Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Featured AI POCs

Top 50 recently published CVEs with comprehensive Shenlong AI analysis. Each entry includes vulnerability mechanism, trigger conditions, exploit chain, and reproducible POC. Free users get 3 free unlocks per month. JSON

CVE-2026-16117CriticalCVSS 10.0
@fastify/http-proxy vulnerable to prefix escape via URL-encoded characters
CVE-2026-54159CriticalCVSS 10.0
ps_facetedsearch: PHP Object Injection in faceted search cache allows unauthenti
CVE-2026-45336CriticalCVSS 10.0
HireFlow: Use of Hard-coded Credentials
CVE-2026-46339CriticalCVSS 10.0
9Router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin
CVE-2026-46512CriticalCVSS 9.9
Frogman: Dialplan template parameters interpolated into extensions_custom.conf w
CVE-2026-54052CriticalCVSS 9.9
n8n-MCP: Cross-tenant access to workflow version backups in multi-tenant HTTP de
CVE-2026-52891CriticalCVSS 9.9
Wekan: Shell Injection via Avatar Upload
CVE-2026-63030CriticalCVSS 9.8
WordPress < 7.0.2 - REST API batch-route confusion and SQL injection issue leadi
CVE-2026-48062CriticalCVSS 9.8
CodeIgniter: Uploaded file extension validation bypass in `ext_in` rule
CVE-2026-44180CriticalCVSS 9.8
Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids can be
CVE-2026-45695CriticalCVSS 9.8
Kopia: Unauthenticated RCE via SSH ProxyCommand Injection when --insecure --with
CVE-2026-46562CriticalCVSS 9.8
Yamcs: Remote Code Execution via Mission Database algorithm override
CVE-2026-63087CriticalCVSS 9.8
Grafana OnCall 1.16.11 Unauthenticated Token Hijack via Plugin Install Endpoint
CVE-2026-55652CriticalCVSS 9.8
Wekan: Header-login IP allowlist bypass via X-Forwarded-For spoofing in Wekan al
CVE-2026-49352CriticalCVSS 9.8
9Router: Hardcoded Default fallback JWT Secret Allows Authentication Bypass
CVE-2026-55518CriticalCVSS 9.6
Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorize
CVE-2026-54496CriticalCVSS 9.3
Missing copy constraint in halo2_gadgets variable-base scalar multiplication all
CVE-2026-63089CriticalCVSS 9.3
WireGuard Easy Weak Token Generation Information Disclosure via OTL Route
CVE-2026-62241CriticalCVSS 9.1
clawvet < 0.7.5 Hard-coded JWT Secret Session Forgery
CVE-2026-44632CriticalCVSS 9.1
Yamcs: Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExp
CVE-2026-46621CriticalCVSS 9.1
Yamcs: Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injec
CVE-2026-11826HighCVSS 8.8
OpenPLC_v3 Heap-Based Buffer Overflow in Modbus Master getData()
CVE-2024-58362HighCVSS 8.8
SurrealDB before 1.5.5 Query Injection via RPC API
CVE-2023-54366HighCVSS 8.8
SurrealDB before 1.0.1 Insecure Default Table Permissions
CVE-2026-58195HighCVSS 8.8
Agentic-Flow: OS Command Injection in agentic-flow MCP server tools via unsaniti
CVE-2026-62233HighCVSS 8.8
grav-plugin-api < 1.0.6 Privilege Escalation via createApiKey
CVE-2026-63085HighCVSS 8.8
Axelor Open Platform 8.x < 8.2.2 Authorization Bypass via Nested Relational Reco
CVE-2026-62312HighCVSS 8.8
9Router: Authenticated RCE via Unvalidated MCP Plugin Arguments
CVE-2026-15631HighCVSS 8.7
@fastify/http-proxy vulnerable to prefix escape via WebSocket path traversal
CVE-2026-16158HighCVSS 8.7
@fastify/reply-from vulnerable to cross-upstream request routing via URL cache k
CVE-2026-54498HighCVSS 8.7
view_component: around_render HTML-Safety Bypass
CVE-2026-44739HighCVSS 8.7
Pimcore: SQL Injection in Custom Reports Column Configuration
CVE-2026-44023HighCVSS 8.6
Docling Core has unsafe remote filename resolution
CVE-2026-63086HighCVSS 8.6
text-generation-inference 3.3.7 SSRF via fetch_image in multimodal chat completi
CVE-2026-57206HighCVSS 8.6
SimpleChat plugin validation endpoints missing authentication and authorization
CVE-2026-63306HighCVSS 8.6
stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints
CVE-2026-48795HighCVSS 8.6
Incomplete fix for CVE-2026-25754 in @adonisjs/bodyparser
CVE-2024-58366HighCVSS 8.5
SurrealDB before 1.1.1 Format String via Scripting Functions
CVE-2026-55234HighCVSS 8.5
Wekan: Broken access control: any authenticated user can move their Cards/Lists/
CVE-2026-49998HighCVSS 8.2
Centrifugo: Dynamic JWKS key cache keyed only by `kid` allows cross-issuer JWT a
CVE-2026-45325HighCVSS 8.2
Gestor de Oferta: Prototype pollution in @tmlmobilidade/utils setValueAtPath
CVE-2026-9323HighCVSS 8.1
Insecure PRNG and Information Exposure in urwid Web Display Backend
CVE-2026-45260HighCVSS 8.1
Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling
CVE-2026-63094HighCVSS 8.1
SigNoz 0.133.0 SSO OAuth State Manipulation Session Token Theft
CVE-2026-62231HighCVSS 8.1
Grav < 1.0.6 API Key Scope Bypass via ApiKeyAuthenticator
CVE-2026-62234HighCVSS 8.1
Grav < 2.0.4 SSRF via Unrestricted cURL Protocols
CVE-2026-43978HighCVSS 8.1
wger: Privilege escalation via trainer-login session chaining allows gym trainer
CVE-2026-44019HighCVSS 8.1
Docling Core has insufficient validation of image reference URIs
CVE-2026-46353HighCVSS 8.1
BigBlueButton API checksum bypass via presentationUploadExternalUrl
CVE-2026-46351HighCVSS 8.1
BigBlueButton: Insecure Randomness allows to guess user's conference session tok

📥 Want the latest list as JSON? /api/featured-pocs.json

Open repo: github.com/imfht/cve-cn — README auto-generated weekly from this list.