Skip to content

The catalog

Browse Reproductions

191 verified reproductions

RSS Feed

191 reproductions

REPRO-2026-00142 published

libheif: integer underflow out-of-bounds read crash via crafted HEIF stsc box

CVE-2026-32738 medium Security Variant found c
libheif
50m 30s May 22, 2026
REPRO-2026-00141 published

rsync: off-by-one out-of-bounds stack write in establish_proxy_connection

CVE-2026-45232 low Security Variant found c
rsync
29m 29s May 22, 2026
REPRO-2026-00140 published

zenshin: OS command injection in /stream-to-vlc url query parameter

CVE-2026-37281 critical Security Variant found
zenshin
28m 3s May 22, 2026
REPRO-2026-00139 published

libjwt: JWT algorithm-confusion authentication bypass via RSA JWK without alg

CVE-2026-44699 critical Security Variant found c
libjwt
13m 26s May 22, 2026
REPRO-2026-00138 published

FastMCP: path traversal to authenticated SSRF in OpenAPIProvider _build_url()

CVE-2026-32871 high Security Variant found pip
fastmcp
37m 15s May 22, 2026
REPRO-2026-00137 published

ExifReader: unbounded memory amplification DoS via crafted ICC mluc tag

CVE-2026-8813 high Security Variant found npm
exifreader
35m 45s May 22, 2026
REPRO-2026-00136 published

Microsoft APM: arbitrary file disclosure via symlink-following on apm install

CVE-2026-45539 high Security Variant found pip
apm
29m 1s May 22, 2026
REPRO-2026-00135 published

jsondiffpatch: prototype pollution via crafted delta in patch()

CVE-2026-8657 high Security Variant found npm
jsondiffpatch
23m 26s May 22, 2026
REPRO-2026-00134 published

lodash: prototype pollution in _.unset/_.omit deletes global prototype methods

CVE-2025-13465 medium Security Variant found npm
lodash
29m 27s May 22, 2026
REPRO-2026-00133 published

Drupal core: unauthenticated SQL injection via JSON:API filter array keys

CVE-2026-9082 critical Security Variant found composer
drupal/core
21m 27s May 22, 2026
REPRO-2026-00132 published

ShowDoc Unauthenticated File Upload RCE via deprecated ThinkPHP syntax

CVE-2025-0520 critical Security Variant found github
showdoc/showdoc
139m 41s Apr 14, 2026
REPRO-2026-00131 published

Apache Tomcat EncryptInterceptor Bypass via CVE-2026-29146 Fix Error - Missing Encryption of Sensitive Data

CVE-2026-34486 high Security Variant found
Apache Tomcat
19m 38s Apr 14, 2026
REPRO-2026-00130 published

pymetasploit3 command injection

CVE-2026-5463 critical Security Variant found PyPI
DanMcInerney/pymetasploit3
36m 8s Apr 4, 2026
REPRO-2026-00129 published

Go MCP SDK DNS Rebinding - Server-Side Request Forgery on AI Infrastructure

CVE-2026-34742 high Security Variant found Go module
github.com/modelcontextprotocol/go-sdk
38m 55s Apr 4, 2026
REPRO-2026-00128 published

Haraka Mail Server DoS via __proto__ prototype pollution in email headers

CVE-2026-34752 high Security Variant found github
npm/Haraka
17m 5s Apr 4, 2026
REPRO-2026-00127 published

cpp-httplib HTTP Request Smuggling via Unconsumed GET Request Body

CVE-2026-34441 high Security Variant found github
yhirose/cpp-httplib
61m 29s Apr 4, 2026
REPRO-2026-00126 published

Cesanta Mongoose mDNS Stack Buffer Overflow - Remote Code Execution PoC

CVE-2026-5245 critical Security Variant found github
cesanta/mongoose
53m 53s Apr 2, 2026
REPRO-2026-00125 published

Grafana SQL Expressions RCE

CVE-2026-27876 critical Security Variant found github
grafana/grafana
59m 16s Apr 1, 2026
REPRO-2026-00124 published

Vim modeline handling for the tabpanel option allows sandbox escape via autocmd_add, enabling OS command execution when opening a crafted file.

CVE-2026-34714 high Security Variant found github
Vim
19m 38s Apr 1, 2026
REPRO-2026-00119 published

PyTorch: weights_only Unpickler RCE via SETITEM Type Confusion

CVE-2026-24747 high Security Variant found pip
torch
48m 8s Mar 2, 2026