Skip to content
View Chocapikk's full-sized avatar
🤒
Out sick
🤒
Out sick
1k followers · 169 following

Achievements

Achievement: Starstruckx3Achievement: Pair Extraordinairex3Achievement: Pull Sharkx2Achievement: Quickdraw

Achievements

Achievement: Starstruckx3Achievement: Pair Extraordinairex3Achievement: Pull Sharkx2Achievement: Quickdraw

Highlights

  • Pro

Block or report Chocapikk

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Chocapikk/README.md

Valentin Lobstein

Security Researcher & Exploit Developer

Blog · Twitter · LinkedIn · Ko-fi

Highlights

  • CVE-2025-2611 - ICTBroadcast unauth RCE via cookie injection - Added to VulnCheck KEV (writeup · KEV)
  • CVE-2025-34147 to 34152 - 6 unauth command injections in Aitemi M300 WiFi Repeater - Referenced by CERT-FR (writeup · CERT-FR)
  • CVE-2026-28515 to 28517 - 3 chained vulns in openDCIM: missing auth + SQLi + command injection = unauth RCE (writeup)
  • CVE-2026-27174 to 27181 - 8 vulns in MajorDoMo: 3 critical RCE, SQLi, 3 XSS (writeup)
  • CVE-2024-22899 to 22903 - Exploit chain in Vinchin Backup & Recovery (exploit)
All CVEs
CVE Description Links
CVE-2026-28515 to CVE-2026-28517 3 chained vulns in openDCIM: unauth RCE on Docker Blog · Exploit
CVE-2026-27743 to CVE-2026-27747 5 vulns in SPIP plugins: 2 SQLi, 2 RCE, 1 XSS Blog
CVE-2026-27174 to CVE-2026-27181 8 vulns in MajorDoMo: 3 RCE, SQLi, 3 XSS Blog
CVE-2026-26220 Unauth RCE via Pickle in LightLLM Blog
CVE-2026-26215 Unauth RCE via Pickle in manga-image-translator Blog · VulnCheck
CVE-2025-34433, CVE-2025-34441, CVE-2025-34442 Unauth RCE chain in AVideo Blog · VulnCheck
CVE-2025-34452 Path Traversal + SSRF in Streama Blog · VulnCheck
CVE-2025-34147 to CVE-2025-34152 6 unauth command injections in Aitemi M300 - CERT-FR Part 1 · Part 2 · CERT-FR
CVE-2025-30007 & CVE-2025-30008 Unauth XSS in Vembu BDRSuite Blog
CVE-2025-2611 ICTBroadcast unauth RCE - VulnCheck KEV GitHub · VulnCheck KEV
CVE-2025-2609 & CVE-2025-2610 Stored XSS in MagnusBilling Blog · VulnCheck
CVE-2025-2292, CVE-2025-30004 to CVE-2025-30006 Auth vulns in Xorcom CompletePBX VulnCheck
CVE-2024-31819 Unauth RCE in AVideo GitHub
CVE-2024-35373 & CVE-2024-35374 2 unauth RCE in Mocodo Blog
CVE-2024-30920 to CVE-2024-30929, CVE-2024-31818 Research in DerbyNet GitHub
CVE-2024-22899 to CVE-2024-22903, CVE-2024-25228 Exploit chain in Vinchin Backup & Recovery GitHub
CVE-2024-3032 Themify Builder Open Redirect WPScan
CVE-2023-50917 RCE in MajorDoMo GitHub

Tools

  • pik - Exploit framework & SDK for Go
  • wpprobe - Fast WordPress plugin enumeration (800+ stars, in Kali Linux)
  • LFIHunt - Scan & exploit Local File Inclusion
  • msf-exploit-collection - All my Metasploit modules in one place

Hall of Fame

Ferrari · Siemens · Philips · Wikimedia

Pinned Loading

  1. wpprobe wpprobe Public

    A fast WordPress plugin enumeration tool

    Go 796 101

  2. CVE-2026-21858 CVE-2026-21858 Public

    n8n Ni8mare - Unauthenticated Arbitrary File Read to RCE Chain (CVSS 10.0)

    Python 256 51

  3. CVE-2023-29357 CVE-2023-29357 Public

    Microsoft SharePoint Server Elevation of Privilege Vulnerability

    Python 235 31

  4. CVE-2024-25600 CVE-2024-25600 Public

    Unauthenticated Remote Code Execution – Bricks <= 1.9.6

    Python 180 37

  5. CVE-2023-22515 CVE-2023-22515 Public

    CVE-2023-22515: Confluence Broken Access Control Exploit

    Python 149 33

  6. CVE-2024-45519 CVE-2024-45519 Public

    Zimbra - Remote Command Execution (CVE-2024-45519)

    Python 134 24