Browse Reproductions

54 verified reproductions

REPRO-2026-00125 published

Grafana SQL Expressions RCE

Security critical

59m 16s Apr 1, 2026

REPRO-2026-00124 published

Vim modeline handling for the tabpanel option allows sandbox escape via autocmd_add, enabling OS command execution when opening a crafted file.

Security high github

19m 38s Apr 1, 2026

GHSA-2GMJ-RPQF-PXVH CVE-2026-34714

REPRO-2026-00119 published

PyTorch: weights_only Unpickler RCE via SETITEM Type Confusion

Security high pip

48m 8s Mar 2, 2026

GHSA-63cw-57p8-fm3p CVE-2026-24747

REPRO-2026-00118 published

cve-2026-21518

Security medium

40m 34s Feb 21, 2026

REPRO-2026-00115 published

eBay MCP Server Environment Variable Injection via Crafted Prompts

Security critical npm

@anthropic-ai/ebay-mcp-server

11m 39s Feb 20, 2026

GHSA-97rm-xj73-33jh CVE-2026-27203

REPRO-2026-00114 published

D-Tale Remote Code Execution via Custom Filter Input

Security critical pip

11m 53s Feb 20, 2026

GHSA-c87c-78rc-vmv2 CVE-2026-27194

REPRO-2026-00113 published

Feathers OAuth Authorization Header Leak to Third-Party

Security high npm

@feathersjs/authentication-oauth

7m 45s Feb 20, 2026

GHSA-9m9c-vpv5-9g85 CVE-2026-27192

REPRO-2026-00112 published

Statamic CMS Stored XSS via Markdown Fieldtype

Security high composer

7m 48s Feb 20, 2026

GHSA-8r7r-f4gm-wcpq CVE-2026-27197

REPRO-2026-00111 published

Formwork CMS Improper Privilege Management in User Creation

Security high composer

getformwork/formwork

12m 42s Feb 20, 2026

GHSA-34p4-7w83-35g2 CVE-2026-27198

REPRO-2026-00110 published

Deno Command Injection via Incomplete Metacharacter Blocklist

Security high rust

10m 5s Feb 20, 2026

GHSA-hmh4-3xvx-q5hr CVE-2026-27190

REPRO-2026-00109 published

Feathers OAuth Open Redirect Account Takeover

Security high npm

@feathersjs/authentication-oauth

12m 54s Feb 20, 2026

GHSA-ppf9-4ffw-hh4p CVE-2026-27191

REPRO-2026-00108 published

Zumba JSON Serializer PHP Object Injection

Security high composer

zumba/json-serializer

11m 26s Feb 20, 2026

GHSA-v7m3-fpcr-h7m2 CVE-2026-27206

REPRO-2026-00107 published

Swiper Prototype Pollution

Security critical npm

10m 21s Feb 20, 2026

GHSA-hmx5-qpq5-p643 CVE-2026-27212

REPRO-2026-00106 published

Dagu Unauthenticated RCE via Inline DAG Spec

Security critical go

github.com/dagu-org/dagu

18m 38s Feb 20, 2026

GHSA-6qr9-g2xw-cw92

REPRO-2026-00105 published

Fabric.js: Stored XSS via SVG Export

Security high npm

16m 24s Feb 19, 2026

GHSA-hfvx-25r5-qc3w CVE-2026-27013

REPRO-2026-00104 published

systeminformation: Command Injection via WiFi Interface Parameter

Security high npm

systeminformation

19m 36s Feb 19, 2026

GHSA-9c88-49p5-5ggf CVE-2026-26280

REPRO-2026-00103 published

jsPDF: PDF Object Injection via Unsanitized addJS Input

Security high npm

14m 30s Feb 19, 2026

GHSA-9vjf-qc39-jprp CVE-2026-25755

REPRO-2026-00102 published

jsPDF: PDF Injection in AcroForm RadioButton allows JS Execution

Security high npm

23m 38s Feb 19, 2026

GHSA-p5xg-68wr-hm3m CVE-2026-25940

REPRO-2026-00101 published

LibreNMS: Time-Based Blind SQL Injection in address-search

Security high composer

librenms/librenms

11m 33s Feb 19, 2026

GHSA-79q9-wc6p-cf92 CVE-2026-26990

REPRO-2026-00100 published

systeminformation: Command Injection via locate Output

Security high npm

systeminformation

18m 44s Feb 19, 2026

GHSA-5vv4-hvf7-2h46 CVE-2026-26318