| # | CVE | Target | Type |
|---|---|---|---|
| 1 | — | cherrystudio-qq-mcp | MCP path traversal |
| 2 | CVE-2022-0543 | Redis | Lua sandbox escape |
| 3 | CVE-2020-11710 | Kong Gateway | Admin API RCE |
| 4 | CVE-2026-20253 | Splunk | File write RCE |
| 5 | CVE-2025-29927 | Next.js | Middleware bypass |
| 6 | CVE-2025-49596 | MCP Inspector | Unauthenticated RCE |
| 7 | CVE-2019-9193 | PostgreSQL | COPY FROM PROGRAM RCE |
| 8 | CVE-2026-20896 | Gitea | Reverse proxy bypass |
| 9 | CVE-2026-1470 | n8n | Sandbox escape |
| 10 | CVE-2026-42208 | LiteLLM | Pre-auth SQLi |
| 11 | CVE-2025-23217 | mitmproxy | SSRF bypass |
| 12 | CVE-2026-48558 | SimpleHelp | OIDC bypass |
| 13 | CVE-2025-1974 | ingress-nginx | IngressNightmare RCE |
| 14 | CVE-2025-1097 | ingress-nginx | auth-tls-match-cn |
| 15 | CVE-2025-24514 | ingress-nginx | auth-url injection |
| 16 | CVE-2025-49113 | Roundcube | Deserialization RCE |
| 17 | CVE-2025-57819 | FreePBX | SQL injection |
| 18 | CVE-2025-32432 | Craft CMS | Object injection |
Author: @shunfeng8421