The catalog
Browse Reproductions
189 verified reproductions
Popular records
Top viewed reproduction records
Frequently opened evidence pages with direct links to runnable proof and permanent REPRO IDs.
REPRO-2026-00281 Apache Kafka SASL/OAUTHBEARER accepts unvalidated JWTs REPRO-2026-00222 SimpleHelp OIDC authentication accepts unsigned/forged ID tokens, enabling remote authentication bypass and possible MFA bypass in versions 5.5.15 and earlier and 6.0 prereleases prior to the fixed release. REPRO-2026-00259 iCagenda unauthenticated file upload RCE in public event submission form REPRO-2026-00275 Coolify terminal WebSocket endpoints lack proper authorization checks, allowing low-privileged members to access terminal functionality and achieve remote command execution on managed hosts. REPRO-2026-00223 phpBB authentication bypass/account hijacking via OAuth login-link flow with arbitrary auth_provider=apache REPRO-2026-00258 Cudy LT300 3.0 OS command injection
189 reproductions
REPRO-2026-00286 published
Log4j MapMessage emits invalid JSON for non-finite values
CVE-2026-49844 medium Security
Variant found
maven
org.apache.logging.log4j:log4j-api
11m 14s Jul 13, 2026
REPRO-2026-00285 published
Samba’s printing subsystem allows OS command injection via unescaped job description (%J), enabling remote code execution through crafted print jobs.
CVE-2026-4480 high Security
Variant found
generic
samba-team/samba
28m 55s Jul 13, 2026
REPRO-2026-00284 published
XRING: Alibaba XQUIC QPACK ring-buffer resize underflow
high Security
Variant found
github
Alibaba XQUIC
20m 53s Jul 11, 2026
REPRO-2026-00283 published
Nuclio cron trigger shell command injection leading to RCE
CVE-2026-52831 critical Security
Variant found
go
github.com/nuclio/nuclio
89m 0s Jul 11, 2026
REPRO-2026-00282 published
Apache Tomcat partial PUT session deserialization RCE
CVE-2025-24813 high Security maven
Apache Tomcat
42m 34s Jul 11, 2026
REPRO-2026-00281 published
Apache Kafka SASL/OAUTHBEARER accepts unvalidated JWTs
CVE-2026-33557 critical Security
Variant found
maven
Apache Kafka
44m 25s Jul 11, 2026
REPRO-2026-00280 published
Apache Tomcat examples app XSS in numguess.jsp
CVE-2026-50229 low Security
Variant found
github
apache/tomcat
16m 6s Jul 9, 2026
REPRO-2026-00279 published
Apache OpenNLP SvmDoccatModel unsafe deserialization
CVE-2026-43825 high Security
Variant found
github
apache/opennlp
14m 59s Jul 9, 2026
REPRO-2026-00278 published
libcurl HTTP/2 stream-dependency tree use-after-free
CVE-2026-10536 high Security
Variant found
github
curl/libcurl
22m 30s Jul 9, 2026
REPRO-2026-00277 published
Apache Airflow DAG author RCE via unrestricted import_string() in BaseSerialization.deserialize()
CVE-2026-33264 critical Security
Variant found
github
apache/airflow
16m 12s Jul 9, 2026
REPRO-2026-00276 published
Apache Gravitino unauthenticated H2 JDBC URL injection via testConnection API
CVE-2026-41042 low Security
Variant found
github
apache/gravitino
22m 47s Jul 9, 2026
REPRO-2026-00275 published
Coolify terminal WebSocket endpoints lack proper authorization checks, allowing low-privileged members to access terminal functionality and achieve remote command execution on managed hosts.
CVE-2026-34047 critical Security
Variant found
Composer
coollabsio/coolify
44m 2s Jul 8, 2026
REPRO-2026-00274 published
@better-auth/sso <1.6.11 allows non-blind SSRF via unvalidated OIDC endpoint URLs during SSO provider registration, with potential account takeover when trustEmailVerified is enabled.
CVE-2026-53513 critical Security
Variant found
npm
@better-auth/sso
30m 49s Jul 8, 2026
REPRO-2026-00273 published
Vtiger CRM through 8.4.0 allows authenticated admin users to achieve remote code execution by uploading a crafted module ZIP that places PHP files in the web-accessible modules/ directory.
CVE-2026-23698 high Security
Variant found
other
Vtiger CRM
33m 54s Jul 8, 2026
REPRO-2026-00272 published
EGroupware contains an authorization bypass in SmallPartMediaRecorder::ajax_upload combined with arbitrary file write and file read primitives, enabling authenticated (or self-registered) attackers to overwrite header.inc.php and achieve remote code execution.
CVE-2026-27823 critical Security
Variant found
Composer
egroupware/egroupware
78m 4s Jul 8, 2026
REPRO-2026-00271 published
Apache Airflow <3.3.0 allows deserialization of attacker-controlled class paths in BaseSerialization.deserialize(), enabling DAG authors to trigger RCE in the Scheduler/API Server via malicious serialized DAGs.
CVE-2026-33264 critical Security
Variant found
PyPI
apache/airflow
34m 38s Jul 8, 2026
REPRO-2026-00270 published
9router before 0.4.44 allows unauthenticated remote OS command execution via the /api/tunnel/tailscale-install endpoint by injecting shell commands in the sudoPassword field when sudo does not prompt for a password.
CVE-2026-59800 critical Security
Variant found
npm
9router (npm)
45m 53s Jul 8, 2026
REPRO-2026-00269 published
SP Page Builder for Joomla allows unauthenticated arbitrary file upload via asset.uploadCustomIcon, enabling PHP upload and remote code execution.
CVE-2026-48908 critical Security
Variant found
Joomla extension
SP Page Builder (com_sppagebuilder)
77m 51s Jul 8, 2026
REPRO-2026-00268 published
Langflow’s /api/v1/responses endpoint contains an IDOR that lets any authenticated user execute another user’s flow by supplying the victim’s flow UUID.
CVE-2026-55255 critical Security
Variant found
pip
langflow (pip)
28m 29s Jul 8, 2026
REPRO-2026-00267 published
Apache Camel embedded HTTP/management servers can bypass authentication on subpaths when a non-root context path is configured, allowing unauthenticated access to protected routes and management endpoints.
CVE-2026-40022 medium Security
Variant found
maven
org.apache.camel:camel-platform-http-main
20m 26s Jul 7, 2026