Malicious code in @oplus/obus-web-sdk-plugin-recovery (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7435b09e6ec064fe7ff0738becd8dd3445f1a73e97427a8fb9285460bd4f723 @oplus/[email protected] publishes to a likely-private internal scope at an artificially high version to win resolution against a...

poc-lab-pro

poc-lab-pro Recent CVE PoC & reproduction scripts. Focused on...

CVE-2026-44547

ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any 7.2.x tag was cut. Every shipped 7.2.x release...

SolarView 6.00 - Remote Command Execution

SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. id: CVE-2022-40881 info: name: SolarView 6.00 - Remote Command Execution author: For3stCo1d severity: critical description: | SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. impact: |...

hermes-sidecar-poc

Hermes PoC — Pod + Nacos + Math microservice Dubbo Triple S...

CIFSwitch

CIFSwitch CVE-2026-46243 Writeuphttps://heyitsas.im/post...

PHANTOM_old

PHANTOM Autonomous Penetration Testing Framework Recon -...

PT-2026-44400

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.9.6.1 Description An issue exists in the processing of the commandLineInterpreter parameter within the config.xml configuration file. The software fails to neutralize special elements, which allows an attacker to...

MAL-2026-4688 Malicious code in tempo-shared-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc05637e4f67c7a00ac3b790680f46174243df9c2740a161a029d4b266a79839 On npm install, the preinstall script poc.js collects host identity hostname, username, OS/platform, network configuration ipconfig / ip a /...

MAL-2026-4623 Malicious code in npm-builderio-qwik-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11a743cdce28dd141d636ff13baaee44df53fbaaed17efdc5a7380281b7097e1 The package's main entry index.js is a working browser exploit, not a library. When loaded in a DOM context, it creates a hidden iframe pointing at...

MAL-2026-4540 Malicious code in crypt0co-walet-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5510d98b1e380f6c130bf9b4428321d711ae88d8a4fcb66368a2f6fb4e7ff58 On require/import, index.js lines 6-12 serializes the full process.env to /tmp/pocimpact.json and runs whoami and ip addr via execSync to fingerprint...

pocx

pocx 一个完善的 yaml poc 引擎，poc 定义在wiki中 使用方法参考 example/main.go...

Flawfinder-ANSI-Exploit-POC

Flawfinder-ANSI-Exploit-POC In version 2.0.19 of Flawfinder, n...

Exploit for Code Injection in Anthropic Claude_Code

CVE-2025-59536 PoC Remote Code Execution via Claude Code Pr...

PoCLab

kernel-poc Minimal Linux kernel + QEMU environment for reprod...

pocxgen-agent

PoCXGen Agent An LLM-orchestrated multi-agent pipeline for au...

shenlong-cve-mcp

shenlong-cve-mcp The MCP Server from the Shenlong Vulnerabil...

PT-2026-39410

Name of the Vulnerable Software and Affected Versions Next.js versions 10.0.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description When self-hosting with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size...

PT-2026-39419

Name of the Vulnerable Software and Affected Versions Next.js versions 13.4.6 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description React Server Component responses are susceptible to cache poisoning in deployments utilizing shared caches with insufficient response partitioning...

PT-2026-39412

Name of the Vulnerable Software and Affected Versions Next.js versions 13.0.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description Applications using beforeInteractive scripts combined with untrusted content are susceptible to cross-site scripting XSS, a flaw where malicious scripts...