The catalog
Browse Reproductions
189 verified reproductions
Popular records
Top viewed reproduction records
Frequently opened evidence pages with direct links to runnable proof and permanent REPRO IDs.
REPRO-2026-00281 Apache Kafka SASL/OAUTHBEARER accepts unvalidated JWTs REPRO-2026-00222 SimpleHelp OIDC authentication accepts unsigned/forged ID tokens, enabling remote authentication bypass and possible MFA bypass in versions 5.5.15 and earlier and 6.0 prereleases prior to the fixed release. REPRO-2026-00259 iCagenda unauthenticated file upload RCE in public event submission form REPRO-2026-00275 Coolify terminal WebSocket endpoints lack proper authorization checks, allowing low-privileged members to access terminal functionality and achieve remote command execution on managed hosts. REPRO-2026-00223 phpBB authentication bypass/account hijacking via OAuth login-link flow with arbitrary auth_provider=apache REPRO-2026-00258 Cudy LT300 3.0 OS command injection
189 reproductions
REPRO-2026-00225 published
Node.js WebCrypto EdDSA verification accepted small-order points, allowing signature verification bypass for Ed25519/Ed448 before the 29890721 fix.
high Security other
nodejs
7m 45s Jul 4, 2026
REPRO-2026-00224 published
Node.js task runner improperly escapes single quotes on Unix, enabling shell syntax breakouts and potential command injection via `node --run` arguments.
high Security nodejs
node
47m 12s Jul 4, 2026
REPRO-2026-00223 published
phpBB authentication bypass/account hijacking via OAuth login-link flow with arbitrary auth_provider=apache
CVE-2026-48611 critical Security
Variant found
github
phpbb/phpbb
22m 9s Jul 4, 2026
REPRO-2026-00222 published
SimpleHelp OIDC authentication accepts unsigned/forged ID tokens, enabling remote authentication bypass and possible MFA bypass in versions 5.5.15 and earlier and 6.0 prereleases prior to the fixed release.
CVE-2026-48558 critical Security
Variant found
other (commercial, Java-based server application)
SimpleHelp
94m 25s Jul 4, 2026
REPRO-2026-00221 published
Linux kernel FUSE readdir cache out-of-bounds write
CVE-2026-31694 high Security
Variant found
Linux kernel (FUSE subsystem)
63m 5s Jul 3, 2026
REPRO-2026-00220 published
JuiceFS through 1.3.1 exposes debug/metrics endpoints via shared http.DefaultServeMux, enabling authentication bypass and leakage of sensitive metadata connection strings, with potential DoS via profiling handlers.
CVE-2026-59092 high Security
Variant found
go
JuiceFS (juicedata/juicefs)
14m 46s Jul 3, 2026
REPRO-2026-00219 published
AutoBangumi before 3.2.8 seeds a default admin account on empty databases, allowing unauthenticated users to log in with publicly known default credentials and gain full control.
CVE-2026-58466 critical Security
Variant found
standalone application (Python/FastAPI)
EstrellaXD/Auto_Bangumi
14m 56s Jul 3, 2026
REPRO-2026-00218 published
fast-mcp-telegram <=0.19.0 allows bearer token path traversal to authenticate as the default telegram.session, bypassing reserved session name protections and enabling unauthorized access to Telegram MCP tools.
CVE-2026-52830 critical Security
Variant found
pip
fast-mcp-telegram
17m 51s Jul 3, 2026
REPRO-2026-00217 published
9router hardcoded default fallback JWT secret allows authentication bypass
CVE-2026-49352 critical Security
Variant found
github
decolua/9router
13m 50s Jul 3, 2026
REPRO-2026-00212 published
DirtyClone Linux kernel page-cache corruption privilege escalation
CVE-2026-43503 critical Security
Variant found
linux
Linux kernel
70m 55s Jul 3, 2026
REPRO-2026-00211 published
Linux kernel bonding can inherit header_ops from non‑Ethernet slaves (e.g., GRE), causing type confusion and kernel crashes when dev_hard_header() is invoked on the bond device.
CVE-2026-43456 high Security
Variant found
linux
Linux kernel (bonding driver)
64m 59s Jul 3, 2026
REPRO-2026-00210 published
sigstore-js Insufficient Verification of Data Authenticity
CVE-2026-48816 medium Security
Variant found
github
sigstore/sigstore-js
18m 54s Jul 2, 2026
REPRO-2026-00209 published
Oj Ruby gem stack buffer overflow via large :indent value
CVE-2026-54502 medium Security
Variant found
Ruby
oj
18m 33s Jul 2, 2026
REPRO-2026-00208 published
Oj Ruby gem uninitialized stack memory leak via long JSON keys
CVE-2026-54500 medium Security
Variant found
oj (Optimized JSON) Ruby gem
20m 41s Jul 2, 2026
REPRO-2026-00207 published
@fastify/middie encoded slash bypass on parameterized middleware paths
CVE-2026-14198 critical Security
Variant found
@fastify/middie
9m 46s Jul 2, 2026
REPRO-2026-00206 published
runc symlink deletion via malicious /dev symlink in container image
CVE-2026-41579 low Security
Variant found
github.com/opencontainers/runc
25m 21s Jul 2, 2026
REPRO-2026-00205 published
auth-fetch-mcp SSRF via IPv4-mapped IPv6 loopback bypass
CVE-2026-49857 high Security
Variant found
npm
ymw0407/auth-fetch-mcp
17m 11s Jul 2, 2026
REPRO-2026-00203 published
JetWidgets For Elementor Stored XSS via Animated Box animation_effect
CVE-2026-11380 medium Security
Variant found
jetmonsters/jetwidgets-for-elementor
29m 27s Jul 2, 2026
REPRO-2026-00202 published
Open VSX Registry serves HTML inline enabling session/token exfiltration
CVE-2026-4983 medium Security
Variant found
Eclipse Open VSX (openvsx server)
36m 21s Jul 2, 2026
REPRO-2026-00201 published
Unauthenticated RCE in Langflow via public flow build endpoint
CVE-2026-33017 critical Security
Variant found
pip
langflow
25m 8s Jul 2, 2026