CVEs-PoC/docs/index.html

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8" />
  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  <title>CVE PoC Hub</title>
  <link rel="icon" href="/favicon.ico" />
  <link rel="stylesheet" href="/style.css" />
  <script defer src="/assets/site.js"></script>
</head>
<body class="color-no-search">
  <header class="site-header">
    <div class="wrap">
      <div class="brand"><a href="/">CVE PoC Hub</a></div>
      <nav>
        <a href="/search/">PoC Search</a>
        <a href="/kev/">KEV</a>
        <a href="/epss/">EPSS</a>
      </nav>
    </div>
  </header>
  <main class="wrap">
<section class="hero hero-signal" data-search-root>
  <div class="hero-meta">
    <h1>CVE PoC Hub</h1>
    <p class="lede">Search PoCs, KEV, and EPSS quickly—no filler.</p>
  </div>
  <form class="searchForm" action="#">
    <input type="text" class="search" placeholder="Search CVE, vendor, product, or keyword" autocomplete="off">
  </form>
  <div class="stat-row">
    <div class="stat"><strong>264</strong><span>KEV entries tracked</span></div>
    <div class="stat"><strong>6</strong><span>High-EPSS not in KEV</span></div>
    <div class="stat"><strong>1</strong><span>New KEV in last 30 days</span></div>
  </div>
  <div class="search-results" data-results style="display:none">
    <div class="header">
      <h2>Results</h2>
      <span class="muted">Filter with negative terms (e.g., -windows)</span>
    </div>
    <div class="noResults">No results yet.</div>
    <div class="results-table hide">
      <table class="results">
        <thead>
          <tr>
            <td width="18%">CVE</td>
            <td>Description / PoC links</td>
          </tr>
        </thead>
        <tbody class="results"></tbody>
      </table>
    </div>
  </div>
</section>

<section class="section">
  <div class="section-header">
    <h1>Trending PoCs</h1>
    <span class="muted">Current year, updated in the last 4 days</span>
  </div>
  <div class="table-wrap" data-trending>
    <table>
      <thead><tr><th>Stars</th><th>Updated</th><th>Name</th><th>Description</th></tr></thead>
      <tbody id="trending-body">
        <tr>
          <td>360</td>
          <td>2 hours ago</td>
          <td><a href="https://github.com/Malayke/Next.js-RSC-RCE-Scanner-CVE-2025-66478" target="_blank">Next.js-RSC-RCE-Scanner-CVE-2025-66478</a></td>
          <td class="mono">A command-line scanner for batch detection of Next.js application versions and determining if they are affected by CVE-2025-66478 vulnerability.</td>
        </tr>
        <tr>
          <td>4</td>
          <td>13 hours ago</td>
          <td><a href="https://github.com/wangxso/CVE-2025-66478-POC" target="_blank">CVE-2025-66478-POC</a></td>
          <td class="mono">CVE-2025-66478 Proof of Concept</td>
        </tr>
        <tr>
          <td>4</td>
          <td>22 hours ago</td>
          <td><a href="https://github.com/bbaboha/CVE-2025-65318-and-CVE-2025-65319" target="_blank">CVE-2025-65318-and-CVE-2025-65319</a></td>
          <td class="mono">Insecure attachment handling when using Canary Mail or Blue mail</td>
        </tr>
        <tr>
          <td>78</td>
          <td>1 day ago</td>
          <td><a href="https://github.com/Ashwesker/Blackash-CVE-2025-55182" target="_blank">Blackash-CVE-2025-55182</a></td>
          <td class="mono">CVE-2025-55182</td>
        </tr>
        <tr>
          <td>17</td>
          <td>1 day ago</td>
          <td><a href="https://github.com/ThemeHackers/CVE-2025-55182" target="_blank">CVE-2025-55182</a></td>
          <td class="mono">a critical Remote Code Execution (RCE) vulnerability in React Server Components (RSC). It also includes a realistic &#34;Lab Environment&#34; to safely test and understand the vulnerability.</td>
        </tr>
        <tr>
          <td>6</td>
          <td>1 day ago</td>
          <td><a href="https://github.com/cybertechajju/CVE-2025-55184-POC-Expolit" target="_blank">CVE-2025-55184-POC-Expolit</a></td>
          <td class="mono"></td>
        </tr>
        <tr>
          <td>3</td>
          <td>1 day ago</td>
          <td><a href="https://github.com/ThemeHackers/CVE-2025-54100" target="_blank">CVE-2025-54100</a></td>
          <td class="mono">CVE-2025-54100 (CVSS 7.8 High) is a command injection vulnerability in the Invoke-WebRequest cmdlet of Windows PowerShell 5.1. It arises from improper neutralization of special elements during the automatic parsing of Web responses.</td>
        </tr>
        <tr>
          <td>5</td>
          <td>3 days ago</td>
          <td><a href="https://github.com/keklick1337/CVE-2025-55182-golang-PoC" target="_blank">CVE-2025-55182-golang-PoC</a></td>
          <td class="mono">CVE-2025-55182 React Server Components RCE - Go PoC</td>
        </tr>
      </tbody>
    </table>
  </div>
</section>

<section class="section">
  <div class="section-header">
    <h1>High EPSS not in KEV</h1>
    <span class="muted">Sorted by score</span>
  </div>
  <div class="table-wrap">
    <table data-require-poc data-require-desc>
      <thead><tr><th>CVE</th><th>EPSS</th><th>Percentile</th><th>PoCs</th><th>Summary</th></tr></thead>
      <tbody>
        <tr>
          <td class="cve-cell"><a href="/cve/?id=CVE-2025-8943">CVE-2025-8943</a></td>
          <td>0.658</td>
          <td>98th</td>
          <td>1</td>
          <td class="mono">The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise&#39;s inherent authentication and authorization model is minimal and lacks ro...</td>
        </tr>
        <tr>
          <td class="cve-cell"><a href="/cve/?id=CVE-2025-8518">CVE-2025-8518</a></td>
          <td>0.339</td>
          <td>97th</td>
          <td>1</td>
          <td class="mono">A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation l...</td>
        </tr>
        <tr>
          <td class="cve-cell"><a href="/cve/?id=CVE-2025-8730">CVE-2025-8730</a></td>
          <td>0.119</td>
          <td>93th</td>
          <td>2</td>
          <td class="mono">A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-c...</td>
        </tr>
        <tr>
          <td class="cve-cell"><a href="/cve/?id=CVE-2025-7795">CVE-2025-7795</a></td>
          <td>0.096</td>
          <td>93th</td>
          <td>3</td>
          <td class="mono">A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument pa...</td>
        </tr>
        <tr>
          <td class="cve-cell"><a href="/cve/?id=CVE-2025-9090">CVE-2025-9090</a></td>
          <td>0.092</td>
          <td>92th</td>
          <td>4</td>
          <td class="mono">A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible...</td>
        </tr>
        <tr>
          <td class="cve-cell"><a href="/cve/?id=CVE-2025-8085">CVE-2025-8085</a></td>
          <td>0.078</td>
          <td>92th</td>
          <td>1</td>
          <td class="mono">The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.</td>
        </tr>
      </tbody>
    </table>
  </div>
</section>
  </main>
  <footer class="site-footer">
    <div class="wrap">
      <span>Fast CVE triage without the noise.</span>
      <span><a href="https://github.com/0xMarcio/cve">GitHub repo</a></span>
    </div>
  </footer>
<script src="/logic.js"></script>
</body>
</html>