Skip to content

The catalog

Browse Reproductions

189 verified reproductions

RSS Feed

189 reproductions

REPRO-2026-00286 published

Log4j MapMessage emits invalid JSON for non-finite values

CVE-2026-49844 medium Security Variant found maven
org.apache.logging.log4j:log4j-api
11m 14s Jul 13, 2026
REPRO-2026-00285 published

Samba’s printing subsystem allows OS command injection via unescaped job description (%J), enabling remote code execution through crafted print jobs.

CVE-2026-4480 high Security Variant found generic
samba-team/samba
28m 55s Jul 13, 2026
REPRO-2026-00284 published

XRING: Alibaba XQUIC QPACK ring-buffer resize underflow

high Security Variant found github
Alibaba XQUIC
20m 53s Jul 11, 2026
REPRO-2026-00283 published

Nuclio cron trigger shell command injection leading to RCE

CVE-2026-52831 critical Security Variant found go
github.com/nuclio/nuclio
89m 0s Jul 11, 2026
REPRO-2026-00282 published

Apache Tomcat partial PUT session deserialization RCE

CVE-2025-24813 high Security maven
Apache Tomcat
42m 34s Jul 11, 2026
REPRO-2026-00281 published

Apache Kafka SASL/OAUTHBEARER accepts unvalidated JWTs

CVE-2026-33557 critical Security Variant found maven
Apache Kafka
44m 25s Jul 11, 2026
REPRO-2026-00280 published

Apache Tomcat examples app XSS in numguess.jsp

CVE-2026-50229 low Security Variant found github
apache/tomcat
16m 6s Jul 9, 2026
REPRO-2026-00279 published

Apache OpenNLP SvmDoccatModel unsafe deserialization

CVE-2026-43825 high Security Variant found github
apache/opennlp
14m 59s Jul 9, 2026
REPRO-2026-00278 published

libcurl HTTP/2 stream-dependency tree use-after-free

CVE-2026-10536 high Security Variant found github
curl/libcurl
22m 30s Jul 9, 2026
REPRO-2026-00277 published

Apache Airflow DAG author RCE via unrestricted import_string() in BaseSerialization.deserialize()

CVE-2026-33264 critical Security Variant found github
apache/airflow
16m 12s Jul 9, 2026
REPRO-2026-00276 published

Apache Gravitino unauthenticated H2 JDBC URL injection via testConnection API

CVE-2026-41042 low Security Variant found github
apache/gravitino
22m 47s Jul 9, 2026
REPRO-2026-00275 published

Coolify terminal WebSocket endpoints lack proper authorization checks, allowing low-privileged members to access terminal functionality and achieve remote command execution on managed hosts.

CVE-2026-34047 critical Security Variant found Composer
coollabsio/coolify
44m 2s Jul 8, 2026
REPRO-2026-00274 published

@better-auth/sso <1.6.11 allows non-blind SSRF via unvalidated OIDC endpoint URLs during SSO provider registration, with potential account takeover when trustEmailVerified is enabled.

CVE-2026-53513 critical Security Variant found npm
@better-auth/sso
30m 49s Jul 8, 2026
REPRO-2026-00273 published

Vtiger CRM through 8.4.0 allows authenticated admin users to achieve remote code execution by uploading a crafted module ZIP that places PHP files in the web-accessible modules/ directory.

CVE-2026-23698 high Security Variant found other
Vtiger CRM
33m 54s Jul 8, 2026
REPRO-2026-00272 published

EGroupware contains an authorization bypass in SmallPartMediaRecorder::ajax_upload combined with arbitrary file write and file read primitives, enabling authenticated (or self-registered) attackers to overwrite header.inc.php and achieve remote code execution.

CVE-2026-27823 critical Security Variant found Composer
egroupware/egroupware
78m 4s Jul 8, 2026
REPRO-2026-00271 published

Apache Airflow <3.3.0 allows deserialization of attacker-controlled class paths in BaseSerialization.deserialize(), enabling DAG authors to trigger RCE in the Scheduler/API Server via malicious serialized DAGs.

CVE-2026-33264 critical Security Variant found PyPI
apache/airflow
34m 38s Jul 8, 2026
REPRO-2026-00270 published

9router before 0.4.44 allows unauthenticated remote OS command execution via the /api/tunnel/tailscale-install endpoint by injecting shell commands in the sudoPassword field when sudo does not prompt for a password.

CVE-2026-59800 critical Security Variant found npm
9router (npm)
45m 53s Jul 8, 2026
REPRO-2026-00269 published

SP Page Builder for Joomla allows unauthenticated arbitrary file upload via asset.uploadCustomIcon, enabling PHP upload and remote code execution.

CVE-2026-48908 critical Security Variant found Joomla extension
SP Page Builder (com_sppagebuilder)
77m 51s Jul 8, 2026
REPRO-2026-00268 published

Langflow’s /api/v1/responses endpoint contains an IDOR that lets any authenticated user execute another user’s flow by supplying the victim’s flow UUID.

CVE-2026-55255 critical Security Variant found pip
langflow (pip)
28m 29s Jul 8, 2026
REPRO-2026-00267 published

Apache Camel embedded HTTP/management servers can bypass authentication on subpaths when a non-root context path is configured, allowing unauthenticated access to protected routes and management endpoints.

CVE-2026-40022 medium Security Variant found maven
org.apache.camel:camel-platform-http-main
20m 26s Jul 7, 2026