An unknown individual with the summery pseudonym “Bikini” has published proof-of-concept code for nearly two dozen security vulnerabilities on the code-sharing platform GitHub – all of which, according to their statement, are previously unfixed zero-days. Among them are exploits for PHP, OpenVPN, VLC, and other projects. The severity of the vulnerabilities ranges from information leaks to code injection. Anyone who wishes can report the vulnerabilities to the manufacturer to gain fame.
In the GitHub repository “Exploitarium,” all vulnerabilities can be found with a short README, which, like parts of the actual vulnerability discovery, is AI-generated. The following projects are affected individually:
7-Zip 26.01 (Windows)AnyDesk 9.7.6 (Windows)c-aresDocker Engine 29.6.0FFmpeg: RASC decoderFirefox 152.0.2 (Windows)Floci 1.5.27 API GatewayFlowise 3.1.2 / flowise-components 3.1.2Ghidra 12.1.2GiteaImageMagick 7.1.2-25 with Ghostscript 10.07.1 (Windows)libssh2 (PoC for CVE-2026-55200 as well as for a new vulnerability on Windows)Lunar ClientMyBB 1.8.40nghttp2 1.69.0nmapobjdumpOpenVPN 3.11.3 and OpenVPN Connect for Windows 3.8.0PHP 8.5.7RustDeskSystemInformer 4.0.26162.539 (Windows)VLC 3.0.23 (Windows)







