This project archives and deeply analyzes 1-day vulnerabilities discovered globally from 2024 onwards. It targets security researchers, red/blue team practitioners, and compliance auditors by providing practical, reproduction-oriented Proofs of Concept (PoCs) for high-value assets, enabling rapid understanding of current threat landscapes.

How It Works

The repository curates publicly disclosed 1-day vulnerabilities, focusing on high-value enterprise assets. It organizes PoCs and research findings by year for efficient retrieval. The core approach emphasizes practical reproduction and in-depth analysis, aiming to serve as a practical resource for understanding and verifying recent exploits.

Quick Start & Requirements

No specific installation or execution commands are provided. The project is a collection of research artifacts. Users are expected to clone the repository to access the vulnerability PoCs and associated research.

Highlighted Details

• Focuses on 1-day vulnerabilities affecting high-value assets.
• Covers diverse sectors: OA (泛微/致远/通达), ERP (用友/金蝶), email servers, network devices (routers, switches), firewalls, VPNs, LLM plugins, and container platforms (Docker/K8s).
• Includes common middleware like databases, web servers, and third-party libraries.
• Organized by year for streamlined searching and access to the latest threats.

Maintenance & Community

The project encourages community contributions via Pull Requests for PoCs or analysis reports and Issues for reporting reproduction problems. It tracks project popularity via GitHub Stars.

Licensing & Compatibility

No explicit open-source license is stated. The project's disclaimer imposes strict usage terms, permitting only legal cybersecurity research, education, and authorized testing. Unauthorized attacks or illegal activities are strictly prohibited, with users bearing full legal responsibility.

Limitations & Caveats

The repository contains PoCs derived from publicly disclosed vulnerabilities; their effectiveness and applicability may vary. The project explicitly prohibits any unauthorized or illegal use, placing the onus of legal compliance entirely on the user. No specific support or maintenance guarantees are mentioned.