keraattin/CVE-2026-39987 CVE-2026-39987: Marimo Python Notebook Pre-Auth RCE (CVSS 9.3). Python & Nmap NSE detection scripts. Missing authentication on /terminal/ws WebSocket endpoint gives attackers a full PTY shell without any credentials. Exploited in the wild within 10 hours of disclosure. Fixed in Marimo 0.23.0. Create: 2026-04-15 08:09:54 +0000 UTC Push: 2026-04-15 08:10:32 +0000 UTC |

Murguii/DEV-CVE-2021-4034 Repositorio para la práctica de DEV sobre la vulnerabilidad CVE-2021-4034. Realizada únicamente con fines académicos. Create: 2026-04-15 07:57:11 +0000 UTC Push: 2026-04-15 07:57:12 +0000 UTC |

AirSkye/CVE-2026-34486-poc CVE-2026-34486 Apache Tomcat EncryptInterceptor 绕过漏洞复现（使用GLM5.1复现完成） Create: 2026-04-15 07:30:15 +0000 UTC Push: 2026-04-15 07:30:15 +0000 UTC |

q1uf3ng/CVE-2025-51458-exp CVE-2025-51458 - DB-GPT Pre-Auth SQL Injection PoC Create: 2026-04-15 07:05:38 +0000 UTC Push: 2026-04-15 07:05:38 +0000 UTC |

tecnico4righettisollevamenti/CVE2026_SIMULATOR Create: 2026-04-15 06:49:26 +0000 UTC Push: 2026-04-15 06:49:26 +0000 UTC |

punitdarji/tomcat-cve-2026-34486 CVE labs Create: 2026-04-15 06:46:48 +0000 UTC Push: 2026-04-15 06:46:49 +0000 UTC |

maradonam18/-CVE-2025-59528-PoC A simple python script to exploit CVE-2025-59528, this an Authenticated RCE vulnerability in Flowise application, a popular AI tool. That is also used in HTB seasonal challenge. The issue is present in version <= 3.0.5, for more details: https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3gcm-f6qx-ff7p Create: 2026-04-15 06:28:59 +0000 UTC Push: 2026-04-15 06:28:59 +0000 UTC |

opsecramdan/react2shell-cve-2025-55182 Create: 2026-04-15 06:18:05 +0000 UTC Push: 2026-04-15 06:18:06 +0000 UTC |

Jonas-Holmberg/CVE-2008-2992 Writeup och POC för CVE-2008-2992 Create: 2026-04-15 06:02:18 +0000 UTC Push: 2026-04-15 06:02:18 +0000 UTC |

masterwok/POC-CVE-2026-1357 Proof-of-concept exploit for POC-CVE-2026-1357. WPvivid Backup & Migration plugin for WordPress <= 0.9.123. Create: 2026-04-15 05:02:07 +0000 UTC Push: 2026-04-15 05:02:07 +0000 UTC |

canpilayda/n8n-RCE-CVE-2025-68613 Create: 2026-04-14 22:41:29 +0000 UTC Push: 2026-04-14 22:41:30 +0000 UTC |

f8al/PoC-CVE-2020-9715 Create: 2026-04-14 21:07:59 +0000 UTC Push: 2026-04-14 21:07:59 +0000 UTC |

keraattin/CVE-2026-34197 CVE-2026-34197: Apache ActiveMQ Classic RCE via Jolokia API (CVSS 8.8). Python & Nmap NSE detection scripts. A 13-year-old vulnerability allows remote code execution through the addNetworkConnector MBean operation. Unauthenticated on versions 6.0.0 to 6.1.1. Fixed in 5.19.4 and 6.2.3. Create: 2026-04-14 20:44:24 +0000 UTC Push: 2026-04-14 20:44:54 +0000 UTC |

bsdrip/CVE-2025-24000-exploit Short Python script for exploiting CVE-2025–24000 based on this blog post: https://medium.com/@security_56355/from-subscriber-to-admin-reproducing-cve-2025-24000-in-wordpress-post-smtp-plugin-8105ff85e274 Create: 2026-04-14 17:15:02 +0000 UTC Push: 2026-04-14 17:15:02 +0000 UTC |

Spydomain/CVE-2026-33017-langflow-lab Create: 2026-04-14 17:09:51 +0000 UTC Push: 2026-04-14 17:09:52 +0000 UTC |

KeulenR01/Remediate-AdobeAcrobat-CVE-2026-34621 Create: 2026-04-14 15:14:39 +0000 UTC Push: 2026-04-14 15:14:40 +0000 UTC |

jensnesten/CVE-2026-6042-PoC Proof of concept of Algorithmic Complexity DoS in libc musl 0.8.0-1.2.6 Create: 2026-04-14 14:49:26 +0000 UTC Push: 2026-04-14 14:49:26 +0000 UTC |

Saku0512/CVE-2026-35585-poc Create: 2026-04-14 12:11:36 +0000 UTC Push: 2026-04-14 12:57:14 +0000 UTC |

NetsecBandit/CVE-2025-8110-Exploit Create: 2026-04-14 11:03:04 +0000 UTC Push: 2026-04-14 11:03:04 +0000 UTC |

Sonisi5085/CVE-2026-XNU-AIO-KEVENT-UAF Create: 2026-04-14 10:07:25 +0000 UTC Push: 2026-04-14 10:07:47 +0000 UTC |