A Collection of Security Vulnerability Reports Discovered and Disclosed by ZAST.AI
This repository contains detailed analysis reports of security vulnerabilities discovered by the ZAST.AI. We are committed to responsible disclosure of these vulnerabilities and collaboration with the open-source community to enhance software security.
- Transparent sharing of discovered security vulnerabilities
- Helping developers understand and fix common security issues
- Promoting security awareness in the open-source community
- Establishing best practices for responsible vulnerability disclosure
| Project & Affected Version | Vulnerability Type | Report | Disclosure | Popularity |
|---|---|---|---|---|
| WP HTML in Category Descriptions<=1.2.4 | Stored-XSS | Report | CVE-2026-0693 | - |
| WP Slider Future <= 1.0.5 | RCE (Arbitrary File Upload) | Report | CVE-2026-1405 | - |
| WP Easy PHP Settings <= 1.0.4 | Code Injection | Report | CVE-2026-3352 | - |
| WP Content Visibility for Divi Builder<=4.01 | Code Injection | Report | CVE-2026-1829 | - |
| Prime <=0.4.0 | Sensitive Info Disclosure | Report | CVE-2026-1170 |  |
| Prime <=0.4.0 | GraphQL Field Duplication | Report | CVE-2026-1171 | |
| Prime <=0.4.0 | GraphQL Directive Overloading | Report | CVE-2026-1172 | |
| Prime <=0.4.0 | GraphQL Array Based Query Batching | Report | CVE-2026-1173 | |
| Prime <=0.4.0 | GraphQL Aliases Overloading | Report | CVE-2026-1174 | |
| Prime <=0.4.0 | Directive Information Disclosure | Report | CVE-2026-1175 | |
| Prime <=0.4.0 | CSRF | Report | CVE-2026-1169 | |
| Digital-Infrastructure<=9.6.7 | SQL injection | Report | CVE-2026-1050 |  |
| pycel <=1.0b30 | Arbitrary Code Execution | Report | CVE-XXX |  |
| Apache Commons Digester<=2.1&3.2 | SSRF | Report | Rejected? | #36 Config Lib |
| changedetection.io <= 0.52.6 | SSRF | Report | CVE-XXX |  |
| busy <=2.5.5 | Open Redirect | Report | CVE-2026-2709 |  |
| worldquant-miner <=1.0.9 | SSRF | Report | CVE-2026-2711 |  |
| ByteDance verl<=0.7.0 | RCE | Report | BugBounty |  |
| ByteDance vchart<=2.0.15 | Arbitrary File Read | Report | BugBounty |  |
| ByteDance Depth-Anything-V2<=1.0 | Open Redirect | Report | GotBounty |  |
| ByteDance Depth-Anything-V2<=1.0 | Open Redirect | Report | Merged | |
| xxl-job <=3.3.2 | SSRF | Report | CVE-2026-3733 |  |
| Locker <=0.1.0 | Reflected XSS | Report | CVE-2026-3951 |  |
| elecV2P <=3.8.3 | Remote Code Execution | Report | CVE-2026-3955 |  |
| weimai-wetapp <=1.0.0 | SQL Injection | Report | CVE-2026-3956 |  |
| weimai-wetapp <=1.0.0 | SQL Injection | Report | CVE-2026-3957 | |
| Bytedesk <=1.3.9 | Insecure File Upload | Report | CVE-2026-3748 |  |
| Bytedesk <=1.3.9 | Insecure File Upload | Report | CVE-2026-3749 | |
| Bytedesk <=1.3.9 | SSRF | Report | CVE-2026-3788 | |
| Bytedesk <=1.3.9 | SSRF | Report | CVE-2026-3789 | |
| list-sync <=0.6.6 | SSRF | Report | CVE-2026-3958 |  |
| OneUptime <=10.0.9 | SSRF | Report | CVE-XXX |  |
| manga-image-translator <=beta-0.3 | SSRF | Report | CVE-2026-3961 |  |
| manga-image-translator <=beta-0.3 | SSRF | Report | Merged-2026-3961 | |
| manga-image-translator <=beta-0.3 | SSRF | Report | Merged-2026-3961 | |
| manga-image-translator <=beta-0.3 | SSRF | Report | Merged-2026-3961 | |
| manga-image-translator <=beta-0.3 | SSRF | Report | Merged-2026-3961 | |
| manga-image-translator <=beta-0.3 | SSRF | Report | Merged-2026-3961 | |
| manga-image-translator <=beta-0.3 | SSRF | Report | Merged-2026-3961 | |
| Machine-Learning-Web-Apps <=1.0.0 | Reflected XSS | Report | CVE-2026-3962 |  |
| dinero.js <= v2.0.0-alpha.17 | ReDoS | Report | Rejected |  |
| pdf-lib <= v1.17.1 | ReDoS | Report | Rejected |  |
| VictoriaMetrics <=1.137.0 | Brute Force | Report | CVE-XXX |  |
| Gitea <=1.25.4 | Account Takeover ExpChain | Report | CVE-XXX |  |
| Gogs <=0.14.2 | Brute Force | Report | CVE-XXX |  |
| Gogs <=0.14.2 | Auth Bypass | Report | CVE-XXX | |
| Gogs <=0.14.2 | Insufficient Session Expiration | Report | CVE-XXX | |
| Gogs <=0.14.2 | Insufficient Session Expiration | Report | CVE-XXX | |
| Gogs <=0.14.2 | Batch registration | Report | CVE-XXX | |
| Apache FOP <= 2.11 | RCE | Report | CVE-XXX | #Top 1625 |
| Minio <=2025-10-15T17-29-55Z | Ldap BruteForce | Report | CVE-XXX |  |
| elecV2P <=3.8.3 | RCE | Report | CVE-XXX | |
| elecV2P <=3.8.3 | RCE | Report | CVE-XXX | |
| elecV2P <=3.8.3 | Path Traversal | Report | CVE-XXX | |
| elecV2P <=3.8.3 | Path Traversal | Report | CVE-XXX | |
| elecV2P <=3.8.3 | Reflected XSS | Report | CVE-XXX | |
| elecV2P <=3.8.3 | SSRF | Report | CVE-XXX | |
| Project & Affected Version | Vulnerability Type | Report | Disclosure | Popularity |
|---|---|---|---|---|
| Microsoft Azure SDK | XXE | Report | ACK-12/31/2025 |  |
| Alibaba Nacos-spring-context | XXE | Report | GotBounty |  |
| node-formidable <=3.5.2 | Insecure File Upload & Filename Prediction | Report | CVE-2025-46653 |  |
| Apache Commons Configuration <=1.10.x | Remote Code Execution | Report | Reported | #3 Config Lib |
| Apache Commons Configuration2 <=2.12.x | Remote Code Execution | Report | Reported | #3 Config Lib |
| Apache Struts2 <=6.0.3 | XXE | Report | CVE-2025-68493 | #8 Web FWK |
| Koa <=3.0.0 cb22d8d | Open Redirect | Report | CVE-2025-8129 |  |
| langfuse <=3.88.0 | SSRF | Report | CVE-2025-9799 |  |
| CodiMD low version | Insecure File Upload & CSP bypass | Report | CVE-2025-46654 |  |
| CodiMD high version | Insecure File Upload & CSP bypass | Report | CVE-2025-46655 | |
| mall <=1.0.3 7a1ca5d | DOM XSS | Report | CVE-2025-8191 |  |
| mall <=1.0.3 7a1ca5d | JWT secret hardcoded | Report | duplicate | |
| JeeSite <=5.12.0 b522b3f | SSRF | Report | CVE-2025-7759 |  |
| JeeSite <=5.12.0 b522b3f | Open Redirection | Report | CVE-2025-7763 | |
| JeeSite <=5.12.0 b522b3f | Open Redirection | Report | CVE-2025-7785 | |
| JeeSite <=5.12.0 b522b3f | Open Redirection | Report | CVE-2025-7863 | |
| JeeSite <=5.12.0 b522b3f | Insecure File Upload | Report | CVE-2025-7864 | |
| JeeSite <=5.12.0 b522b3f | XSS filter bypass | Report | CVE-2025-7865 | |
| JeeSite <=5.12.1 release | XSS filter bypass | Report | CVE-2025-9796 | |
| GnuBoard v6 | Stored XSS | Report | CVE-2025-7786 |  |
| GnuBoard v6 | Open Redirect | Report | duplicate | |
| xxl-job <=3.1.1 | SSRF | Report | CVE-2025-7787 | |
| xxl-job <=3.1.1 | OS command injection | Report | CVE-2025-7788 | |
| xxl-job <=3.1.1 | Insecure Cryptographic Algorithm | Report | CVE-2025-7789 | |
| stirling-pdf <=1.0.2 | SSRF | Report | CVE-2025-55150 |  |
| stirling-pdf <=1.0.2 | SSRF | Report | CVE-2025-55151 | |
| stirling-pdf <=1.0.2 | SSRF | Report | CVE-2025-55161 | |
| ruoyi v4.8.1 70194ae | DOM XSS | Report | CVE-2025-7901 |  |
| ruoyi v4.8.1 70194ae | Stored XSS | Report | CVE-2025-7902 | |
| ruoyi v4.8.1 70194ae | Frame Injection | Report | CVE-2025-7903 | |
| ruoyi v4.8.1 70194ae | Insecure File Upload | Report | CVE-2025-7906 | |
| ruoyi v4.8.1 70194ae | Druid Credential Hardcoded | Report | CVE-2025-7907 | |
| platform 1.0.0 ca9acef | SQL injection | Report | CVE-2025-7936 |  |
| platform 1.0.0 ca9acef | SQL injection | Report | CVE-2025-7935 | |
| platform 1.0.0 ca9acef | SQL injection | Report | CVE-2025-7934 | |
| jshERP <=3.5 | IDOR change password | Report | CVE-2025-7948 |  |
| jshERP <=3.5 | IDOR delete account | Report | CVE-2025-7947 | |
| PublicCMS V5.202506.a | Open Redirect | Report | CVE-2025-7949 |  |
| PublicCMS V5.202506.a | Open Redirect | Report | CVE-2025-7953 | |
| PublicCMS V5.202506.a | SSRF | Report | duplicate | |
| PublicCMS V5.202506.a | Insecure File Upload | Report | rejected | |
| PublicCMS V5.202506.a | Insecure File Upload | Report | rejected | |
| PublicCMS V5.202506.a | Insecure File Upload | Report | rejected | |
| PublicCMS V5.202506.a | Insecure File Upload | Report | rejected | |
| PublicCMS V5.202506.a | Insecure File Upload | Report | rejected | |
| PublicCMS V5.202506.a | Insecure File Upload | Report | rejected | |
| deer-wms-2 525b6cf | Insecure Deserialization | Report | rejected |  |
| deer-wms-2 525b6cf | Insecure Deserialization | Report | rejected | |
| deer-wms-2 525b6cf | Shiro-550 | Report | rejected | |
| deer-wms-2 525b6cf | SQL injection | Report | CVE-2025-8123 | |
| deer-wms-2 525b6cf | SQL injection | Report | CVE-2025-8124 | |
| deer-wms-2 525b6cf | SQL injection | Report | CVE-2025-8125 | |
| deer-wms-2 525b6cf | SQL injection | Report | CVE-2025-8126 | |
| deer-wms-2 525b6cf | SQL injection | Report | CVE-2025-8127 | |
| deer-wms-2 525b6cf | SQL injection | Report | CVE-2025-8161 | |
| deer-wms-2 525b6cf | SQL injection | Report | CVE-2025-8162 | |
| deer-wms-2 525b6cf | SQL injection | Report | CVE-2025-8163 | |
| letao 7d8df03 | Arbitrarily File Upload | Report | CVE-2025-8128 |  |
| ChanCMS <3.1.3 | Arbitrary File Deletion | Report | CVE-2025-8132 |  |
| ChanCMS <3.1.3 | SSRF | Report | CVE-2025-8133 | |
| ChanCMS <3.1.3 | SSRF | Report | CVE-2025-8228 | |
| ChanCMS <3.1.3 | RCE | Report | CVE-2025-8266 | |
| ChanCMS <3.1.3 | RCE | Report | CVE-2025-8227 | |
| ChanCMS <3.1.3 | Information Disclosure | Report | CVE-2025-8226 | |
| eladmin <=2.7 | Druid Credential Hardcoded | Report | CVE-2025-8530 |  |
| favorites-web <=1.3.0 | SSRF | Report | CVE-2025-8529 |  |
| xboot <=3.3.4 | Sensitive Info is included in Cookies | Report | CVE-2025-8528 |  |
| xboot <=3.3.4 | SSRF | Report | CVE-2025-8527 | |
| xboot <=3.3.4 | Arbitrarily File Upload | Report | CVE-2025-8526 | |
| xboot <=3.3.4 | Info Disclosure | Report | CVE-2025-8525 | |
| PyBBS <=6.0.0 | CAPTCHA reuse Vulnerability | Report | CVE-2025-8546 |  |
| PyBBS <=6.0.0 | Registration email is not verified | Report | CVE-2025-8547 | |
| PyBBS <=6.0.0 | No password security policy | Report | CVE-2025-8549 | |
| PyBBS <=6.0.0 | Enumerate registered emails | Report | CVE-2025-8548 | |
| PyBBS <=6.0.0 | Reflected XSS - /admin/topic/list | Report | CVE-2025-8550 | |
| PyBBS <=6.0.0 | Reflected XSS - /admin/comment/list | Report | CVE-2025-8551 | |
| PyBBS <=6.0.0 | Reflected XSS - /admin/tag/list | Report | CVE-2025-8552 | |
| PyBBS <=6.0.0 | Reflected XSS - /admin/sensitive_word/list | Report | CVE-2025-8553 | |
| PyBBS <=6.0.0 | Reflected XSS - /admin/user/list | Report | CVE-2025-8554 | |
| PyBBS <=6.0.0 | Reflected XSS - /search | Report | CVE-2025-8555 | |
| PyBBS <=6.0.0 | Stored XSS | Report | CVE-2025-8812 | |
| PyBBS <=6.0.0 | Open Redirect | Report | CVE-2025-8813 | |
| PyBBS <=6.0.0 | CSRF - modify user info | Report | CVE-2025-8814 | |
| PyBBS <=6.0.0 | CSRF - delete account | Report | Submission Merged | |
| microservices-platform <=6.0.0 | Insecure File Upload | Report | CVE-2025-8841 |  |
| microservices-platform <=6.0.0 | Open Redirect | Report | CVE-2025-8737 | |
| microservices-platform <=6.0.0 | Information Disclosure | Report | CVE-2025-8738 | |
| My-Blog <=1.0.0 | CSRF | Report | CVE-2025-8739 |  |
| My-Blog <=1.0.0 | Stored XSS | Report | CVE-2025-8740 | |
| My-Blog <=1.0.0 | Stored XSS | Report | CVE-2025-9101 | |
| My-Blog <=1.0.0 | Stored XSS | Report | duplicate | |
| My-Blog <=1.0.0 | CAPTCHA reuse vulerability | Report | CVE-2025-9100 | |
| litemall <=1.8.0 | Insecure File Upload | Report | CVE-2025-8965 |  |
| litemall <=1.8.0 | Logic vulerability | Report | CVE-2025-8991 | |
| mblog <=3.5.0 | No CSRF protection | Report | CVE-2025-8992 |  |
| mblog <=3.5.0 | Username & Password Enum | Report | duplicate | |
| mblog <=3.5.0 | Password Enum | Report | CVE-2025-9004 | |
| mblog <=3.5.0 | Usename Enum & Batch registration | Report | CVE-2025-9005 | |
| mblog <=3.5.0 | Email Enumeration | Report | CVE-2025-8927 | |
| mblog <=3.5.0 | Stored XSS | Report | CVE-2025-9407 | |
| mblog <=3.5.0 | Stored XSS | Report | CVE-2025-9429 | |
| mblog <=3.5.0 | Stored XSS | Report | Merged-2025-9429 | |
| mblog <=3.5.0 | Stored XSS | Report | CVE-2025-9430 | |
| mblog <=3.5.0 | Reflected XSS | Report | CVE-2025-9431 | |
| mblog <=3.5.0 | Reflected XSS | Report | CVE-2025-9432 | |
| mblog <=3.5.0 | Reflected XSS | Report | CVE-2025-9433 | |
| mblog <=3.5.0 | Reflected XSS | Report | CVE-2025-9647 | |
| mblog <=3.5.0 | SSTI | Report | duplicate | |
| tianti <=2.3.0 | Insecure File Upload (guest) | Report | rejected |  |
| tianti <=2.3.0 | Insecure File Upload | Report | CVE-2025-9795 | |
| tianti <=2.3.0 | SSRF | Report | rejected | |
| expressCart <=1.0.0 | Frame Injection | Report | CVE-2025-9797 |  |
| sim <=1.0.0 | Insecure File Upload | Report | CVE-2025-9800 |  |
| sim <=1.0.0 | Arbitrary File Deletion | Report | CVE-2025-9801 | |
| sim <=1.0.0 | SSRF | Report | CVE-2025-10096 | |
| sim <=1.0.0 | RCE | Report | CVE-2025-10097 | |
| PowerJob <=5.1.2 | SSRF | Report | CVE-2025-14518 |  |
| AIAS <=1.0.0 | SSRF | Report | duplicate |  |
| AIAS <=1.0.0 | SSRF | Report | duplicate | |
| FlyCms <=1.0.0 | XSS | Report | CVE-2025-15093 |  |
| FlyCms <=1.0.0 | XSS | Report | CVE-2025-15094 | |
| HttpBin <=0.6.1 | XSS | Report | CVE-2025-15095 |  |
| -- <=0.6.1 | Insecure Deserialization | Report | rejected |  |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15145 |  |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15146 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15171 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15172 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15173 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15174 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15175 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15200 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15201 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15202 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15203 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15204 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15219 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | Merged-2025-15219 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15220 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15221 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | Merged-2025-151757 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | Merged-2025-152000 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | Merged-2025-152000 | |
| WP Plugin WP Enable WebP <= 1.0 | RCE | Report | CVE-2025-15158 | - |
| WP Link Hopper <= 2.5 | Stored-XSS | Report | CVE-2025-15483 | - |
| WP Kunze Law <= 2.1 | Stored-XSS | Report | CVE-2025-15486 | - |
| WP Plugin Double the Donation <=2.0.0 | Stored XSS | Report | CVE-2025-12020 | - |
| WP Plugin YouTube Subscribe <=3.0.0 | Stored XSS | Report | CVE-2025-12025 | - |
| WP Plugin Featured Image <=2.1 | Stored XSS | Report | CVE-2025-12019 | - |
| WP Plugin MembershipWorks <=6.14 | Stored XSS | Report | CVE-2025-12018 | - |
| WP Plugin Custom Html Bodyhead <=0.51 | Stored XSS | Report | duplicate | - |
| WP Plugin Terms of Service & Privacy Policy Generator <=1.0 | Stored XSS | Report | duplicate | - |
| WP Plugin Sirvoy Booking Engine <= 5.0 | Stored XSS | Report | rejected | - |
| WordPress Core <= 6.8.2 | Stored XSS | Report | rejected | - |
Each vulnerability report typically includes the following sections:
- Vulnerability Overview
- Technical Details
- Impact Assessment
- Reproduction Steps
- Browse the Vulnerability Report List to find reports of interest
- Each report is located in its own directory with complete analysis documentation
- Related PoC code and remediation guidelines can be found in the report directory
We welcome community contributions:
- Report errors or provide additional information
- Improve documentation quality
- Share experiences with similar vulnerabilities
- Suggest additional mitigation measures
Please submit your contributions through Issues or Pull Requests.
- All vulnerability information is provided for educational and defensive purposes only
- Ensure you have proper authorization before using any PoC code
- We are not responsible for any damages resulting from misuse of this information
- Email: support@zast.ai
Maintained by ZAST.AI Team
Dedicated to Building a More Secure Open Source Ecosystem.