# CVE Research

A collection of CVE disclosures and security patches by **Stalin S**.

- **Reported** — vulnerabilities discovered and reported by Stalin S.
- **Patched** — security issues where Stalin S coordinated and applied the fix.

---

## Reported

CVEs that were discovered and reported by Stalin S.

| CVE | Description | Severity |
|-----|-------------|----------|
| [CVE-2026-29905](reported/CVE-2026-29905.md) | Kirby CMS Persistent DoS via Malformed Image Upload | Medium |
| [CVE-2026-30081](reported/CVE-2026-30081.md) | Quantum Networks QN-I-470 Cleartext Credential Transmission | Pending |
| [CVE-2026-41037](reported/CVE-2026-41037.md) | Missing Rate Limiting (Quantum Networks Router) | High (8.7) |
| [CVE-2026-41039](reported/CVE-2026-41039.md) | Information Disclosure (Quantum Networks Router) | High (8.7) |
| [CVE-2026-42290](reported/CVE-2026-42290.md) | protobufjs `pbts` Command Injection via Unsanitized File Paths | High |
| [CVE-2026-45152](reported/CVE-2026-45152.md) | uniget Command Injection via Unsafe `tool.Check` Execution | High |

---

## Patched

CVEs where Stalin S fixed the security issue.

| CVE | Description | Severity |
|-----|-------------|----------|
| [CVE-2026-32138](patches/CVE-2026-32138.md) | API Key Exposure (Nexulean Website) | High |
| [CVE-2026-41575](patches/CVE-2026-41575.md) | DOM-Based XSS (IP Reputation Checker) | Moderate |
| [CVE-2026-41900](patches/CVE-2026-41900.md) | RCE via Sandbox Escape (OpenLearnX) | High |
| [CVE-2026-44720](patches/CVE-2026-44720.md) | Authentication Bypass via JWT Signature Verification Disabled (OpenLearnX) | Moderate |