Publicly Disclosed
PoC Exploits
🔴 Alway take caution when working with PoC Exploits 🔴
Discovered just now...
PoC for CVE-2026-63030
A confusion issue in the REST API batch endpoint of WordPress versions 6.9.x prior to 6.9.5 and 7.0.x prior to 7.0.2 could facilitate an exploit. This vulnerability, when combined with an existing SQL Injection flaw in the author__not_in WP_Query feature, can allow attackers to execute unauthoriz...
PoC for CVE-2026-63030
A confusion issue in the REST API batch endpoint of WordPress versions 6.9.x prior to 6.9.5 and 7.0.x prior to 7.0.2 could facilitate an exploit. This vulnerability, when combined with an existing SQL Injection flaw in the author__not_in WP_Query feature, can allow attackers to execute unauthoriz...
PoC for CVE-2026-46215
A race condition has been identified in the Linux kernel related to the handling of device resources, specifically within the Direct Rendering Manager (DRM). This vulnerability arises during the prime swap operation where a single object can spawn two ID references. A concurrent operation, such a...
Discovered 2 hours ago
PoC for CVE-2026-16229
A flaw has been identified in the itsourcecode Courier Management System that can be exploited through remote manipulation of the 'page' argument in the /index.php file. This vulnerability allows attackers to execute cross site scripting attacks, potentially leading to unauthorized actions on beh...
PoC for CVE-2026-16228
A security vulnerability has been identified in the SourceCodester Class and Exam Timetabling System version 1.0, specifically within the /edit_schoolyr.php file. This flaw allows attackers to manipulate the ID argument, leading to SQL injection attacks that can be executed remotely. As a result,...
PoC for CVE-2026-16227
A security flaw has been identified in version 1.0 of the SourceCodester Class and Exam Timetabling System. This vulnerability resides within an unspecified function of the /edit_subject.php file, where it is possible for an attacker to manipulate the ID argument. This manipulation can lead to un...
Discovered 4 hours ago
PoC for CVE-2026-16225
A significant security flaw exists in Snap7 by Davenardella affecting the function TSnap7Peer::NegotiatePDULength within the s7_peer.cpp file. The vulnerability arises from improper handling of the PDULength argument, leading to an out-of-bounds write condition. This flaw can be exploited remotel...
PoC for CVE-2026-46420
The setup-php action, which simplifies the configuration of PHP environments on GitHub Actions, is vulnerable to command injection due to its handling of PHP version resolution from certain repository-controlled files. Specifically, from versions 2.25.0 to 2.37.0, inadequate validation of version...
PoC for CVE-2026-16223
A vulnerability exists in 1Panel-dev CordysCRM versions up to 1.4.1, specifically within the getSqlBotSrc function of the IntegrationConfigService.java file. This flaw allows an attacker to manipulate the appSecret argument, potentially leading to unauthorized server-side requests being executed....
Discovered 5 hours ago
PoC for CVE-2026-16222
A potential security vulnerability exists within 1Panel-dev CordysCRM, specifically affecting the TokenService component found in the backend/crm/src/main/java/cn/cordys/crm/integration/sso/service directory. By manipulating the mkAddress argument, an attacker may execute server-side request forg...
PoC for CVE-2026-60137
A vulnerability in WordPress allows for potential SQL Injection due to improper sanitization of the author__not_in parameter in WP_Query. When untrusted input is passed to this parameter via a plugin or theme, it could lead to unauthorized database queries. Affected versions include WordPress 6.8...
PoC for CVE-2026-16220
The Online Examination System version 1.0 developed by Code-Projects contains a cross-site scripting vulnerability in the /account.php file, particularly when manipulating the 'eid/n/t' argument. This weakness allows an attacker to execute arbitrary JavaScript in the context of the user's browser...
PoC for CVE-2026-63030
A confusion issue in the REST API batch endpoint of WordPress versions 6.9.x prior to 6.9.5 and 7.0.x prior to 7.0.2 could facilitate an exploit. This vulnerability, when combined with an existing SQL Injection flaw in the author__not_in WP_Query feature, can allow attackers to execute unauthoriz...
Discovered 6 hours ago
PoC for CVE-2026-16219
A vulnerability has been identified in Croogo CMS versions up to 4.0.7, specifically within the FileManager::isEditable function located in FileManager/src/Utility/FileManager.php. This flaw allows an attacker to perform path traversal attacks, which can lead to unauthorized access to sensitive f...
PoC for CVE-2026-16217
A security vulnerability has been identified in the Guohongze Adminset version up to 0.61, specifically within the Delivery Deployment Endpoint's deli.py file. The vulnerability lies in how the project_id argument is processed, potentially allowing unauthorized access. This issue can be exploited...
PoC for CVE-2026-63030
A confusion issue in the REST API batch endpoint of WordPress versions 6.9.x prior to 6.9.5 and 7.0.x prior to 7.0.2 could facilitate an exploit. This vulnerability, when combined with an existing SQL Injection flaw in the author__not_in WP_Query feature, can allow attackers to execute unauthoriz...
Discovered 7 hours ago
PoC for CVE-2026-16216
A vulnerability has been discovered in the OAuth Handler of Geex-Arts Django-Jet, affecting versions up to 1.0.8. This issue allows remote attackers to manipulate the handler and potentially execute cross-site request forgery attacks. Although the problem was reported early, the vendor has not ta...
PoC for CVE-2026-63030
A confusion issue in the REST API batch endpoint of WordPress versions 6.9.x prior to 6.9.5 and 7.0.x prior to 7.0.2 could facilitate an exploit. This vulnerability, when combined with an existing SQL Injection flaw in the author__not_in WP_Query feature, can allow attackers to execute unauthoriz...
PoC for CVE-2026-60137
A vulnerability in WordPress allows for potential SQL Injection due to improper sanitization of the author__not_in parameter in WP_Query. When untrusted input is passed to this parameter via a plugin or theme, it could lead to unauthorized database queries. Affected versions include WordPress 6.8...
Discovered 8 hours ago
PoC for CVE-2026-16212
A race condition vulnerability has been discovered in awesto django-shop, specifically affecting version 1.2.4. This vulnerability resides in the Purchase Stock Handler component located in shop/models/inventory.py. The flaw can be exploited remotely, indicating a potential risk to users of the s...
PoC for CVE-2021-3129
Ignition versions prior to 2.5.2, as utilized in Laravel, may expose applications to remote code execution vulnerabilities. Attackers can exploit this weakness by leveraging insecure file handling functions, particularly when applications are run in debug mode. This allows unauthenticated attacke...
PoC for CVE-2026-16211
A vulnerability has been identified in Allegro's Ralph, specifically in the Hostname Allocation Handler. The issue resides in the AssetLastHostname.increment_hostname function of the assets.py file. By manipulating the argument counter, an attacker could potentially exploit a race condition. Thou...
PoC for CVE-2026-16210
A vulnerability exists in the AjaxAdmin component of newpanjing SimpleUI (version 2026.01.13), where the function 'self.get_action' located in simpleui/admin.py allows for missing authentication. This flaw may enable unauthorized remote exploitation, posing a significant risk to users. The projec...
Discovered 9 hours ago
PoC for CVE-2026-16209
A vulnerability exists in Gerapy versions up to 0.9.13, specifically in the Project Upload Endpoint. This issue arises from a missing authentication mechanism in the file gerapy/server/core/views.py. Attackers can remotely exploit this vulnerability to manipulate the endpoint without proper verif...
PoC for CVE-2026-63030
A confusion issue in the REST API batch endpoint of WordPress versions 6.9.x prior to 6.9.5 and 7.0.x prior to 7.0.2 could facilitate an exploit. This vulnerability, when combined with an existing SQL Injection flaw in the author__not_in WP_Query feature, can allow attackers to execute unauthoriz...
Discovered 10 hours ago
PoC for CVE-2026-16205
A potential cross-site scripting (XSS) vulnerability exists in the Albums Module of Pluck CMS versions up to 4.7.21. The issue arises from improper handling of user input in the htmlspecialchars_decode function within the file data/modules/albums/albums.admin.php. By manipulating the argument Inf...
PoC for CVE-2026-16204
A security flaw has been identified in the zevorn rt-claw product, specifically in the Telegram-to-AI Tool Execution Flow's tool_run_script_execute function. This vulnerability allows for remote code injection due to inadequate input validation in the script handling mechanism found in claw/servi...
PoC for CVE-2026-60137
A vulnerability in WordPress allows for potential SQL Injection due to improper sanitization of the author__not_in parameter in WP_Query. When untrusted input is passed to this parameter via a plugin or theme, it could lead to unauthorized database queries. Affected versions include WordPress 6.8...
PoC for CVE-2026-16203
A vulnerability exists in the SourceCodester Class and Exam Timetabling System version 1.0, specifically within the functionality of the file /forCYS.php. This issue allows an attacker to manipulate the 'course' argument, facilitating cross-site scripting (XSS) attacks. The exploit is publicly ac...
PoC for CVE-2026-63030
A confusion issue in the REST API batch endpoint of WordPress versions 6.9.x prior to 6.9.5 and 7.0.x prior to 7.0.2 could facilitate an exploit. This vulnerability, when combined with an existing SQL Injection flaw in the author__not_in WP_Query feature, can allow attackers to execute unauthoriz...
PoC for CVE-2026-16202
A vulnerability has been identified in the SourceCodester Class and Exam Timetabling System 1.0, specifically in the /CYS.php file. This issue arises from the manipulation of the 'course' argument, enabling attackers to execute cross site scripting (XSS) attacks remotely. With the potential for e...
Discovered 11 hours ago
PoC for CVE-2026-16201
The Zevorn rt-claw software has been identified with a vulnerability in the http_request component, specifically within the claw_net_get and claw_net_post functions located in claw/services/tools/net.c. This flaw facilitates information disclosure, potentially allowing an unauthorized attacker to...
PoC for CVE-2023-49092
RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is curren...
PoC for CVE-2026-16200
A security flaw has been identified in Zevorn RT-Claw versions up to 0.2.0 that affects the RPC Handler's claw_tool_invoke function. This vulnerability allows for incorrect authorization, which could lead to unauthorized remote access. The issue has been publicly disclosed and poses potential ris...
Discovered 12 hours ago
PoC for CVE-2026-16198
A vulnerability in Sipeed PicoClaw affects versions up to 0.2.9, specifically in an unknown function of the web/backend/middleware/access_control.go file related to the First Run Setup component. This flaw allows for an authentication bypass by manipulating the allowed_cidrs attribute, facilitati...
PoC for CVE-2026-63030
A confusion issue in the REST API batch endpoint of WordPress versions 6.9.x prior to 6.9.5 and 7.0.x prior to 7.0.2 could facilitate an exploit. This vulnerability, when combined with an existing SQL Injection flaw in the author__not_in WP_Query feature, can allow attackers to execute unauthoriz...
Discovered 13 hours ago
PoC for CVE-2026-63030
A confusion issue in the REST API batch endpoint of WordPress versions 6.9.x prior to 6.9.5 and 7.0.x prior to 7.0.2 could facilitate an exploit. This vulnerability, when combined with an existing SQL Injection flaw in the author__not_in WP_Query feature, can allow attackers to execute unauthoriz...
PoC for CVE-2026-16197
A security vulnerability affects Sipeed PicoClaw versions up to 0.2.9, specifically in the Group Message Handler's handleMessageReceive function located in feishu_64.go. This flaw can be exploited remotely, allowing unauthorized users to gain access to functionalities without proper authorization...
PoC for CVE-2026-16196
A vulnerability in the Sipeed PicoClaw software has been identified, specifically impacting the web_fetch component's isPrivateOrRestrictedIP function. This flaw facilitates server-side request forgery, allowing remote attackers to manipulate server requests. The exploit has been made publicly ac...
PoC for CVE-2026-16195
A serious security flaw has been identified in Sipeed PicoClaw, affecting versions up to 0.2.9. This vulnerability lies within the dispatchIncoming function of the Group Message Handler component, specifically in the wecom.go file. The flaw allows for improper authorization checks, potentially en...
Discovered 14 hours ago
PoC for CVE-2026-16194
A security flaw has been identified in the zhayujie CowAgent software, specifically affecting the WebFetch.execute function found in the file agent/tools/web_fetch/web_fetch.py. By manipulating the URL argument, an attacker could perform server-side request forgery, potentially allowing unauthori...
PoC for CVE-2026-63030
A confusion issue in the REST API batch endpoint of WordPress versions 6.9.x prior to 6.9.5 and 7.0.x prior to 7.0.2 could facilitate an exploit. This vulnerability, when combined with an existing SQL Injection flaw in the author__not_in WP_Query feature, can allow attackers to execute unauthoriz...
Discovered 15 hours ago
PoC for CVE-2026-16156
A security flaw has been identified in the SourceCodester Class and Exam Timetabling System version 1.0, specifically in the file forexam.php. By manipulating the 'day' argument, attackers can execute cross-site scripting attacks, which may allow them to inject malicious scripts into web pages vi...
PoC for CVE-2026-16155
A cross-site scripting vulnerability exists in the SourceCodester Class and Exam Timetabling System, specifically within the '/schoolyr.php' file. This vulnerability allows attackers to manipulate the argument 'sy' to inject malicious scripts that can be executed in the user's browser. The attack...
PoC for CVE-2026-16154
A vulnerability has been identified in the SourceCodester Class and Exam Timetabling System, specifically within the edit_room1.php file. This issue stems from improper handling of the ID argument, enabling attackers to exploit the system via SQL injection techniques. This vulnerability allows re...
Discovered 16 hours ago
PoC for CVE-2026-16152
A SQL injection vulnerability has been identified in the SourceCodester Class and Exam Timetabling System version 1.0. The issue originates from improper handling of the argument ID in the file /edit_rooma.php. Remote attackers can exploit this vulnerability by manipulating input parameters, pote...
Discovered 17 hours ago
PoC for CVE-2026-16133
A vulnerability exists in LiuMengxuan04 MiniCode version 0.1.0, specifically in the child_process.spawn function within the mcp.ts file. This flaw enables remote attackers to perform command injection, given certain manipulation techniques, though the exploitation process is complex. As of now, a...
PoC for CVE-2026-16131
A vulnerability has been discovered in the itsourcecode Hospital Management System 1.0, specifically within the '/prescriptionrecord.php' file. This issue arises from improper handling of an input parameter, 'delid', which can be manipulated to execute SQL injection attacks. Attackers can exploit...
Discovered 18 hours ago
PoC for CVE-2026-43499
A vulnerability exists in the Linux kernel's rtmutex component where the remove_waiter() function incorrectly utilizes current instead of waiter::task during a dequeue operation within various mutex handling paths. This mismanagement leads to multiple issues, including potential use-after-free vu...
PoC for CVE-2026-16130
A vulnerability has been detected in the NearAI Ironclaw product, specifically in the validate_path function located in the path_utils.rs file within the write_file component. This issue enables link following, which could be exploited with local access to the system. An attacker needs to manipul...