Skip to content
View Chocapikk's full-sized avatar
👻
👻

Highlights

  • Pro

Block or report Chocapikk

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Chocapikk/README.md

Valentin Lobstein

Security Researcher & Exploit Developer @ VulnCheck (@vlobstein-vc)

Just a guy who likes breaking stuff. Can't stop looking for bugs. Sometimes I forget to breathe.

Blog · Twitter · LinkedIn · Ko-fi


78 CVEs · 5 on VulnCheck KEV · Referenced by CERT-FR & BSI


Notable Research

CVE Target Impact Ref
CVE-2026-28496 FOSSBilling Dup SSTI escalated to full RCE via getDi() Blog · Advisory
CVE-2026-53805 NVIDIA SIL GEN3C Unauth RCE via pickle deserialization VulnCheck
CVE-2026-29059 Windmill + Nextcloud Flow Unauth RCE chain (5 stages) CERT-FR · BSI · Blog
CVE-2026-39912 Xboard / V2Board (7k+ instances) Unauth account takeover via token leak Blog · Exploit
CVE-2026-28515..17 openDCIM Unauth RCE (3 chained vulns) VKEV · VKEV · Blog
CVE-2026-27760 OpenCATS Unauth RCE via installer code injection VKEV
CVE-2026-29514 NetBox Low-priv RCE via Jinja2 sandbox bypass Blog · PR
CVE-2025-2611 ICTBroadcast Unauth RCE via cookie injection VKEV · Blog
CVE-2025-34147..52 Aitemi M300 WiFi Repeater 6 unauth command injections CERT-FR · Blog
CVE-2024-22899..03 Vinchin Backup & Recovery Exploit chain Exploit
All CVEs (78)
CVE Description Links
CVE-2026-28496 FOSSBilling: SSTI to RCE via getDi() DI container (PDO access) in unsandboxed Twig rendering - VulnCheck KEV VulnCheck · Advisory
CVE-2026-53805 NVIDIA SIL GEN3C: unauth RCE via pickle.loads() deserialization in inference API VulnCheck
CVE-2026-29514 NetBox: low-priv RCE via Jinja2 SandboxedEnvironment bypass in ExportTemplate Blog · PR
CVE-2026-29059 Windfall: unauth path traversal + file read in Windmill & Nextcloud Flow - CERT-FR Blog · Toolkit · CERT-FR
CVE-2026-23696 Windmill SQLi in folder management to JWT secret leak to token forge to RCE Blog
CVE-2026-22683 Windmill operator role bypass: operators can create/execute scripts despite documentation Blog
CVE-2026-39912 Unauth account takeover in Xboard & V2Board Blog · Exploit
CVE-2026-28515 to CVE-2026-28517 3 chained vulns in openDCIM: unauth RCE on Docker - 28515 & 28517 on VulnCheck KEV Blog · Exploit
CVE-2026-27760 PHP code injection in OpenCATS installer AJAX endpoint - VulnCheck KEV Blog · VulnCheck
CVE-2026-27743 to CVE-2026-27747 5 vulns in SPIP plugins: 2 SQLi, 2 RCE, 1 XSS Blog
CVE-2026-27174 to CVE-2026-27181 8 vulns in MajorDoMo: 3 RCE, SQLi, 3 XSS Blog
CVE-2026-25874 Unauth RCE via Pickle in HuggingFace LeRobot (21.5k stars) Blog
CVE-2026-25873 Unauth RCE via Pickle in OmniGen2 reward server Blog
CVE-2026-29023 Hard-coded API key in Keygraph Shannon router Blog
CVE-2026-26210 Unauth RCE via Pickle in KTransformers (16.5k stars) Blog · Fix PR
CVE-2026-26220 Unauth RCE via Pickle in LightLLM Blog
CVE-2026-26215 Unauth RCE via Pickle in manga-image-translator Blog · VulnCheck
CVE-2025-34433 Unauth RCE in AVideo via predictable installation salt Blog · VulnCheck
CVE-2025-34434 to CVE-2025-34442 9 additional vulns in AVideo: IDORs, open redirects, info disclosure Blog
CVE-2025-34452 Path Traversal + SSRF in Streama Blog · VulnCheck
CVE-2025-34147 to CVE-2025-34152 6 unauth command injections in Aitemi M300 - CERT-FR Part 1 · Part 2 · CERT-FR
CVE-2025-30007 & CVE-2025-30008 Unauth XSS in Vembu BDRSuite Blog
CVE-2025-2611 ICTBroadcast unauth RCE - VulnCheck KEV GitHub · VulnCheck KEV
CVE-2025-2609 & CVE-2025-2610 Stored XSS in MagnusBilling Blog · VulnCheck
CVE-2025-2292, CVE-2025-30004 to CVE-2025-30006 Auth vulns in Xorcom CompletePBX VulnCheck
CVE-2024-31819 Unauth RCE in AVideo GitHub
CVE-2024-35373 & CVE-2024-35374 2 unauth RCE in Mocodo Blog
CVE-2024-30920 to CVE-2024-30929, CVE-2024-31818 Research in DerbyNet GitHub
CVE-2024-22899 to CVE-2024-22903, CVE-2024-25228 Exploit chain in Vinchin Backup & Recovery GitHub
CVE-2024-3032 Themify Builder Open Redirect WPScan
CVE-2023-50917 RCE in MajorDoMo GitHub

Tools

Tool Description
wpprobe Fast WordPress plugin enumeration (900+ stars) - in Kali, BlackArch, NixOS, Exegol
cewlai AI-powered wordlist generator (CeWL + CUPP + LLM in one binary)
pgread Dump PostgreSQL data from heap files without credentials
LFIHunt Scan & exploit Local File Inclusion
msf-exploit-collection All my Metasploit modules in one place

Hall of Fame

Ferrari (2023) · Siemens (2024) · Philips (2024) · Wikimedia (2024)

Pinned Loading

  1. wpprobe wpprobe Public

    A fast WordPress plugin enumeration tool

    Go 916 119

  2. CVE-2026-21858 CVE-2026-21858 Public

    n8n Ni8mare - Unauthenticated Arbitrary File Read to RCE Chain (CVSS 10.0)

    Python 259 52

  3. CVE-2023-29357 CVE-2023-29357 Public

    Microsoft SharePoint Server Elevation of Privilege Vulnerability

    Python 237 33

  4. CVE-2024-25600 CVE-2024-25600 Public

    Unauthenticated Remote Code Execution – Bricks <= 1.9.6

    Python 180 38

  5. CVE-2023-22515 CVE-2023-22515 Public

    CVE-2023-22515: Confluence Broken Access Control Exploit

    Python 153 32

  6. CVE-2024-45519 CVE-2024-45519 Public

    Zimbra - Remote Command Execution (CVE-2024-45519)

    Python 139 24