A public index of verified vulnerability research and disclosure reports from ZAST.AI.
This repository tracks publicly disclosed vulnerabilities discovered by ZAST across open-source and commercial software. It is designed to help buyers, partners, and researchers quickly review representative findings, disclosure quality, and research coverage.
Visit ZAST.AI | Contact the Team
This page is a public research index first, a proof-of-capability page second, and a brand entry point third.
A selection of representative disclosures that demonstrate the breadth, relevance, and quality of ZAST research.
| Project | Vulnerability | Why It Matters |
|---|---|---|
| Microsoft Azure SDK | XXE | Enterprise-facing target with clear external validation |
| Apache Struts2 | XXE | Widely deployed framework with strong disclosure credibility |
| langfuse | SSRF | Modern AI and developer tooling target with current relevance |
| node-formidable | Insecure File Upload | Popular developer dependency with practical exploitation impact |
| Koa | Open Redirect | Recognizable OSS ecosystem signal for application-layer research |
| OpenClaw | SSRF | The attacker can exploit this vulnerability to access the internal network |
| Pycel | Arbitrary Code Execution | The victim only needs to use pycel to parse a crafted malicious file |
| ByteDance verl | Arbitrary Code Execution | Developed by ByteDance for evaluating mathematical calculations |
| Minio | Ldap BruteForce | It is a S3-compatible object store system with over 61k stars |
| Gitea | Brute Force | One of the most popular code hosting platforms worldwide |
| Gogs | Brute Force | One of the most popular code hosting platforms worldwide |
| Gogs | Auth Bypass | The attacker can take over any account in the reverse proxy scenario. |
CVE-YYYY-NNNN: CVE has been assignedCVE-XXX: CVE has been submitted and is pending assignmentBugBounty: bounty has been submittedMerged-YYYY-NNNN: merged into another CVEACK-DD/MM/YYYY: officially acknowledged by the vendor or platform
This repository includes public vulnerability research that meets these conditions:
- The issue was discovered by ZAST
- There is a public artifact, such as a CVE, advisory, issue, vendor acknowledgement, or bounty reference
- The finding is specific enough to be independently understood or verified
- The disclosure status can be tracked
This repository is a public index of disclosed research, not a complete archive of all private work conducted by ZAST.
| Project & Affected Version | Vulnerability Type | Report | Disclosure | Popularity |
|---|---|---|---|---|
| D-Link DIR-859 (85X) | Unathenticated RCE | Report | - | - |
| OpenClaw <=2026-1-26 | SSRF | Report | ACK-01/26/2026 |  |
| pycel <=1.0b30 | Arbitrary Code Execution | Report | CVE-2026-30108 |  |
| Apache FOP <= 2.11 | RCE | Report | CVE-XXX | #Top 1625 |
| changedetection.io <= 0.52.6 | SSRF | Report | CVE-2026-30107 |  |
| ByteDance verl<=0.7.0 | Arbitrary Code Execution | Report | BugBounty |  |
| ByteDance vchart<=2.0.15 | Arbitrary File Read | Report | BugBounty |  |
| ByteDance Depth-Anything-V2<=1.0 | Open Redirect | Report | BugBounty |  |
| ByteDance Depth-Anything-V2<=1.0 | Open Redirect | Report | BugBounty | |
| xxl-job <=3.3.2 | SSRF | Report | CVE-2026-3733 |  |
| VictoriaMetrics <=1.137.0 | Brute Force | Report | CVE-XXX |  |
| Gitea <=1.25.4 | UserEnum + BruteForce | Report | CVE-XXX |  |
| Gogs <=0.14.2 | UserExtraction&BruteForce | Report | CVE-XXX |  |
| Gogs <=0.14.2 | Auth Bypass | Report | CVE-XXX | |
| Gogs <=0.14.2 | Insufficient Session Expiration | Report | CVE-XXX | |
| Gogs <=0.14.2 | Insufficient Session Expiration | Report | CVE-XXX | |
| Gogs <=0.14.2 | Batch registration | Report | CVE-XXX | |
| Minio <=2025-10-15T17-29-55Z | Ldap BruteForce | Report | CVE-2026-33419 |  |
| WP HTML in Category Descriptions<=1.2.4 | Stored-XSS | Report | CVE-2026-0693 | - |
| WP Slider Future <= 1.0.5 | RCE (Arbitrary File Upload) | Report | CVE-2026-1405 | - |
| WP Easy PHP Settings <= 1.0.4 | Code Injection | Report | CVE-2026-3352 | - |
| WP Content Visibility for Divi Builder<=4.01 | Code Injection | Report | CVE-2026-1829 | - |
| Prime <=0.4.0 | Sensitive Info Disclosure | Report | CVE-2026-1170 |  |
| Prime <=0.4.0 | GraphQL Field Duplication | Report | CVE-2026-1171 | |
| Prime <=0.4.0 | GraphQL Directive Overloading | Report | CVE-2026-1172 | |
| Prime <=0.4.0 | GraphQL Array Based Query Batching | Report | CVE-2026-1173 | |
| Prime <=0.4.0 | GraphQL Aliases Overloading | Report | CVE-2026-1174 | |
| Prime <=0.4.0 | Directive Information Disclosure | Report | CVE-2026-1175 | |
| Prime <=0.4.0 | CSRF | Report | CVE-2026-1169 | |
| Digital-Infrastructure<=9.6.7 | SQL injection | Report | CVE-2026-1050 |  |
| busy <=2.5.5 | Open Redirect | Report | CVE-2026-2709 |  |
| worldquant-miner <=1.0.9 | SSRF | Report | CVE-2026-2711 |  |
| Locker <=0.1.0 | Reflected XSS | Report | CVE-2026-3951 |  |
| weimai-wetapp <=1.0.0 | SQL Injection | Report | CVE-2026-3956 |  |
| weimai-wetapp <=1.0.0 | SQL Injection | Report | CVE-2026-3957 | |
| Bytedesk <=1.3.9 | Insecure File Upload | Report | CVE-2026-3748 |  |
| Bytedesk <=1.3.9 | Insecure File Upload | Report | CVE-2026-3749 | |
| Bytedesk <=1.3.9 | SSRF | Report | CVE-2026-3788 | |
| Bytedesk <=1.3.9 | SSRF | Report | CVE-2026-3789 | |
| list-sync <=0.6.6 | SSRF | Report | CVE-2026-3958 |  |
| OneUptime <=10.0.9 | SSRF | Report | CVE-XXX |  |
| manga-image-translator <=beta-0.3 | SSRF | Report | CVE-2026-3961 |  |
| manga-image-translator <=beta-0.3 | SSRF | Report | Merged-2026-3961 | |
| manga-image-translator <=beta-0.3 | SSRF | Report | Merged-2026-3961 | |
| manga-image-translator <=beta-0.3 | SSRF | Report | Merged-2026-3961 | |
| manga-image-translator <=beta-0.3 | SSRF | Report | Merged-2026-3961 | |
| manga-image-translator <=beta-0.3 | SSRF | Report | Merged-2026-3961 | |
| manga-image-translator <=beta-0.3 | SSRF | Report | Merged-2026-3961 | |
| Machine-Learning-Web-Apps <=1.0.0 | Reflected XSS | Report | CVE-2026-3962 |  |
| elecV2P <=3.8.3 | RCE | Report | CVE-2026-3955 |  |
| elecV2P <=3.8.3 | RCE | Report | CVE-2026-5011 | |
| elecV2P <=3.8.3 | RCE | Report | CVE-2026-5012 | |
| elecV2P <=3.8.3 | Path Traversal | Report | CVE-2026-5013 | |
| elecV2P <=3.8.3 | Path Traversal | Report | CVE-2026-5014 | |
| elecV2P <=3.8.3 | Reflected XSS | Report | CVE-2026-5015 | |
| elecV2P <=3.8.3 | SSRF | Report | CVE-2026-5016 | |
| Project & Affected Version | Vulnerability Type | Report | Disclosure | Popularity |
|---|---|---|---|---|
| Microsoft Azure SDK | XXE | Report | ACK-12/31/2025 |  |
| Alibaba Nacos-spring-context | XXE | Report | BugBounty |  |
| node-formidable <=3.5.2 | Insecure File Upload & Filename Prediction | Report | CVE-2025-46653 |  |
| Apache Commons Configuration <=1.10.x | Remote Code Execution | Report | CVE-XXX | #3 Config Lib |
| Apache Commons Configuration2 <=2.12.x | Remote Code Execution | Report | CVE-XXX | #3 Config Lib |
| Apache Struts2 <=6.0.3 | XXE | Report | CVE-2025-68493 | #8 Web FWK |
| Koa <=3.0.0 cb22d8d | Open Redirect | Report | CVE-2025-8129 |  |
| langfuse <=3.88.0 | SSRF | Report | CVE-2025-9799 |  |
| CodiMD low version | Insecure File Upload & CSP bypass | Report | CVE-2025-46654 |  |
| CodiMD high version | Insecure File Upload & CSP bypass | Report | CVE-2025-46655 | |
| mall <=1.0.3 7a1ca5d | DOM XSS | Report | CVE-2025-8191 |  |
| JeeSite <=5.12.0 b522b3f | SSRF | Report | CVE-2025-7759 |  |
| JeeSite <=5.12.0 b522b3f | Open Redirection | Report | CVE-2025-7763 | |
| JeeSite <=5.12.0 b522b3f | Open Redirection | Report | CVE-2025-7785 | |
| JeeSite <=5.12.0 b522b3f | Open Redirection | Report | CVE-2025-7863 | |
| JeeSite <=5.12.0 b522b3f | Insecure File Upload | Report | CVE-2025-7864 | |
| JeeSite <=5.12.0 b522b3f | XSS filter bypass | Report | CVE-2025-7865 | |
| JeeSite <=5.12.1 release | XSS filter bypass | Report | CVE-2025-9796 | |
| GnuBoard v6 | Stored XSS | Report | CVE-2025-7786 |  |
| xxl-job <=3.1.1 | SSRF | Report | CVE-2025-7787 | |
| xxl-job <=3.1.1 | OS command injection | Report | CVE-2025-7788 | |
| xxl-job <=3.1.1 | Insecure Cryptographic Algorithm | Report | CVE-2025-7789 | |
| stirling-pdf <=1.0.2 | SSRF | Report | CVE-2025-55150 |  |
| stirling-pdf <=1.0.2 | SSRF | Report | CVE-2025-55151 | |
| stirling-pdf <=1.0.2 | SSRF | Report | CVE-2025-55161 | |
| ruoyi v4.8.1 70194ae | DOM XSS | Report | CVE-2025-7901 |  |
| ruoyi v4.8.1 70194ae | Stored XSS | Report | CVE-2025-7902 | |
| ruoyi v4.8.1 70194ae | Frame Injection | Report | CVE-2025-7903 | |
| ruoyi v4.8.1 70194ae | Insecure File Upload | Report | CVE-2025-7906 | |
| ruoyi v4.8.1 70194ae | Druid Credential Hardcoded | Report | CVE-2025-7907 | |
| platform 1.0.0 ca9acef | SQL injection | Report | CVE-2025-7936 |  |
| platform 1.0.0 ca9acef | SQL injection | Report | CVE-2025-7935 | |
| platform 1.0.0 ca9acef | SQL injection | Report | CVE-2025-7934 | |
| jshERP <=3.5 | IDOR change password | Report | CVE-2025-7948 |  |
| jshERP <=3.5 | IDOR delete account | Report | CVE-2025-7947 | |
| PublicCMS V5.202506.a | Open Redirect | Report | CVE-2025-7949 |  |
| PublicCMS V5.202506.a | Open Redirect | Report | CVE-2025-7953 | |
| deer-wms-2 525b6cf | SQL injection | Report | CVE-2025-8123 |  |
| deer-wms-2 525b6cf | SQL injection | Report | CVE-2025-8124 | |
| deer-wms-2 525b6cf | SQL injection | Report | CVE-2025-8125 | |
| deer-wms-2 525b6cf | SQL injection | Report | CVE-2025-8126 | |
| deer-wms-2 525b6cf | SQL injection | Report | CVE-2025-8127 | |
| deer-wms-2 525b6cf | SQL injection | Report | CVE-2025-8161 | |
| deer-wms-2 525b6cf | SQL injection | Report | CVE-2025-8162 | |
| deer-wms-2 525b6cf | SQL injection | Report | CVE-2025-8163 | |
| letao 7d8df03 | Arbitrarily File Upload | Report | CVE-2025-8128 |  |
| ChanCMS <3.1.3 | Arbitrary File Deletion | Report | CVE-2025-8132 |  |
| ChanCMS <3.1.3 | SSRF | Report | CVE-2025-8133 | |
| ChanCMS <3.1.3 | SSRF | Report | CVE-2025-8228 | |
| ChanCMS <3.1.3 | RCE | Report | CVE-2025-8266 | |
| ChanCMS <3.1.3 | RCE | Report | CVE-2025-8227 | |
| ChanCMS <3.1.3 | Information Disclosure | Report | CVE-2025-8226 | |
| eladmin <=2.7 | Druid Credential Hardcoded | Report | CVE-2025-8530 |  |
| favorites-web <=1.3.0 | SSRF | Report | CVE-2025-8529 |  |
| xboot <=3.3.4 | Sensitive Info is included in Cookies | Report | CVE-2025-8528 |  |
| xboot <=3.3.4 | SSRF | Report | CVE-2025-8527 | |
| xboot <=3.3.4 | Arbitrarily File Upload | Report | CVE-2025-8526 | |
| xboot <=3.3.4 | Info Disclosure | Report | CVE-2025-8525 | |
| PyBBS <=6.0.0 | CAPTCHA reuse Vulnerability | Report | CVE-2025-8546 |  |
| PyBBS <=6.0.0 | Registration email is not verified | Report | CVE-2025-8547 | |
| PyBBS <=6.0.0 | No password security policy | Report | CVE-2025-8549 | |
| PyBBS <=6.0.0 | Enumerate registered emails | Report | CVE-2025-8548 | |
| PyBBS <=6.0.0 | Reflected XSS - /admin/topic/list | Report | CVE-2025-8550 | |
| PyBBS <=6.0.0 | Reflected XSS - /admin/comment/list | Report | CVE-2025-8551 | |
| PyBBS <=6.0.0 | Reflected XSS - /admin/tag/list | Report | CVE-2025-8552 | |
| PyBBS <=6.0.0 | Reflected XSS - /admin/sensitive_word/list | Report | CVE-2025-8553 | |
| PyBBS <=6.0.0 | Reflected XSS - /admin/user/list | Report | CVE-2025-8554 | |
| PyBBS <=6.0.0 | Reflected XSS - /search | Report | CVE-2025-8555 | |
| PyBBS <=6.0.0 | Stored XSS | Report | CVE-2025-8812 | |
| PyBBS <=6.0.0 | Open Redirect | Report | CVE-2025-8813 | |
| PyBBS <=6.0.0 | CSRF - modify user info | Report | CVE-2025-8814 | |
| PyBBS <=6.0.0 | CSRF - delete account | Report | Merged-2025-8814 | |
| microservices-platform <=6.0.0 | Insecure File Upload | Report | CVE-2025-8841 |  |
| microservices-platform <=6.0.0 | Open Redirect | Report | CVE-2025-8737 | |
| microservices-platform <=6.0.0 | Information Disclosure | Report | CVE-2025-8738 | |
| My-Blog <=1.0.0 | CSRF | Report | CVE-2025-8739 |  |
| My-Blog <=1.0.0 | Stored XSS | Report | CVE-2025-8740 | |
| My-Blog <=1.0.0 | Stored XSS | Report | CVE-2025-9101 | |
| My-Blog <=1.0.0 | CAPTCHA reuse vulerability | Report | CVE-2025-9100 | |
| litemall <=1.8.0 | Insecure File Upload | Report | CVE-2025-8965 |  |
| litemall <=1.8.0 | Logic vulerability | Report | CVE-2025-8991 | |
| mblog <=3.5.0 | No CSRF protection | Report | CVE-2025-8992 |  |
| mblog <=3.5.0 | Password Enum | Report | CVE-2025-9004 | |
| mblog <=3.5.0 | Usename Enum & Batch registration | Report | CVE-2025-9005 | |
| mblog <=3.5.0 | Email Enumeration | Report | CVE-2025-8927 | |
| mblog <=3.5.0 | Stored XSS | Report | CVE-2025-9407 | |
| mblog <=3.5.0 | Stored XSS | Report | CVE-2025-9429 | |
| mblog <=3.5.0 | Stored XSS | Report | Merged-2025-9429 | |
| mblog <=3.5.0 | Stored XSS | Report | CVE-2025-9430 | |
| mblog <=3.5.0 | Reflected XSS | Report | CVE-2025-9431 | |
| mblog <=3.5.0 | Reflected XSS | Report | CVE-2025-9432 | |
| mblog <=3.5.0 | Reflected XSS | Report | CVE-2025-9433 | |
| mblog <=3.5.0 | Reflected XSS | Report | CVE-2025-9647 | |
| tianti <=2.3.0 | Insecure File Upload | Report | CVE-2025-9795 |  |
| expressCart <=1.0.0 | Frame Injection | Report | CVE-2025-9797 |  |
| sim <=1.0.0 | Insecure File Upload | Report | CVE-2025-9800 |  |
| sim <=1.0.0 | Arbitrary File Deletion | Report | CVE-2025-9801 | |
| sim <=1.0.0 | SSRF | Report | CVE-2025-10096 | |
| sim <=1.0.0 | RCE | Report | CVE-2025-10097 | |
| PowerJob <=5.1.2 | SSRF | Report | CVE-2025-14518 |  |
| FlyCms <=1.0.0 | XSS | Report | CVE-2025-15093 |  |
| FlyCms <=1.0.0 | XSS | Report | CVE-2025-15094 | |
| HttpBin <=0.6.1 | XSS | Report | CVE-2025-15095 |  |
| -- <=0.6.1 | Insecure Deserialization | Report | resubmit |  |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15145 |  |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15146 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15171 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15172 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15173 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15174 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15175 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15200 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15201 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15202 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15203 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15204 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15219 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | Merged-2025-15219 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15220 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | CVE-2025-15221 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | Merged-2025-151757 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | Merged-2025-152000 | |
| CacheCloud <=3.2.0 | Reflected XSS | Report | Merged-2025-152000 | |
| WP Plugin WP Enable WebP <= 1.0 | RCE | Report | CVE-2025-15158 | - |
| WP Link Hopper <= 2.5 | Stored-XSS | Report | CVE-2025-15483 | - |
| WP Kunze Law <= 2.1 | Stored-XSS | Report | CVE-2025-15486 | - |
| WP Plugin Double the Donation <=2.0.0 | Stored XSS | Report | CVE-2025-12020 | - |
| WP Plugin YouTube Subscribe <=3.0.0 | Stored XSS | Report | CVE-2025-12025 | - |
| WP Plugin Featured Image <=2.1 | Stored XSS | Report | CVE-2025-12019 | - |
| WP Plugin MembershipWorks <=6.14 | Stored XSS | Report | CVE-2025-12018 | - |
Each vulnerability report typically includes the following sections:
- Vulnerability Overview
- Technical Details
- Impact Assessment
- Reproduction Steps
- Browse the Vulnerability Report List to find reports of interest
- Each report is located in its own directory with complete analysis documentation
- Related PoC code and remediation guidelines can be found in the report directory
We welcome community contributions:
- Report errors or provide additional information
- Improve documentation quality
- Share experiences with similar vulnerabilities
- Suggest additional mitigation measures
Please submit your contributions through Issues or Pull Requests.
- All vulnerability information is provided for educational and defensive purposes only
- Ensure you have proper authorization before using any PoC code
- We are not responsible for any damages resulting from misuse of this information
- Email: support@zast.ai
- Website: https://zast.ai
- Research/Blog: https://blog.zast.ai/
- LinkedIn: https://www.linkedin.com/company/104466490
Maintained by ZAST.AI Team
Dedicated to Building a More Secure Open Source Ecosystem.