Publicly Disclosed
PoC Exploits

🔴 Alway take caution when working with PoC Exploits 🔴

Discovered 6 hours ago

PoC for CVE-2024-32462

FlatpakFlatpak8.4HIGH
Flatpak Vulnerability Allows Sandbox Escape

The vulnerability CVE-2024-32462 in the Flatpak software system for Linux allows a malicious or compromised Flatpak app to execute arbitrary code outside its sandbox in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8. The vulnerability can be exploited by passing `bwrap` arguments to the `--co...

Discovered 8 hours ago

PoC for CVE-2025-5299

SourcecodesterClient Database Manage...6.9MEDIUM
Unrestricted File Upload Vulnerability in SourceCodester Client Dat...

The SourceCodester Client Database Management System 1.0 is susceptible to a vulnerability that allows attackers to upload files without any restrictions. This issue is due to improper handling of the 'uploaded_file_cancelled' argument in the '/user_order_customer_update.php' file. Malicious acto...

PoC for CVE-2025-5298

CampcodesOnline Hospital Manage...6.9MEDIUM
SQL Injection Vulnerability in Campcodes Online Hospital Management...

A significant SQL injection vulnerability exists in the Campcodes Online Hospital Management System version 1.0. This issue is triggered by improper handling of the 'fromdate' and 'todate' parameters in the admin interface located in the 'betweendates-detailsreports.php' file. An attacker can exp...

PoC for CVE-2025-5297

SourcecodesterComputer Store System4.8MEDIUM
Stack-based Buffer Overflow in SourceCodester Computer Store System

A stack-based buffer overflow vulnerability has been identified in the SourceCodester Computer Store System version 1.0, specifically within the Add function of the main.c file. This vulnerability occurs due to improper handling of user inputs for the laptopcompany, RAM, and Processor parameters....

Discovered 9 hours ago

PoC for CVE-2025-5295

FreefloatFtp Server6.9MEDIUM
Buffer Overflow Vulnerability in FreeFloat FTP Server by FreeFloat

A buffer overflow vulnerability exists in the PORT Command Handler of FreeFloat FTP Server 1.0.0, which can be exploited remotely. The flaw allows attackers to manipulate the server's handling of commands leading to potential unauthorized access or service disruptions. Given the public disclosure...

Discovered 10 hours ago

PoC for CVE-2025-24071

MicrosoftWindows 10 Version 1809🟣 EPSS 73%6.5MEDIUM
Spoofing Vulnerability in Microsoft Windows File Explorer

The vulnerability in Microsoft Windows File Explorer poses a security risk by allowing unauthorized access to sensitive information. In an environment where it is present, attackers can exploit this flaw to spoof identities over a network, potentially compromising data integrity and confidentiali...

Discovered 21 hours ago

PoC for CVE-2025-24071

MicrosoftWindows 10 Version 1809🟣 EPSS 73%6.5MEDIUM
Spoofing Vulnerability in Microsoft Windows File Explorer

The vulnerability in Microsoft Windows File Explorer poses a security risk by allowing unauthorized access to sensitive information. In an environment where it is present, attackers can exploit this flaw to spoof identities over a network, potentially compromising data integrity and confidentiali...

Discovered 1 day ago

PoC for CVE-2023-40130

GoogleAndroid7.8HIGH
Local Escalation of Privilege in Android Telecommunication Services...

A logic error in the CallRedirectionProcessor.java file within Google's Android Telecommunication Services allows a possible permission bypass. This vulnerability can facilitate local escalation of privilege, enabling unauthorized background activities without additional execution privileges. Not...

PoC for CVE-2025-5252

PHPgurukulNews Portal Project6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul News Portal Project 4.1

A SQL injection vulnerability exists in the PHPGurukul News Portal Project version 4.1, specifically in the /admin/edit-subadmin.php file. This flaw allows an attacker to manipulate the 'emailid' parameter, resulting in unauthorized database queries that could be executed remotely. Due to its pub...

PoC for CVE-2025-5251

PHPgurukulNews Portal Project6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul News Portal Project 4.1

A vulnerability has been identified in PHPGurukul News Portal Project 4.1, specifically related to the manipulation of the 'Category' argument in the /admin/edit-subcategory.php file. This weakness allows attackers to execute SQL injection attacks remotely, potentially compromising the security o...

PoC for CVE-2025-5250

PHPgurukulNews Portal Project6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul News Portal Project 4.1

A vulnerability exists in the PHPGurukul News Portal Project version 4.1, specifically in the file /admin/edit-category.php, where improper handling of the 'Category' argument can allow for SQL injection attacks. This flaw can be exploited remotely, leading to unauthorized access to sensitive dat...

PoC for CVE-2025-5249

PHPgurukulNews Portal Project6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul News Portal Project 4.1

A vulnerability exists in the PHPGurukul News Portal Project 4.1 that allows an attacker to manipulate the 'Category' argument in the /admin/add-category.php file, leading to SQL injection. This flaw can be exploited remotely, allowing unauthorized access to database information. Given that the e...

PoC for CVE-2025-5248

PHPgurukulCompany Visitor Manage...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Visitor Management System

A remote SQL injection vulnerability exists in the PHPGurukul Company Visitor Management System version 1.0, specifically within the '/bwdates-reports-details.php' file. This weakness allows an attacker to manipulate the 'fromdate' and 'todate' parameters, potentially leading to unauthorized acce...

PoC for CVE-2025-5247

GowabbyHfish6.9MEDIUM
Improper Authentication in Gowabby HFish by Gowabby

A vulnerability has been identified in Gowabby HFish version 0.1, specifically within the LoadUrl function located in the file view/url.go. This flaw arises from improper handling of the 'r' argument, enabling potential unauthorized access. The vulnerability can be exploited remotely, allowing at...

PoC for CVE-2025-5246

CampcodesOnline Hospital Manage...6.9MEDIUM
SQL Injection Vulnerability in Campcodes Online Hospital Management...

A vulnerability has been identified in Campcodes Online Hospital Management System version 1.0, specifically in the file /hms/admin/query-details.php. This type of vulnerability allows for SQL injection, stemming from improper validation of input parameters, particularly in the 'adminremark' argu...

PoC for CVE-2025-5245

GnuBinutils4.8MEDIUM
Memory Corruption in GNU Binutils Objdump Component

A vulnerability has been discovered in the GNU Binutils objdump component which allows for memory corruption in the debug_type_samep function. This issue affects versions of GNU Binutils up to 2.44 and requires local access for exploitation. The exploit has been made public, highlighting the nece...

PoC for CVE-2025-5244

GnuBinutils4.8MEDIUM
Memory Corruption Vulnerability in GNU Binutils by GNU

A serious vulnerability exists in the GNU Binutils up to version 2.44, specifically within the elf_gc_sweep function of the ld component in elflink.c. This flaw can lead to memory corruption, allowing an attacker to manipulate memory in a way that might compromise the system. The exploit requires...

PoC for CVE-2025-3248

Langflow-aiLangflow🟣 EPSS 93%9.8CRITICAL
Code Injection Vulnerability in Langflow by Langflow AI

Langflow versions earlier than 1.3.0 are vulnerable to a code injection flaw located in the /api/v1/validate/code endpoint. This issue can be exploited by remote attackers without authentication, allowing them to send specially crafted HTTP requests, which may lead to the execution of arbitrary c...

Discovered 2 days ago

PoC for CVE-2024-38014

MicrosoftWindows 10 Version 1809🟣 EPSS 11%7.8HIGH
Elevation of Privilege Vulnerability Affects Windows Installer

A vulnerability exists within the Windows Installer component that allows attackers to gain elevated privileges on affected systems. This weakness can be exploited to perform unauthorized actions on the system, compromising security and data integrity. Users are encouraged to review the associate...

PoC for CVE-2025-5232

PHPgurukulStudent Study Center M...5.1MEDIUM
SQL Injection Vulnerability in PHPGurukul Student Study Center Mana...

A SQL injection vulnerability has been discovered in the PHPGurukul Student Study Center Management System, specifically in the processing of the file /admin/report.php. This vulnerability arises due to improper handling of user-supplied parameters, namely 'fromdate' and 'todate', allowing an att...

PoC for CVE-2025-4389

WordPressCrawlomatic Multipage ...9.8CRITICAL
Arbitrary File Upload Vulnerability in Crawlomatic Multipage Scrape...

The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is susceptible to arbitrary file uploads due to insufficient file type validation within the crawlomatic_generate_featured_image() function. This vulnerability enables unauthenticated attackers to upload unauthorized files to t...

PoC for CVE-2025-5231

PHPgurukulCompany Visitor Manage...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Visitor Management System

A SQL injection vulnerability exists in the PHPGurukul Company Visitor Management System 1.0, specifically in the /forgot-password.php file. This vulnerability allows attackers to manipulate the 'email' parameter, enabling unauthorized access and potential data breaches. The manipulation can be e...

PoC for CVE-2025-5230

PHPgurukulOnline Nurse Hiring Sy...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Online Nurse Hiring Syste...

A SQL injection vulnerability has been identified in the PHPGurukul Online Nurse Hiring System version 1.0, specifically affecting the file /admin/bwdates-report-details.php. By manipulating the parameters 'fromdate' and 'todate', attackers can execute arbitrary SQL commands, potentially compromi...

PoC for CVE-2025-5229

CampcodesOnline Hospital Manage...6.9MEDIUM
SQL Injection Vulnerability in Campcodes Online Hospital Management...

A vulnerability exists in the Campcodes Online Hospital Management System, specifically within the /admin/view-patient.php file. An attacker can exploit this issue by manipulating the 'viewid' parameter, leading to SQL injection challenges. This may allow unauthorized access to the database, pote...

PoC for CVE-2025-5228

D-linkDi-81008.7HIGH
Buffer Overflow Vulnerability in D-Link DI-8100 Router

The D-Link DI-8100 router, up to version 20250523, contains a stack-based buffer overflow vulnerability in its jhttpd component. The issue arises when the 'notify' argument in the /login.cgi function is manipulated, potentially allowing unauthorized access to the device. While the exploit must or...

PoC for CVE-2025-5227

PHPgurukulSmall Crm6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Small CRM 3.0

A vulnerability has been identified in PHPGurukul Small CRM version 3.0, where improper processing in the /admin/manage-tickets.php file leads to SQL injection. Attackers could manipulate the 'aremark' argument, potentially allowing for unauthorized database access and manipulation. The vulnerabi...

PoC for CVE-2025-5226

PHPgurukulSmall Crm6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Small CRM 3.0

A security vulnerability in PHPGurukul Small CRM version 3.0 allows attackers to execute SQL injection through the manipulation of the 'oldpass' argument in the /admin/change-password.php file. This flaw potentially enables unauthorized access to sensitive data, due to improper validation of user...

PoC for CVE-2025-5225

CampcodesAdvanced Online Voting...6.9MEDIUM
SQL Injection Vulnerability in Campcodes Advanced Online Voting System

A SQL injection vulnerability exists in the Campcodes Advanced Online Voting System v1.0, specifically affecting the /index.php file. This vulnerability allows remote attackers to manipulate the 'voter' argument, potentially leading to unauthorized data access or compromise of the system. The exp...

PoC for CVE-2025-5224

CampcodesOnline Hospital Manage...6.9MEDIUM
SQL Injection Risk in Campcodes Online Hospital Management System b...

A significant security vulnerability has been identified in the Campcodes Online Hospital Management System version 1.0, specifically in the /admin/add-doctor.php file. This flaw arises from improper validation of the 'Doctorspecialization' argument, which makes it susceptible to SQL injection at...

PoC for CVE-2025-5221

FreefloatFtp Server6.9MEDIUM
Buffer Overflow Vulnerability in FreeFloat FTP Server

A buffer overflow vulnerability exists in FreeFloat FTP Server 1.0.0, specifically within the QUOTE Command Handler component. This flaw allows an attacker to manipulate the buffer, potentially leading to remote code execution. The issue has been publicly disclosed, raising concerns about the sec...

PoC for CVE-2025-5220

FreefloatFtp Server6.9MEDIUM
Buffer Overflow Vulnerability in FreeFloat FTP Server Product

A vulnerability exists in FreeFloat FTP Server version 1.0.0 related to the GET Command Handler. This issue stems from improper handling of input that may lead to a buffer overflow, allowing remote attackers to execute arbitrary code. The exploit has been publicly disclosed, increasing the urgenc...

PoC for CVE-2025-5219

FreefloatFtp Server6.9MEDIUM
Buffer Overflow Vulnerability in FreeFloat FTP Server

A buffer overflow vulnerability exists in the ASCII Command Handler of FreeFloat FTP Server 1.0.0, potentially allowing remote attackers to exploit this flaw. The vulnerability arises from improper handling of input, which can lead to unauthorized access or execution of arbitrary code. Publicly d...

PoC for CVE-2025-5218

FreefloatFtp Server6.9MEDIUM
Buffer Overflow Vulnerability in FreeFloat FTP Server by FreeFloat

A critical vulnerability has been discovered in the FreeFloat FTP Server 1.0.0, specifically in the LITERAL Command Handler component. This flaw allows for a buffer overflow, which can be exploited remotely, potentially enabling an attacker to execute arbitrary code. The exploit has been made pub...

PoC for CVE-2025-5217

FreefloatFtp Server6.9MEDIUM
Buffer Overflow Vulnerability in FreeFloat FTP Server

A significant buffer overflow vulnerability has been identified within the RMDIR Command Handler of FreeFloat FTP Server 1.0.0. This flaw allows remote attackers to manipulate the processing of commands, potentially leading to unauthorized access or system crashes. As this exploit has been public...

PoC for CVE-2025-5216

PHPgurukulStudent Record System6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Student Record System by ...

A SQL injection vulnerability exists in the PHPGurukul Student Record System 3.20, affecting the /login.php file. This flaw allows an attacker to manipulate the ID parameter, potentially executing arbitrary SQL queries against the database. The vulnerability can be exploited remotely, posing sign...

PoC for CVE-2025-5213

ProjectworldsResponsive E-learning ...6.9MEDIUM
SQL Injection Vulnerability in Projectworlds Responsive E-Learning ...

A SQL injection vulnerability exists in the Projectworlds Responsive E-Learning System, specifically targeting the /admin/delete_file.php script. By manipulating the ID parameter, an attacker can execute malicious SQL queries, potentially compromising the database. This vulnerability can be explo...

PoC for CVE-2025-5214

KashiparaResponsive Online Lear...6.9MEDIUM
SQL Injection Vulnerability in Kashipara Responsive Online Learning...

A security flaw has been identified in the Kashipara Responsive Online Learning Platform version 1.0, specifically in the handling of the argument ID within the file /courses/course_detail_user_new.php. This vulnerability allows for SQL injection attacks, which can be exploited remotely by attack...

PoC for CVE-2025-5212

PHPgurukulEmployee Record Manage...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Employee Record Managemen...

A vulnerability exists in the PHPGurukul Employee Record Management System 1.3 that allows malicious users to exploit an unvalidated input in the /admin/editempexp.php file. By manipulating the 'emp1name' parameter, attackers can execute SQL injection attacks, leading to unauthorized data access ...

PoC for CVE-2025-5211

PHPgurukulEmployee Record Manage...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Employee Record Managemen...

A SQL injection vulnerability exists in the PHPGurukul Employee Record Management System version 1.3, specifically affecting the processing of the file myprofile.php. The issue arises when the EmpCode argument is manipulated, allowing remote attackers to execute arbitrary SQL commands. This vulne...

PoC for CVE-2025-5210

PHPgurukulEmployee Record Manage...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Employee Record Managemen...

A significant SQL injection vulnerability exists within the PHPGurukul Employee Record Management System version 1.3. This flaw resides in the '/loginerms.php' file, where improper handling of the Email argument allows attackers to execute arbitrary SQL queries against the database. The vulnerabi...

PoC for CVE-2025-5208

SourcecodesterOnline Hospital Manage...6.9MEDIUM
SQL Injection Vulnerability in SourceCodester Online Hospital Manag...

A vulnerability in the SourceCodester Online Hospital Management System version 1.0 exists in the /admin/check_availability.php file. This issue is triggered by improper handling of the 'emailid' argument, allowing an attacker to execute SQL injection attacks. Such exploitation can be carried out...

PoC for CVE-2025-5207

SourcecodesterClient Database Manage...5.1MEDIUM
SQL Injection Vulnerability in SourceCodester Client Database Manag...

A SQL injection vulnerability has been identified in the SourceCodester Client Database Management System 1.0, specifically in the /superadmin_update_profile.php file. This security flaw allows attackers to manipulate the 'nickname' or 'email' arguments leading to unauthorized access and potentia...

PoC for CVE-2025-5206

PixelimityPixelimity5.1MEDIUM
SQL Injection Vulnerability in Pixelimity Installation Component

A vulnerability in the Installation component of Pixelimity allows for SQL injection via the site_description argument of the /install/index.php file. This flaw can be exploited remotely, potentially leading to unauthorized access to the database. The exploit has been made public, increasing the ...

PoC for CVE-2025-5205

1000 ProjectsDaily College Class Wo...6.9MEDIUM
SQL Injection Vulnerability in 1000 Projects Daily College Class Wo...

A SQL injection vulnerability has been identified in the 1000 Projects Daily College Class Work Report Book 1.0, specifically in the /dcwr_entry.php file. This flaw arises from improper handling of input data related to the 'Date' argument, allowing attackers to manipulate SQL queries. Remote exp...

PoC for CVE-2025-5204

Open Asset Import...Assimp4.8MEDIUM
Out-of-Bounds Read in Open Asset Import Library Assimp Affects Vers...

A vulnerability has been identified in version 5.4.3 of the Open Asset Import Library, specifically within the MDLImporter::ParseSkinLump_3DGS_MDL7 function located in MDLMaterialLoader.cpp. This flaw allows for an out-of-bounds read, which can be exploited locally. The issue has been disclosed p...

PoC for CVE-2025-5203

Open Asset Import...Assimp4.8MEDIUM
Out-of-Bounds Read in Open Asset Import Library by Assimp

A vulnerability has been identified in Open Asset Import Library Assimp version 5.4.3, specifically within the SkipSpaces function located in the ParsingUtils.h file. This flaw allows for an out-of-bounds read condition when certain input scenarios are exploited. Local access is necessary to expl...

PoC for CVE-2025-5202

Open Asset Import...Assimp4.8MEDIUM
Out-of-Bounds Read Vulnerability in Open Asset Import Library Assim...

A vulnerability exists within the Open Asset Import Library (Assimp) version 5.4.3, specifically in the HL1MDLLoader::validate_header function located in the assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp file. This vulnerability allows for an out-of-bounds read, posing potential risks when m...

PoC for CVE-2025-5201

Open Asset Import...Assimp4.8MEDIUM
Out-of-bounds Read in Open Asset Import Library Assimp Affects Loca...

A local vulnerability has been identified in the Open Asset Import Library Assimp version 5.4.3, specifically in the LWOImporter::CountVertsAndFacesLWO2 function found in the LWOLoader.cpp file. This issue allows for potential out-of-bounds reads, which may expose sensitive information during pro...

PoC for CVE-2025-5200

Open Asset Import...Assimp4.8MEDIUM
Out-of-Bounds Read Vulnerability in Open Asset Import Library Assimp

A flaw exists in the Open Asset Import Library (Assimp) version 5.4.3 affecting the MDLImporter::InternReadFile_Quake1 function located in the MDLLoader.cpp file. This vulnerability allows an attacker to perform out-of-bounds reads, potentially leading to information disclosure or other unforesee...

PoC for CVE-2025-46173

code-projectsOnline Exam Mastering ...6.1MEDIUM
Cross Site Scripting Vulnerability in Online Exam Mastering System ...

The Online Exam Mastering System version 1.0 faces a Cross Site Scripting (XSS) vulnerability. This flaw allows attackers to inject malicious scripts through the name field in the feedback form, potentially compromising user data and session information. Proper input validation and sanitization m...