Security Researcher & Exploit Developer @ VulnCheck (@vlobstein-vc)
Just a guy who likes breaking stuff. Can't stop looking for bugs. Sometimes I forget to breathe.
Blog · Twitter · LinkedIn · Ko-fi
78 CVEs · 5 on VulnCheck KEV · Referenced by CERT-FR & BSI
| CVE | Target | Impact | Ref |
|---|---|---|---|
| CVE-2026-28496 | FOSSBilling | Dup SSTI escalated to full RCE via getDi() | Blog · Advisory |
| CVE-2026-53805 | NVIDIA SIL GEN3C | Unauth RCE via pickle deserialization | VulnCheck |
| CVE-2026-29059 | Windmill + Nextcloud Flow | Unauth RCE chain (5 stages) | CERT-FR · BSI · Blog |
| CVE-2026-39912 | Xboard / V2Board (7k+ instances) | Unauth account takeover via token leak | Blog · Exploit |
| CVE-2026-28515..17 | openDCIM | Unauth RCE (3 chained vulns) | VKEV · VKEV · Blog |
| CVE-2026-27760 | OpenCATS | Unauth RCE via installer code injection | VKEV |
| CVE-2026-29514 | NetBox | Low-priv RCE via Jinja2 sandbox bypass | Blog · PR |
| CVE-2025-2611 | ICTBroadcast | Unauth RCE via cookie injection | VKEV · Blog |
| CVE-2025-34147..52 | Aitemi M300 WiFi Repeater | 6 unauth command injections | CERT-FR · Blog |
| CVE-2024-22899..03 | Vinchin Backup & Recovery | Exploit chain | Exploit |
All CVEs (78)
| CVE | Description | Links |
|---|---|---|
| CVE-2026-28496 | FOSSBilling: SSTI to RCE via getDi() DI container (PDO access) in unsandboxed Twig rendering - VulnCheck KEV | VulnCheck · Advisory |
| CVE-2026-53805 | NVIDIA SIL GEN3C: unauth RCE via pickle.loads() deserialization in inference API | VulnCheck |
| CVE-2026-29514 | NetBox: low-priv RCE via Jinja2 SandboxedEnvironment bypass in ExportTemplate | Blog · PR |
| CVE-2026-29059 | Windfall: unauth path traversal + file read in Windmill & Nextcloud Flow - CERT-FR | Blog · Toolkit · CERT-FR |
| CVE-2026-23696 | Windmill SQLi in folder management to JWT secret leak to token forge to RCE | Blog |
| CVE-2026-22683 | Windmill operator role bypass: operators can create/execute scripts despite documentation | Blog |
| CVE-2026-39912 | Unauth account takeover in Xboard & V2Board | Blog · Exploit |
| CVE-2026-28515 to CVE-2026-28517 | 3 chained vulns in openDCIM: unauth RCE on Docker - 28515 & 28517 on VulnCheck KEV | Blog · Exploit |
| CVE-2026-27760 | PHP code injection in OpenCATS installer AJAX endpoint - VulnCheck KEV | Blog · VulnCheck |
| CVE-2026-27743 to CVE-2026-27747 | 5 vulns in SPIP plugins: 2 SQLi, 2 RCE, 1 XSS | Blog |
| CVE-2026-27174 to CVE-2026-27181 | 8 vulns in MajorDoMo: 3 RCE, SQLi, 3 XSS | Blog |
| CVE-2026-25874 | Unauth RCE via Pickle in HuggingFace LeRobot (21.5k stars) | Blog |
| CVE-2026-25873 | Unauth RCE via Pickle in OmniGen2 reward server | Blog |
| CVE-2026-29023 | Hard-coded API key in Keygraph Shannon router | Blog |
| CVE-2026-26210 | Unauth RCE via Pickle in KTransformers (16.5k stars) | Blog · Fix PR |
| CVE-2026-26220 | Unauth RCE via Pickle in LightLLM | Blog |
| CVE-2026-26215 | Unauth RCE via Pickle in manga-image-translator | Blog · VulnCheck |
| CVE-2025-34433 | Unauth RCE in AVideo via predictable installation salt | Blog · VulnCheck |
| CVE-2025-34434 to CVE-2025-34442 | 9 additional vulns in AVideo: IDORs, open redirects, info disclosure | Blog |
| CVE-2025-34452 | Path Traversal + SSRF in Streama | Blog · VulnCheck |
| CVE-2025-34147 to CVE-2025-34152 | 6 unauth command injections in Aitemi M300 - CERT-FR | Part 1 · Part 2 · CERT-FR |
| CVE-2025-30007 & CVE-2025-30008 | Unauth XSS in Vembu BDRSuite | Blog |
| CVE-2025-2611 | ICTBroadcast unauth RCE - VulnCheck KEV | GitHub · VulnCheck KEV |
| CVE-2025-2609 & CVE-2025-2610 | Stored XSS in MagnusBilling | Blog · VulnCheck |
| CVE-2025-2292, CVE-2025-30004 to CVE-2025-30006 | Auth vulns in Xorcom CompletePBX | VulnCheck |
| CVE-2024-31819 | Unauth RCE in AVideo | GitHub |
| CVE-2024-35373 & CVE-2024-35374 | 2 unauth RCE in Mocodo | Blog |
| CVE-2024-30920 to CVE-2024-30929, CVE-2024-31818 | Research in DerbyNet | GitHub |
| CVE-2024-22899 to CVE-2024-22903, CVE-2024-25228 | Exploit chain in Vinchin Backup & Recovery | GitHub |
| CVE-2024-3032 | Themify Builder Open Redirect | WPScan |
| CVE-2023-50917 | RCE in MajorDoMo | GitHub |
| Tool | Description |
|---|---|
| wpprobe | Fast WordPress plugin enumeration (900+ stars) - in Kali, BlackArch, NixOS, Exegol |
| cewlai | AI-powered wordlist generator (CeWL + CUPP + LLM in one binary) |
| pgread | Dump PostgreSQL data from heap files without credentials |
| LFIHunt | Scan & exploit Local File Inclusion |
| msf-exploit-collection | All my Metasploit modules in one place |
Ferrari (2023) · Siemens (2024) · Philips (2024) · Wikimedia (2024)



