Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

state:has-public-poc — CVE vulnerabilities tagged 20

20 CVE security advisories tagged "state:has-public-poc" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2026-7038 tufantunc ssh-mcp Command Line index.ts insufficiently protected credentials — ssh-mcpCWE-522 3.3 Low2026-04-26
CVE-2026-5557 badlogic pi-mono pi-mom Slack Bot slack.ts authentication bypass — pi-monoCWE-288 6.3 Medium2026-04-05
CVE-2026-5484 BookStackApp BookStack Chapter Export ExportFormatter.php chapterToMarkdown access control — BookStackCWE-284 5.3 Medium2026-04-03
CVE-2026-5320 vanna-ai vanna Chat API Endpoint v2 missing authentication — vannaCWE-306 7.3 High2026-04-02
CVE-2026-5125 raine consult-llm-mcp server.ts child_process.execSync os command injection — consult-llm-mcpCWE-78 5.3 Medium2026-03-30
CVE-2026-4963 huggingface smolagents Incomplete Fix CVE-2025-9959 local_python_executor.py evaluate_with code injection — smolagentsCWE-94 6.3 Medium2026-03-27
CVE-2026-4467 Comfast CF-AC100 mbox-config command injection — CF-AC100CWE-77 4.7 Medium2026-03-20
CVE-2026-4015 GPAC TeXML File load_text.c txtin_process_texml stack-based overflow — GPACCWE-121 5.3 Medium2026-03-12
CVE-2026-1589 itsourcecode School Management System index.php sql injection — School Management SystemCWE-89 7.3 High2026-01-29
CVE-2026-1119 itsourcecode Society Management System delete_activity.php sql injection — Society Management SystemCWE-89 7.3 High2026-01-18
CVE-2025-14096 Credential Disclosure vulnerability in Radiometer Products — ABL90 FLEX and ABL90 FLEX PLUS AnalyzersCWE-798 8.4 High2025-12-17
CVE-2025-13236 itsourcecode Inventory Management System index.php sql injection — Inventory Management SystemCWE-89 6.3 Medium2025-11-16
CVE-2025-12745 QuickJS quickjs.c js_array_buffer_slice buffer over-read — QuickJSCWE-126 5.3 Medium2025-11-05
CVE-2025-11317 Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findSingConfigPage.do findRolePage sql injection — Data Leakage Prevention System 天锐数据泄露防护系统CWE-89 7.3 High2025-10-06
CVE-2025-11310 Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findFileServerPage.do findFileServerPage sql injection — Data Leakage Prevention System 天锐数据泄露防护系统CWE-89 7.3 High2025-10-05
CVE-2025-9398 YiFang CMS Migrate.php exportInstallTable information disclosure — CMSCWE-200 5.3 Medium2025-08-24
CVE-2025-7831 code-projects Church Donation System Tithes.php sql injection — Church Donation SystemCWE-89 7.3 High2025-07-19
CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver — geoserverCWE-95 9.8 Critical2024-07-01
CVE-2023-3892 Unsafe XML parsing of 3rd party DICOM private tags may lead to XXE — MIM AssistantCWE-611 5.6 Medium2023-09-19
CVE-2020-29656 ASUS RT-AC88U 信息泄露漏洞 — n/a 9.1 -2020-12-09

Vulnerabilities classified as state:has-public-poc represent 20 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.