Browse Reproductions
99 verified reproductions
REPRO-2026-00104 published
systeminformation: Command Injection via WiFi Interface Parameter
Security high npm
systeminformation
19m 36s Feb 19, 2026
GHSA-9c88-49p5-5ggf CVE-2026-26280
REPRO-2026-00103 published
jsPDF: PDF Object Injection via Unsanitized addJS Input
Security high npm
jspdf
14m 30s Feb 19, 2026
GHSA-9vjf-qc39-jprp CVE-2026-25755
REPRO-2026-00102 published
jsPDF: PDF Injection in AcroForm RadioButton allows JS Execution
Security high npm
jspdf
23m 38s Feb 19, 2026
GHSA-p5xg-68wr-hm3m CVE-2026-25940
REPRO-2026-00101 published
LibreNMS: Time-Based Blind SQL Injection in address-search
Security high composer
librenms/librenms
11m 33s Feb 19, 2026
GHSA-79q9-wc6p-cf92 CVE-2026-26990
REPRO-2026-00100 published
systeminformation: Command Injection via locate Output
Security high npm
systeminformation
18m 44s Feb 19, 2026
GHSA-5vv4-hvf7-2h46 CVE-2026-26318
REPRO-2026-00099 published
Semantic Kernel: RCE via InMemoryVectorStore Filter
Security critical pip
semantic-kernel
25m 13s Feb 19, 2026
GHSA-xjw9-4gw8-4rqx CVE-2026-26030
REPRO-2026-00098 published
SandboxJS: Host Prototype Pollution via Array Intermediary (Sandbox Escape)
Security critical npm
@nyariv/sandboxjs
16m 1s Feb 19, 2026
GHSA-ww7g-4gwx-m7wj CVE-2026-25881
REPRO-2026-00097 published
CASL Ability: Prototype Pollution via Condition Handling
Security critical npm
@casl/ability
6m 19s Feb 19, 2026
GHSA-x9vf-53q3-cvx6 CVE-2026-1774
REPRO-2026-00096 published
Milvus: Unauthenticated Access to Restful API on Metrics Port Leading to System Compromise
Security critical go
github.com/milvus-io/milvus
16m 18s Feb 19, 2026
GHSA-7ppg-37fh-vcr6 CVE-2026-26190
REPRO-2026-00095 published
Known CMS: Account Takeover via Password Reset Token Leakage
Security critical composer
idno/known
17m 40s Feb 19, 2026
GHSA-78wq-6gcv-w28r CVE-2026-26273
REPRO-2026-00094 published
OpenClaw: Path Traversal in Plugin Installation
Security critical npm
openclaw
7m 36s Feb 19, 2026
GHSA-qrq5-wjgg-rvqw
REPRO-2026-00093 published
Crawl4AI: Remote Code Execution in Docker API via Hooks Parameter
Security critical pip
Crawl4AI
10m 34s Feb 19, 2026
GHSA-5882-5rx9-xgxp CVE-2026-26216
REPRO-2026-00092 published
Payload CMS: Blind SQL Injection in JSON/RichText Queries via Drizzle Adapters
Security critical npm
@payloadcms/drizzle
15m 33s Feb 19, 2026
GHSA-xx6w-jxg9-2wh8 CVE-2026-25544
REPRO-2026-00091 published
Ghost CMS: Unauthenticated SQL Injection in Content API Slug Filter
Security critical npm
ghost
4m 15s Feb 19, 2026
GHSA-w52v-v783-gw97 CVE-2026-26980
REPRO-2026-00090 published
WinRAR ADS Path Traversal — Arbitrary Code Execution via Crafted Archive (CVE-2025-8088)
Security high
123m 42s Feb 17, 2026
GHSA-832g-3rcm-wcrf CVE-2025-8088
REPRO-2026-00089 published
pyca/cryptography SECT curve public key parsing lacks subgroup validation, enabling small-subgroup attacks that leak ECDH private key bits and allow ECDSA signature forgery.
Security high
cryptography (pip)
6m 32s Feb 15, 2026
GHSA-R6PH-V2QM-Q3C2 CVE-2026-26007
REPRO-2026-00088 published
Sliver has DNS C2 OTP Bypass that Allows Unauthenticated Session Flooding and Denial of Service
Security
13m 22s Feb 13, 2026
GHSA-WXRW-GVG8-FQJP
REPRO-2026-00087 published
Apache Druid basic security LDAP authenticator can be bypassed when the LDAP server allows anonymous binds, permitting login with any existing username and an empty password.
Security critical Maven
org.apache.druid.extensions:druid-basic-security
48m 55s Feb 13, 2026
GHSA-Q672-HFC7-G833 CVE-2026-23906
REPRO-2026-00086 published
RAGFlow MinerU parser Zip Slip allows arbitrary file overwrite and potential RCE via malicious ZIP archives.
Security pip (per GitHub advisory)
ragflow (RAGFlow)
8m 19s Feb 13, 2026
REPRO-2026-00085 published
Pillow 10.3.0–12.1.0 allows an out-of-bounds write when loading specially crafted PSD images, potentially leading to memory corruption.
Security
3m 16s Feb 13, 2026
GHSA-CFH3-3JMP-RVHC