CVE-2020-23834HighCVSS 8.8
Real Time Logic BarracudaDrive 安全漏洞
n/a / n/a
CVE-2020-9306HighCVSS 8.8
Tesla SolarCity Solar Monitoring Gateway 信任管理问题漏洞
n/a / n/a
CVE-2021-29468HighCVSS 8.8
Arbitrary code execution when checking out an attacker-controlled Git branch
me-and / Cygwin-Git
CVE-2021-32772HighCVSS 8.8
Improper Neutralization of Special Elements used in an OS Command ('OS Command I
MrChuckomo / poddycast
CVE-2021-39174HighCVSS 8.8
Configuration leak
fiveai / Cachet
CVE-2021-39172HighCVSS 8.8
New line injection during configuration edition
fiveai / Cachet
CVE-2021-39173HighCVSS 8.8
Forced reinstall
fiveai / Cachet
CVE-2021-39209HighCVSS 8.8
Bypassable CSRF protection
glpi-project / glpi
CVE-2021-25966HighCVSS 8.8
Orchard Core CMS - Improper Session Termination after Password Change
OrchardCore / Users
CVE-2021-43844HighCVSS 8.8
Externally Controlled Reference to a Resource in Another Sphere in MSEdgeRedirec
rcmaehl / MSEdgeRedirect
CVE-2022-22113HighCVSS 8.8
DayByDay CRM - Insufficient Session Expiration after Password Change
Bottelet / DaybydayCRM
CVE-2019-11043HighCVSS 8.7
Underflow in PHP-FPM can lead to RCE
PHP / PHP
CVE-2022-21690HighCVSS 8.7
Cross-Site Scripting in Onionshare
onionshare / onionshare
CVE-2021-23427HighCVSS 8.6
Arbitrary File Write via Archive Extraction (Zip Slip)
n/a / elFinder.NetCore
CVE-2021-23428HighCVSS 8.6
Directory Traversal
n/a / elFinder.NetCore
CVE-2021-41145HighCVSS 8.6
FreeSWITCH susceptible to Denial of Service via SIP flooding
signalwire / freeswitch
CVE-2026-23949HighCVSS 8.6
jaraco.context Has a Path Traversal Vulnerability
jaraco / jaraco.context
CVE-2020-27659HighCVSS 8.4
Synology SafeAccess 跨站脚本漏洞
Synology / Safe Access
CVE-2021-32737HighCVSS 8.4
XSS Injection in Media Collection Title was possible
sulu / sulu
CVE-2026-22031HighCVSS 8.4
Fastify Middie Middleware Path Bypass
fastify / middie
CVE-2020-5302HighCVSS 8.2
unprivileged user can access priviledged action in MH-WikiBot
examknow / MH-WikiBot
CVE-2020-7739HighCVSS 8.2
Server-side Request Forgery (SSRF)
n/a / phantomjs-seo
CVE-2020-7740HighCVSS 8.2
Server-side Request Forgery (SSRF)
n/a / node-pdf-generator
CVE-2020-28502HighCVSS 8.1
Arbitrary Code Injection
n/a / xmlhttprequest
CVE-2021-43833HighCVSS 8.1
Account takeover in eLabFTW
elabftw / elabftw
CVE-2026-23846HighCVSS 8.1
Tugtainer vulnerable to Password Exposure via URL Query Parameter
Quenary / tugtainer
CVE-2026-23876HighCVSS 8.1
Heap buffer overflow with attacker-controlled data in XBM parser
ImageMagick / ImageMagick
CVE-2021-32647HighCVSS 8.0
Post-authentication Remote Code Execution (RCE) in emissary:emissary
NationalSecurityAgency / emissary
CVE-2020-5256HighCVSS 7.9
Remote Code Execution Through Image Uploads in BookStack
BookStackApp / BookStack
CVE-2020-14363HighCVSS 7.8
X.Org libX11 输入验证错误漏洞
The X11 Project / libX11
CVE-2021-25985HighCVSS 7.8
FactorJS - Insufficient Session Expiration Leads to a Local Account Takeover
FactorJS / Factor
CVE-2021-42810HighCVSS 7.8
Safenet Authentication Service Remote Desktop Gateway prior to 2.0.3 may allow p
Thales / SafeNet Authentication Service

📥 Want the latest list as JSON? /api/featured-pocs.json

Open repo: github.com/imfht/cve-cn — README auto-generated weekly from this list.