mirror of
https://github.com/0x5t4l1n/CVE.git
synced 2026-05-26 19:26:32 +00:00
github-actions[bot]
36 lines
1.7 KiB
Markdown
36 lines
1.7 KiB
Markdown
# CVE Research
|
|
|
|
A collection of CVE disclosures and security patches by **Stalin S**.
|
|
|
|
- **Reported** — vulnerabilities discovered and reported by Stalin S.
|
|
- **Patched** — security issues where Stalin S coordinated and applied the fix.
|
|
|
|
---
|
|
|
|
## Reported
|
|
|
|
CVEs that were discovered and reported by Stalin S.
|
|
|
|
| CVE | Description | Severity |
|
|
|-----|-------------|----------|
|
|
| [CVE-2026-29905](reported/CVE-2026-29905.md) | Kirby CMS Persistent DoS via Malformed Image Upload | Medium |
|
|
| [CVE-2026-30081](reported/CVE-2026-30081.md) | Quantum Networks QN-I-470 Cleartext Credential Transmission | Pending |
|
|
| [CVE-2026-41037](reported/CVE-2026-41037.md) | Missing Rate Limiting (Quantum Networks Router) | High (8.7) |
|
|
| [CVE-2026-41039](reported/CVE-2026-41039.md) | Information Disclosure (Quantum Networks Router) | High (8.7) |
|
|
| [CVE-2026-42290](reported/CVE-2026-42290.md) | protobufjs `pbts` Command Injection via Unsanitized File Paths | High |
|
|
| [CVE-2026-45152](reported/CVE-2026-45152.md) | uniget Command Injection via Unsafe `tool.Check` Execution | High |
|
|
|
|
---
|
|
|
|
## Patched
|
|
|
|
CVEs where Stalin S fixed the security issue.
|
|
|
|
| CVE | Description | Severity |
|
|
|-----|-------------|----------|
|
|
| [CVE-2026-32138](patches/CVE-2026-32138.md) | API Key Exposure (Nexulean Website) | High |
|
|
| [CVE-2026-41575](patches/CVE-2026-41575.md) | DOM-Based XSS (IP Reputation Checker) | Moderate |
|
|
| [CVE-2026-41900](patches/CVE-2026-41900.md) | RCE via Sandbox Escape (OpenLearnX) | High |
|
|
| [CVE-2026-44720](patches/CVE-2026-44720.md) | Authentication Bypass via JWT Signature Verification Disabled (OpenLearnX) | Moderate |
|
|
| [CVE-2026-48098](patches/CVE-2026-48098.md) | Unsafe Use of sudo and shell=True in NexTOR IP Changer | High |
|