dyeat/cve-reproduction
GitHub: dyeat/cve-reproduction
一个收录48个公开CVE的复现分析、PoC代码和技术笔记的项目,帮助深入理解漏洞原理并提供缓解建议。
Stars: 1 | Forks: 0
# CVE 研究 PoC 集合
本仓库收录了公开披露 CVE 的复现分析、PoC 代码与技术笔记,
按“厂商 → 产品 → CVE”结构组织,涵盖复现步骤、漏洞成因与缓解建议。
## 索引(48 个 CVE)
| CVE 编号 | 厂商 | 产品 | 类型 | CVSS | 年份 |
|----------|------|------|------|------|------|
| [CVE-2026-43284](privilege-escalation/Linux/Kernel/CVE-2026-43284/README.md) | Linux | Kernel | LPE | 8.8 | 2026 |
| [CVE-2026-42945](NGINX/NGINX/CVE-2026-42945/README.md) | NGINX | NGINX | RCE | 9.2 | 2026 |
| [CVE-2026-31431](privilege-escalation/Linux/Kernel/CVE-2026-31431/README.md) | Linux | Kernel | LPE | 7.8 | 2026 |
| [CVE-2025-58360](GeoServer/GeoServer/CVE-2025-58360/README.md) | GeoServer | GeoServer | XXE | 8.2 | 2025 |
| [CVE-2025-55182](React/react-server-dom/CVE-2025-55182/README.md) | React | react-server-dom | RCE | 10.0 | 2025 |
| [CVE-2025-14847](MongoDB/MongoDB/CVE-2025-14847/README.md) | MongoDB | MongoDB | 信息泄露 | 7.5 | 2025 |
| [CVE-2025-14611](Gladinet/CentreStack/CVE-2025-14611/README.md) | Gladinet | CentreStack | 任意文件读取 | 9.1 | 2025 |
| [CVE-2024-23897](Jenkins/Jenkins/CVE-2024-23897/README.md) | Jenkins | Jenkins | 任意文件读取 / RCE | 9.8 | 2024 |
| [CVE-2024-21887](Ivanti/Connect-Secure/CVE-2024-21887/README.md) | Ivanti | Connect-Secure | RCE | 9.1 | 2024 |
| [CVE-2024-4577](PHP/PHP/CVE-2024-4577/README.md) | PHP | PHP | RCE | 9.8 | 2024 |
| [CVE-2024-4040](CrushFTP/CrushFTP/CVE-2024-4040/README.md) | CrushFTP | CrushFTP | 路径遍历 | 9.8 | 2024 |
| [CVE-2023-51467](Apache/OFBiz/CVE-2023-51467/README.md) | Apache | OFBiz | 认证绕过 | 9.8 | 2023 |
| [CVE-2023-49103](OwnCloud/OwnCloud/CVE-2023-49103/README.md) | OwnCloud | OwnCloud | 信息泄露 | 7.5 | 2023 |
| [CVE-2023-49070](Apache/OFBiz/CVE-2023-49070/README.md) | Apache | OFBiz | 认证绕过 / RCE | 9.8 | 2023 |
| [CVE-2023-46747](F5/BIG-IP/CVE-2023-46747/README.md) | F5 | BIG-IP | 认证绕过 / RCE | 9.8 | 2023 |
| [CVE-2023-46214](Splunk/Splunk/CVE-2023-46214/README.md) | Splunk | Splunk | RCE | 8.8 | 2023 |
| [CVE-2023-43261](Milesight/IoT-Router/CVE-2023-43261/README.md) | Milesight | IoT-Router | 信息泄露 | 7.5 | 2023 |
| [CVE-2023-36844](Juniper/Junos-OS/CVE-2023-36844/README.md) | Juniper | Junos-OS | RCE | 9.8 | 2023 |
| [CVE-2023-35078](Ivanti/EPMM/CVE-2023-35078/README.md) | Ivanti | EPMM | 认证绕过 | 10.0 | 2023 |
| [CVE-2023-34992](Fortinet/FortiManager/CVE-2023-34992/README.md) | Fortinet | FortiManager | RCE | 9.8 | 2023 |
| [CVE-2023-27997](Fortinet/FortiOS/CVE-2023-27997/README.md) | Fortinet | FortiOS | RCE | 9.8 | 2023 |
| [CVE-2023-26469](Jorani/Jorani/CVE-2023-26469/README.md) | Jorani | Jorani | RCE | 8.8 | 2023 |
| [CVE-2023-23752](Joomla/Joomla/CVE-2023-23752/README.md) | Joomla | Joomla | 认证绕过 | 5.3 | 2023 |
| [CVE-2023-20198](Cisco/IOS-XE/CVE-2023-20198/README.md) | Cisco | IOS-XE | 权限提升 | 10.0 | 2023 |
| [CVE-2023-3710](Honeywell/PM43/CVE-2023-3710/README.md) | Honeywell | PM43 | RCE | 9.8 | 2023 |
| [CVE-2023-3519](Citrix/ADC-Gateway/CVE-2023-3519/README.md) | Citrix | ADC-Gateway | RCE | 9.8 | 2023 |
| [CVE-2023-1389](D-Link/DIR-AX21/CVE-2023-1389/README.md) | D-Link | DIR-AX21 | RCE | 8.8 | 2023 |
| [CVE-2023-0297](PyLoad/PyLoad/CVE-2023-0297/README.md) | PyLoad | PyLoad | RCE | 9. | 2023 |
| [CVE-2022-42475](Fortinet/FortiOS/CVE-2022-42475/README.md) | Fortinet | FortiOS | RCE | 9.3 | 2022 |
| [CVE-2022-21907](Microsoft/IIS/CVE-2022-21907/README.md) | Microsoft | IIS | RCE | 9.8 | 2022 |
| [CVE-2022-1388](F5/BIG-IP/CVE-2022-1388/README.md) | F5 | BIG-IP | 认证绕过 / RCE | 9.8 | 2022 |
| [CVE-2021-44228](Apache/Log4j/CVE-2021-44228/README.md) | Apache | Log4j | RCE | 10.0 | 2021 |
| [CVE-2021-43798](Grafana/Grafana/CVE-2021-43798/README.md) | Grafana | Grafana | 路径遍历 | 7.5 | 2021 |
| [CVE-2021-41773](Apache/httpd/CVE-2021-41773/README.md) | Apache | httpd | 路径遍历 / RCE | 9.8 | 2021 |
| [CVE-2021-28164](Eclipse/Jetty/CVE-2021-28164/README.md) | Eclipse | Jetty | 路径遍历 | 5.3 | 2021 |
| [CVE-2021-22205](GitLab/GitLab/CVE-2021-22205/README.md) | GitLab | GitLab | RCE | 10.0 | 2021 |
| [CVE-2021-3129](Laravel/Ignition/CVE-2021-3129/README.md) | Laravel | Ignition | RCE | 9.8 | 2021 |
| [CVE-2019-10758](MongoDB/mongo-express/CVE-2019-10758/README.md) | MongoDB | mongo-express | RCE | 8.8 | 2019 |
| [CVE-2019-5418](RubyOnRails/Rails/CVE-2019-5418/README.md) | RubyOnRails | Rails | 路径遍历 | 7.5 | 2019 |
| [CVE-2018-18778](mini-httpd/mini-httpd/CVE-2018-18778/README.md) | mini-httpd | mini-httpd | 路径遍历 | 6.5 | 2018 |
| [CVE-2018-7600](Drupal/Drupal/CVE-2018-7600/README.md) | Drupal | Drupal | RCE | 9.8 | 2018 |
| [CVE-2018-3760](RubyOnRails/Rails/CVE-2018-3760/README.md) | RubyOnRails | Rails | 路径遍历 | 7.5 | 2018 |
| [CVE-2017-14849](NodeJS/NodeJS/CVE-2017-14849/README.md) | NodeJS | NodeJS | 路径遍历 | 7.5 | 2017 |
| [CVE-2017-12629](Apache/Solr/CVE-2017-12629/README.md) | Apache | Solr | RCE | 9.8 | 2017 |
| [CVE-2017-12617](Apache/Tomcat/CVE-2017-12617/README.md) | Apache | Tomcat | RCE | 8.1 | 2017 |
| [CVE-2017-9841](PHP/PHPUnit/CVE-2017-9841/README.md) | PHP | PHPUnit | RCE | 9.8 | 2017 |
| [CVE-2017-8917](Joomla/Joomla/CVE-2017-8917/README.md) | Joomla | Joomla | SQLi | 9.8 | 2017 |
| [CVE-2016-3088](Apache/ActiveMQ/CVE-2016-3088/README.md) | Apache | ActiveMQ | RCE | 9.8 | 2016 |
标签:Apache OFBiz漏洞, CrushFTP漏洞, Cutter, CVE复现, F5 BIG-IP漏洞, GeoServer漏洞, Ivanti漏洞, Jenkins漏洞, Linux内核漏洞, MongoDB漏洞, NGINX漏洞, OwnCloud漏洞, PHP漏洞, PoC集合, React漏洞, XML外部实体注入, 任意文件读取, 信息泄露, 协议分析, 开放策略代理, 情报收集, 技术分析, 教育工具, 权限提升, 漏洞分析, 漏洞研究, 缓解建议, 编程工具, 请求拦截, 路径探测, 路径遍历, 身份认证绕过, 远程代码执行, 逆向工具, 防御加固, 防御研究