Browse Reproductions

REPRO-2026-00185 published

HashiCorp Nomad: path traversal in host volume plugin loader → client-host RCE

Security high go

nomad

48m 9s May 28, 2026

GHSA-hx53-77qj-8663 CVE-2026-7474

REPRO-2026-00184 published

Temporal Server: batcher worker cross-namespace authorization bypass (BatchActivityWithProtobuf)

Security medium go

temporal

72m 49s May 28, 2026

REPRO-2026-00183 published

MapServer: heap-buffer-overflow in SLD Categorize parser (msSLDParseRasterSymbolizer)

Security high c

mapserver

14m 33s May 28, 2026

GHSA-cv4m-mr84-fgjp CVE-2026-33721

REPRO-2026-00173 published

wolfSSL: ECCSI universal signature forgery via missing scalar range check

Security high source

wolfssl

16m 28s May 28, 2026

REPRO-2026-00172 published

wolfSSL: EVP ChaCha20-Poly1305 decryption returns plaintext without verifying authentication tag

Security high source

wolfssl

12m 46s May 28, 2026

REPRO-2026-00171 published

nginx WebDAV: heap-buffer-overflow in COPY/MOVE with alias directive

Security high source

nginx

21m 40s May 28, 2026

REPRO-2026-00170 published

jq: integer overflow in jv_string_concat triggers heap buffer overflow on large strings

Security high github

jq

32m 33s May 28, 2026

GHSA-q3h9-m34w-h76f CVE-2026-32316

REPRO-2026-00169 published

DataEase: stacked-query SQL injection via previewSql with allowMultiQueries

Security high github

dataease

58m 29s May 26, 2026

REPRO-2026-00168 published

DataEase: authentication bypass via password-derived HMAC JWT signing key

Security high github

dataease

100m 11s May 25, 2026

REPRO-2026-00167 published

DataEase: Quartz JobStore Java deserialization RCE via QRTZ_JOB_DETAILS

Security high github

dataease

179m 9s May 25, 2026

REPRO-2026-00165 published

DataEase: JDBC parameter blocklist bypass via Lombok @Data setter exposure

Security medium github

dataease

111m 23s May 25, 2026

REPRO-2026-00160 published

Arelle: unauthenticated RCE via /rest/configure plugins URL parameter

Security critical pip

arelle

48m 18s May 23, 2026

REPRO-2026-00159 published

libheif: heap-buffer-overflow write decoding 1x4 grid of odd-height tiles

Security high c

libheif

41m 53s May 23, 2026

GHSA-frfr-f3vg-2g6j CVE-2026-32740

REPRO-2026-00158 published

goshs: PUT upload accepts cross-origin requests without CSRF token

Security medium go

github.com/patrickhener/goshs

35m 17s May 23, 2026

GHSA-rhf7-wvw3-vjvm CVE-2026-42091

REPRO-2026-00157 published

Fiber v3: cache middleware key collision leaks responses across different query strings

Security medium go

github.com/gofiber/fiber/v3

27m 11s May 23, 2026

GHSA-35hp-hqmv-8qg8 CVE-2026-30246

REPRO-2026-00156 published

Yii2: local file inclusion via View::renderPhpFile extract() of caller-controlled params

Security high composer

yiisoft/yii2

15m 11s May 23, 2026

GHSA-5vpg-rj7q-qpw2 CVE-2026-39850

REPRO-2026-00155 published

gitoxide (gix-fs): symlink worktree escape on checkout writes files outside the worktree

Security high cargo

gix-fs

33m 22s May 22, 2026

GHSA-f89h-2fjh-2r9q CVE-2026-44471

REPRO-2026-00153 published

Jupyter Server: path traversal via faulty startswith() root containment check

Security high pip

jupyter-server

25m 14s May 22, 2026

GHSA-5789-5fc7-67v3 CVE-2026-35397

REPRO-2026-00152 published

apko: symlink-following path traversal writes files outside the build root

Security high go

apko

20m 23s May 22, 2026

GHSA-qq3r-w4hj-gjp6 CVE-2026-42574

REPRO-2026-00151 published

Twig: sandbox bypass via SourcePolicy filter check enables arbitrary PHP callables

Security high composer

twig/twig

13m 7s May 22, 2026

GHSA-2q52-x2ff-qgfr CVE-2026-24425