Publicly Disclosed
PoC Exploits

đź”´ Alway take caution when working with PoC Exploits đź”´

Discovered just now...

PoC for CVE-2019-10744

SnykLodash9.1CRITICAL
Lodash Vulnerable to Prototype Pollution

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

Discovered 1 hour ago

PoC for CVE-2025-20700

Airoha Technology...Ab156x, Ab157x, Ab158x...8.8HIGH
Permission Bypass in Airoha Bluetooth Audio SDK

The Airoha Bluetooth audio SDK contains a vulnerability that enables a permission bypass, granting unauthorized access to sensitive data associated with the RACE protocol via Bluetooth LE GATT service. This flaw allows potential escalations in privilege without requiring additional execution priv...

Discovered 2 hours ago

PoC for CVE-2026-8274

NpitreCramfs-tools4.8MEDIUM
Path Traversal Vulnerability in Npitre Cramfs-tools Directory Handler

A security vulnerability has been identified in Npitre cramfs-tools versions up to 2.1, specifically within the do_directory function in cramfsck.c. This issue allows local attackers to manipulate the path and access restricted directories through path traversal exploits. The problem has been pub...

PoC for CVE-2026-8272

D-linkDns-3205.1MEDIUM
OS Command Injection Vulnerability in D-Link DNS-320 File Management

A security flaw has been identified in the D-Link DNS-320, specifically in the /cgi-bin/webfile_mgr.cgi file management functionalities. This vulnerability allows attackers to perform OS command injection, enabling unauthorized remote manipulation of file operations such as delete, rename, copy, ...

Discovered 3 hours ago

PoC for CVE-2026-8271

D-linkDns-3205.1MEDIUM
OS Command Injection Vulnerability in D-Link ShareCenter NAS Devices

A significant vulnerability has been found in the D-Link DNS-320 ShareCenter NAS, particularly in the network_mgr.cgi script. This vulnerability allows remote attackers to inject operating system commands via specific parameters in multiple CGI functions. Given that the exploit is already publicl...

PoC for CVE-2026-8270

Open5GSOpen5gs5.3MEDIUM
Denial of Service Vulnerability in Open5GS SMF

A vulnerability exists in Open5GS up to version 2.7.7 within the SMF component's ogs_nas_parse_qos_rules function. An attacker can remotely exploit this flaw through crafted inputs, resulting in denial of service. The issue has been publicly disclosed, highlighting significant risks for users and...

PoC for CVE-2026-8269

Open5GSOpen5gs5.3MEDIUM
Denial of Service Vulnerability in Open5GS by Open5GS

A vulnerability has been identified in Open5GS versions up to 2.7.7, specifically within the SMF component in the function smf_nsmf_handle_create_sm_context. This vulnerability allows for manipulation that can lead to a denial of service, enabling remote exploitation. Despite being reported early...

PoC for CVE-2026-8268

Open5GSOpen5gs5.3MEDIUM
Denial of Service Vulnerability in Open5GS by Open5GS

A vulnerability in Open5GS’s SMF component, specifically within the OpenAPI_list_create function, allows a remote attacker to execute a denial of service attack. This issue has been disclosed publicly, making affected installations potentially vulnerable to disruptions. The Open5GS project was no...

Discovered 4 hours ago

PoC for CVE-2026-8267

Open5GSOpen5gs5.3MEDIUM
Denial of Service Vulnerability in Open5GS by Open5GS

A vulnerability has been identified in Open5GS versions up to 2.7.7, specifically in the SMF component's function smf_nsmf_handle_created_data_in_vsmf. This flaw allows attackers to initiate remote denial of service attacks, disrupting the service's functionality. Despite being reported, there ha...

PoC for CVE-2026-8266

Open5GSOpen5gs5.3MEDIUM
Denial of Service Vulnerability in Open5GS by Open5GS

A vulnerability exists in Open5GS versions up to 2.7.7, specifically in the gsm_build_pdu_session_establishment_accept function located in /src/smf/gsm-build.c. This flaw allows an attacker to remotely exploit the vulnerability, resulting in a denial of service. Despite initial reporting to the p...

PoC for CVE-2020-0423

GoogleAndroid7.8HIGH
Local Privilege Escalation Vulnerability in Android Kernel by Google

A vulnerability exists within the Android kernel's binder subsystem, where improper locking in the binder_release_work function can result in a use-after-free condition. This flaw enables a local attacker to escalate their privileges on the device without requiring any additional execution permis...

PoC for CVE-2026-8265

TendaAc65.1MEDIUM
OS Command Injection Vulnerability in Tenda AC6 Router

A security vulnerability has been identified in the Tenda AC6 router firmware version 15.03.06.23, specifically in the get_log_file function of the httpd component. This issue arises from improper handling of the 'wans.flag' argument, which can lead to OS command injection attacks. Malicious acto...

PoC for CVE-2026-8264

TendaAc65.3MEDIUM
Command Injection Vulnerability in Tenda AC6 Router

A vulnerability has been discovered in the Tenda AC6 router affecting firmware version 15.03.06.23. Specifically, the flaw resides within the formWifiApScan function located in the httpd component of the router's software. By manipulating the wl2g.public.country or wl5g.public.country arguments, ...

Discovered 5 hours ago

PoC for CVE-2026-8263

TendaAc65.1MEDIUM
OS Command Injection Vulnerability in Tenda AC6 Router

A security flaw exists in the Tenda AC6 router's firmware version 15.03.06.49_multi_TDE01, specifically in the functionality associated with the fromSetWirelessRepeat function. This vulnerability allows for OS command injection through manipulation of the mac/ssid parameters within the /goform/Wi...

PoC for CVE-2026-8262

Devs PalaceErp Online4.8MEDIUM
Cross-Site Scripting Vulnerability in Devs Palace ERP Online

A vulnerability in Devs Palace ERP Online versions up to 4.0.0 allows attackers to execute arbitrary JavaScript code via an inadequate validation mechanism in the /accounts/chart-save endpoint. This flaw can be exploited remotely and poses a risk for users as it enables the injection of malicious...

PoC for CVE-2026-8261

Squirrel TeamSquirrel5.1MEDIUM
Heap-Based Buffer Overflow in Squirrel Product by Squirrel Team

A vulnerability affecting Squirrel versions up to 3.2 is identified, stemming from issues in the SQFunctionProto::Load function located in the squirrel/sqobject.cpp file. This vulnerability enables a heap-based buffer overflow, which can be triggered through local execution. Publicly disclosed ex...

PoC for CVE-2026-8260

D-linkDcs-935l8.7HIGH
Buffer Overflow Vulnerability in D-Link DCS-935L HNAP Service

A buffer overflow vulnerability affects the D-Link DCS-935L camera models running firmware versions up to 1.10.01. The flaw exists in the SetDeviceSettings function of the HNAP Service, located at /web/cgi-bin/hnap/hnap_service. This vulnerability enables an attacker to manipulate the AdminPasswo...

Discovered 6 hours ago

PoC for CVE-2026-8259

TendaAc65.1MEDIUM
OS Command Injection Vulnerability in Tenda AC6 Router

A vulnerability has been discovered in the Tenda AC6 router affecting the HTTP daemon component, specifically within the '/goform/telnet' function. This issue arises from improper handling of the 'lan.ip' argument, which can lead to OS command injection. Attackers can exploit this vulnerability r...

PoC for CVE-2026-8258

SquirrelSquirrel4.8MEDIUM
Buffer Overflow Vulnerability in Squirrel Library Affecting Local E...

A vulnerability has been identified in the Squirrel library, particularly affecting versions up to 3.2. This flaw exists within the 'validate_format' function located in 'sqstdlib/sqstdstring.cpp'. An attacker with local access can manipulate this function, leading to a stack-based buffer overflo...

PoC for CVE-2026-8257

WebassemblyBinaryen4.8MEDIUM
WebAssembly Binaryen Denial of Service Vulnerability in BrOn Parser

A vulnerability in WebAssembly Binaryen's BrOn Parser has been identified, which can lead to a Denial of Service condition. Specifically, the issue lies within the function IRBuilder::makeBrOn in the wasm-ir-builder.cpp file. Manipulation of this function could trigger a reachable assertion failu...

Discovered 7 hours ago

PoC for CVE-2026-8252

Open5GS ProjectOpen5gs5.3MEDIUM
Null Pointer Dereference Vulnerability in Open5GS by Open5GS Project

A significant vulnerability has been identified in Open5GS versions up to 2.7.7, specifically within the SMF component's function smf_nsmf_handle_create_data_in_hsmf. This issue allows attackers to exploit a null pointer dereference, which can lead to denial of service. Importantly, this vulnerab...

Discovered 8 hours ago

PoC for CVE-2026-8251

Open5GSOpen5gs5.3MEDIUM
Denial of Service Vulnerability in Open5GS SMF by Open5GS

A denial of service vulnerability has been identified in the Open5GS SMF, specifically in the function update_authorized_pcc_rule_and_qos located in the file /src/smf/npcf-handler.c. This vulnerability allows an attacker to disrupt the service functionality remotely by performing manipulation on ...

PoC for CVE-2026-8250

Open5GSOpen5gs5.3MEDIUM
Denial of Service Vulnerability in Open5GS SMF by Open5GS

A denial of service vulnerability has been identified in Open5GS versions up to 2.7.7, specifically affecting the SMF component. The issue arises from a flaw in the function smf_n4_build_qos_flow_to_modify_list located in the /src/smf/n4-build.c file. This vulnerability allows remote attackers to...

PoC for CVE-2026-8249

Open5GSOpen5gs5.3MEDIUM
Denial of Service Vulnerability in Open5GS SMF by Open5GS

A vulnerability in Open5GS SMF impacting version 2.7.7 allows unauthorized manipulation of the function update_authorized_pcc_rule_and_qos within the source file /src/smf/npcf-handler.c. This results in a Denial of Service (DoS) condition, permitting remote exploitation. Despite being reported to...

PoC for CVE-2026-8248

Open5GSOpen5gs5.3MEDIUM
Denial of Service Vulnerability in Open5GS SMF Component

A vulnerability in Open5GS, specifically within the SMF component, has been identified that could lead to a denial of service. The issue lies within the function update_authorized_pcc_rule_and_qos in the npcf-handler.c file. This flaw, present in versions up to 2.7.7, can be exploited remotely, p...

Discovered 10 hours ago

PoC for CVE-2020-25213

WordpressFile Manager🟣 EPSS 94%10CRITICAL
Remote Code Execution in File Manager Plugin for WordPress

The File Manager plugin for WordPress prior to version 6.9 contains a vulnerability that permits remote attackers to upload and execute arbitrary PHP code. The issue arises from the renaming of an insecure example elFinder connector file to have a .php extension. This flaw facilitates attackers t...

Discovered 14 hours ago

PoC for CVE-2026-25253

OpenclawOpenclaw8.8HIGH
WebSocket Vulnerability in OpenClaw by OpenClaw AI

An identified vulnerability in OpenClaw products before version 2026.1.29 allows the software to retrieve a gateway URL from a query string. This triggers an automatic WebSocket connection, which then sends a sensitive token value without user interaction. This flaw may expose users to unauthoriz...

Discovered 15 hours ago

PoC for CVE-2025-68664

Langchain-aiLangchain9.3CRITICAL
Serialization Injection Vulnerability in LangChain Framework

The LangChain framework, designed for building agents and LLM-powered applications, contains a serialization injection vulnerability in its dumps() and dumpd() functions. This flaw arises from the handling of user-controlled data, specifically when dictionaries containing 'lc' keys are serialized...

Discovered 17 hours ago

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

PoC for CVE-2025-4396

WordPressRelevanssi Premium🟣 EPSS 22%7.5HIGH
SQL Injection Vulnerability in Relevanssi Search Plugin for WordPress

The Relevanssi – A Better Search plugin for WordPress presents a vulnerability that allows time-based SQL injection through the cats and tags query parameters. This issue affects all versions up to and including 4.24.4 for free and 2.27.4 for premium users. The vulnerability arises from inadequat...

PoC for CVE-2024-47176

OpenprintingCups-browsed🟣 EPSS 88%5.3MEDIUM
CUPS 'cups-browsed' Vulnerability Allows Remote Execution of Arbitr...

The CUPS printing system, which is widely used for managing print jobs, has a vulnerability in its cups-browsed component that allows for network printing functionality such as auto-discovery of print services. This component binds to INADDR_ANY:631, which leads to a scenario where it will accept...

Discovered 18 hours ago

PoC for CVE-2021-47953

OpencartOpencart5.3MEDIUM
Cross-Site Request Forgery in OpenCart by OpenCart

OpenCart version 3.0.3.7 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability that enables attackers to modify user passwords. By sending carefully crafted requests to the account/password endpoint, an attacker can manipulate authenticated users into executing actions without their...

PoC for CVE-2021-47951

WordPressPicture Gallery5.1MEDIUM
Stored Cross-Site Scripting Vulnerability in WordPress Picture Gall...

The Picture Gallery plugin for WordPress, version 1.4.2, is susceptible to a stored cross-site scripting (XSS) vulnerability. This security flaw allows authenticated users to utilize the Edit Content URL field in the Access Control settings to inject malicious JavaScript code. The injected script...

PoC for CVE-2021-47950

AmppsAdvanced Guestbook5.1MEDIUM
Persistent Cross-Site Scripting Vulnerability in Advanced Guestbook...

Advanced Guestbook version 2.4.4 contains a persistent cross-site scripting vulnerability that affects the smilies administration interface. Authenticated attackers can exploit this flaw by injecting malicious scripts through the s_emotion parameter. When administrators access the smilies tab, an...

PoC for CVE-2021-47949

CyberpanelCyberpanel8.7HIGH
Command Execution Vulnerability in CyberPanel by CyberPanel Technol...

CyberPanel 2.1 is affected by a command execution vulnerability that enables authenticated attackers to exploit symlink attacks via the filemanager controller endpoint. By manipulating the completeStartingPath parameter in POST requests directed to /filemanager/controller, adversaries can create ...

PoC for CVE-2021-47948

WordPressPayments Plugin Getpaid5.1MEDIUM
HTML Injection Vulnerability in GetPaid Plugin for WordPress

The GetPaid Plugin for WordPress, version 2.4.6, is vulnerable to an HTML injection flaw that allows authenticated users to inject arbitrary HTML code into the Help Text field within payment forms. This exploitation can lead to the insertion of malicious content, including scripts and images, whi...

PoC for CVE-2021-47947

ProjectsendProjectsend5.1MEDIUM
Stored Cross-Site Scripting in Projectsend by Projectsend Team

Projectsend r1295 has a vulnerability that allows authenticated attackers to exploit a stored cross-site scripting flaw. By submitting specially crafted input through the 'name' parameter in files-edit.php, attackers can embed malicious JavaScript. This script executes in the browsers of users wh...

PoC for CVE-2021-47946

OpencartOpencart6.9MEDIUM
Cross-Site Request Forgery Vulnerability in OpenCart by OpenCart

OpenCart 3.0.36 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability that can be exploited by attackers to manipulate user account details. This issue resides in the /account/edit endpoint, permitting unauthorized alterations to victim account information. By luring users into visi...

PoC for CVE-2021-47945

ArgusArgus Surveillance Dvr8.5HIGH
Unquoted Service Path Vulnerability in Argus Surveillance DVR from ...

The Argus Surveillance DVR 4.0 is susceptible to a local privilege escalation vulnerability due to an unquoted service path in the DVRWatchdog service. Attackers can exploit this flaw by placing a malicious executable in the Program Files directory. Upon starting the service, the malicious execut...

PoC for CVE-2021-47944

MemonoNotepad8.7HIGH
Denial of Service Vulnerability in memono Notepad by memono

memono Notepad version 4.2 is susceptible to a denial of service vulnerability that can be exploited by attackers to crash the application. By pasting excessively long character buffers—around 350,000 repeated characters—into the note fields, attackers can cause the application to become unstable...

PoC for CVE-2021-47943

TextpatternTextpattern Cms8.7HIGH
Remote Code Execution Vulnerability in TextPattern CMS 4.8.7

TextPattern CMS 4.8.7 has a significant flaw that allows authenticated users to upload malicious PHP files through a file upload feature. This vulnerability enables attackers to execute arbitrary commands on the server by leveraging the content management system's file handling capabilities. By u...

PoC for CVE-2021-47943

TextpatternTextpattern Cms8.7HIGH
Remote Code Execution Vulnerability in TextPattern CMS 4.8.7

TextPattern CMS 4.8.7 has a significant flaw that allows authenticated users to upload malicious PHP files through a file upload feature. This vulnerability enables attackers to execute arbitrary commands on the server by leveraging the content management system's file handling capabilities. By u...

PoC for CVE-2021-47940

WordPressDownload From Files9.3CRITICAL
Arbitrary File Upload Vulnerability in Download From Files Plugin b...

The Download From Files plugin for WordPress, up to version 1.48, is vulnerable to an arbitrary file upload issue that can be exploited by unauthenticated attackers. By sending POST requests to the admin-ajax.php endpoint with specifically crafted payloads, attackers can manipulate the allowExt p...

PoC for CVE-2021-47941

WordPressSurvey & Poll8.8HIGH
SQL Injection Vulnerability in Survey & Poll Plugin for WordPress

The Survey & Poll plugin for WordPress, specifically version 1.5.7.3, is susceptible to an SQL injection vulnerability. This issue permits unauthenticated attackers to execute arbitrary SQL queries through the wp_sap cookie parameter. By crafting malicious SQL payloads, an attacker can potentiall...

PoC for CVE-2021-47939

EvoEvolution Cms8.7HIGH
Remote Code Execution Vulnerability in Evolution CMS by Evolution

Evolution CMS version 3.1.6 has a security flaw that enables authenticated users with module creation permissions to inject malicious PHP code, leading to potential remote code execution. By crafting crafted POST requests to /manager/index.php with harmful code in the 'post' parameter, an attacke...

PoC for CVE-2021-47938

ImpresscmsImpresscms8.7HIGH
Remote Code Execution in ImpressCMS 1.4.2 by Authenticated Users

ImpressCMS 1.4.2 has a vulnerability in the autotasks administrative interface that enables authenticated users to execute arbitrary PHP code. This is accomplished by injecting malicious code into the sat_code parameter. When attackers authenticate and send a POST request to /modules/system/admin...

PoC for CVE-2021-47937

E107E107 Cms8.7HIGH
Remote Code Execution in e107 CMS by Unauthorized Theme Installation

The e107 CMS version 2.3.0 is susceptible to a remote code execution vulnerability, granting authenticated users with theme installation permissions the ability to exploit the system. By uploading specially crafted theme files through the theme.php endpoint, attackers can deploy web shells in the...

PoC for CVE-2021-47935

SentrySentry8.7HIGH
Remote Code Execution Flaw in Sentry 8.2.0 by Sentry

Sentry 8.2.0 is vulnerable to a remote code execution attack that can be exploited by authenticated superusers. By injecting malicious pickle-serialized objects into the audit log entry data parameter, attackers can send specially crafted POST requests to the admin audit log endpoint. This exploi...

PoC for CVE-2021-47936

OpencatsOpencats9.3CRITICAL
Remote Code Execution Vulnerability in OpenCATS by OpenCATS

OpenCATS version 0.9.4 is susceptible to a remote code execution vulnerability that enables unauthenticated attackers to execute arbitrary commands on the server. This exploit occurs when malicious PHP files, disguised as resume attachments, are uploaded through the careers job application endpoi...

PoC for CVE-2021-47933

WordPressMstore Api9.3CRITICAL
Arbitrary File Upload Vulnerability in MStore API by WordPress

The MStore API version 2.0.6 for WordPress is susceptible to an arbitrary file upload vulnerability. Unauthenticated attackers can exploit this weakness by crafting POST requests directed at the REST API endpoint, specifically the config_file endpoint. This flaw allows attackers to upload malicio...