Skip to content

The catalog

Browse Reproductions

189 verified reproductions

RSS Feed

189 reproductions

REPRO-2026-00266 published

Unauthenticated arbitrary file operations in Splunk Enterprise PostgreSQL sidecar service (SVD-2026-0603)

CVE-2026-20253 critical Security Variant found github
splunk/splunk
63m 18s Jul 7, 2026
REPRO-2026-00265 published

Linux kernel kTLS Use-After-Free

CVE-2024-26582 high Security Variant found github
torvalds/linux
49m 32s Jul 7, 2026
REPRO-2026-00264 published

Apache Camel camel-docling improperly validates custom CLI arguments, enabling argument injection and path traversal when untrusted data is mapped into docling invocation headers.

CVE-2026-40047 critical Security Variant found Maven
apache/camel
41m 23s Jul 7, 2026
REPRO-2026-00263 published

c-ares CVE-2026-33630 RCE primitive construction from confirmed remote UAF

CVE-2026-33630 high Security Variant found c
c-ares/c-ares
54m 27s Jul 7, 2026
REPRO-2026-00262 published

ColdFusion 2025 Lockdown: open-RDS unauth direct-Tomcat absolute-path FILEIO RCE confirmed

CVE-2026-48282 critical Security
Adobe ColdFusion
80m 25s Jul 7, 2026
REPRO-2026-00261 published

BerriAI LiteLLM SQL injection

CVE-2026-42271 critical Security Variant found pip
BerriAI LiteLLM
168m 42s Jul 7, 2026
REPRO-2026-00259 published

iCagenda unauthenticated file upload RCE in public event submission form

CVE-2026-48939 critical Security Variant found joomla
iCagenda
107m 17s Jul 6, 2026
REPRO-2026-00258 published

Cudy LT300 3.0 OS command injection

CVE-2026-32833 high Security Variant found firmware
Cudy LT300 V3 firmware
93m 59s Jul 6, 2026
REPRO-2026-00257 published

Apache Airflow Google provider path traversal via GCS object names

CVE-2026-49297 medium Security Variant found pip
apache-airflow-providers-google
56m 55s Jul 6, 2026
REPRO-2026-00256 published

Pagekit CMS privilege escalation leading to RCE

CVE-2026-57518 high Security Variant found github
pagekit/pagekit
23m 15s Jul 6, 2026
REPRO-2026-00255 published

JAIOTlink C492A-W6 Wi‑Fi IP camera firmware accepts default admin credentials (blank password) over HTTP Basic auth, enabling network‑adjacent attackers to access snapshots and privileged APIs.

CVE-2026-58453 critical Security Variant found firmware
jingwenyi/SmartCamera (Anyka N1
29m 42s Jul 6, 2026
REPRO-2026-00254 published

Vibe-Trading DNS rebinding authentication bypass leading to RCE

CVE-2026-58169 high Security Variant found
Vibe-Trading (pip: vibe-trading-ai)
18m 8s Jul 6, 2026
REPRO-2026-00253 published

Pinpoint through 3.1.0 allows authenticated users to register internal webhook URLs, leading to SSRF when alarm webhooks are delivered.

CVE-2026-57947 medium Security Variant found maven
pinpoint-apm/pinpoint
59m 13s Jul 6, 2026
REPRO-2026-00252 published

Divi Form Builder WordPress plugin allows unauthenticated arbitrary file upload via user-controlled acceptFileTypes, leading to RCE by uploading executable PHP extensions and accessing them in /wp-content/uploads/de_fb_uploads/.

CVE-2026-5524 critical Security wordpress
divi-form-builder
20m 35s Jul 6, 2026
REPRO-2026-00251 published

Premmerce Wishlist for WooCommerce unauthenticated SQL injection

CVE-2026-54849 critical Security Variant found
Premmerce/Premmerce Wishlist for WooCommerce
27m 26s Jul 6, 2026
REPRO-2026-00250 published

JeecgBoot broken access control privilege escalation

CVE-2026-58377 high Security Variant found github
jeecgboot/JeecgBoot
31m 46s Jul 6, 2026
REPRO-2026-00249 published

ZAP ViewState add-on insecure deserialization RCE

CVE-2026-57527 high Security Variant found github
zaproxy/zap-extensions
26m 16s Jul 6, 2026
REPRO-2026-00248 published

containerd CRI checkpoint import RCE

CVE-2026-50195 critical Security Variant found
github.com/containerd/containerd/v2
39m 23s Jul 6, 2026
REPRO-2026-00247 published

Kestra unauthenticated RCE via AuthenticationFilter path bypass

CVE-2026-49869 critical Security Variant found
io.kestra:kestra (Kestra OSS)
26m 25s Jul 6, 2026
REPRO-2026-00246 published

Gradio FileExplorer path traversal

CVE-2026-49119 high Security Variant found github
gradio-app/gradio
21m 20s Jul 6, 2026