Publicly Disclosed
PoC Exploits
🔴 Alway take caution when working with PoC Exploits 🔴
Discovered 5 hours ago
PoC for CVE-2026-4580
A security vulnerability has been found in version 1.0 of the Code-Projects Simple Laundry System, specifically within the checkupdatestatus.php file related to the Parameters Handler component. An attacker can exploit this vulnerability by manipulating the serviceId argument, enabling a remote S...
Discovered 6 hours ago
PoC for CVE-2025-21756
A vulnerability in the Linux kernel allows for improper socket binding, leading to potential use-after-free scenarios. Specifically, the issue arises in the vsock module where socket bindings may not be preserved correctly during transport reassignment. This flaw can cause unintended memory acces...
PoC for CVE-2026-4579
A security flaw has been discovered in Simple Laundry System version 1.0, specifically within the Parameters Handler component. This vulnerability occurs in the /viewdetail.php file, where improper handling of the input parameter 'serviceId' can result in SQL injection. Attackers can exploit this...
PoC for CVE-2026-4578
A cross-site scripting vulnerability exists in the Exam Form Submission product developed by code-projects. This issue arises from improper validation of the 'sname' argument in the /admin/update_s3.php file. An attacker can exploit this vulnerability remotely by inputting malicious scripts, pote...
Discovered 7 hours ago
PoC for CVE-2026-23744
MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...
PoC for CVE-2026-4577
A cross-site scripting vulnerability exists in the Code-Projects Exam Form Submission version 1.0, specifically in the '/admin/update_s4.php' file. Insufficient input validation allows an attacker to manipulate the 'sname' argument, leading to the execution of arbitrary scripts in the context of ...
Discovered 8 hours ago
PoC for CVE-2026-1969
The trx_addons WordPress plugin prior to version 2.38.5 contains a flaw in its AJAX action that improperly validates file types. This weakness enables unauthenticated users to upload malicious files, posing a significant threat to website security. The vulnerability stems from an unsuccessful fix...
PoC for CVE-2026-4576
A vulnerability in the code-projects Exam Form Submission software has been identified, specifically within the file /admin/update_s5.php. The flaw allows remote attackers to manipulate the 'sname' parameter, leading to Cross Site Scripting (XSS) attacks. This exploitation can potentially comprom...
PoC for CVE-2026-4575
A cross site scripting vulnerability exists in the Exam Form Submission 1.0 application, specifically in the handling of input within the /admin/update_s2.php file. The flaw allows an attacker to manipulate the 'sname' parameter, enabling remote code execution through malicious scripts. This coul...
Discovered 9 hours ago
PoC for CVE-2026-4574
A vulnerability has been identified in the SourceCodester Simple E-learning System 1.0, specifically within the User Profile Update Handler. This flaw allows an attacker to manipulate the 'firstName' argument, facilitating SQL injection attacks. Such an attack can be executed remotely, compromisi...
PoC for CVE-2026-4573
A security vulnerability has been discovered in the SourceCodester Simple E-learning System that allows an attacker to manipulate the HTTP GET parameter 'post_id' within the delete_post.php file. This flaw can lead to SQL injection, enabling remote attackers to execute unauthorized SQL commands a...
PoC for CVE-2026-4572
A vulnerability exists in the SourceCodester Sales and Inventory System version 1.0 that allows an attacker to exploit the HTTP POST request handler in the /view_product.php file. By manipulating the searchtxt parameter, an SQL injection attack can be executed remotely, leading to unauthorized ac...
Discovered 10 hours ago
PoC for CVE-2026-4571
A security flaw has been identified in the SourceCodester Sales and Inventory System 1.0, specifically within the '/view_payments.php' file associated with the HTTP POST Request Handler component. By manipulating the 'searchtxt' argument, an attacker can exploit this vulnerability to execute SQL ...
PoC for CVE-2026-4570
A vulnerability exists in the SourceCodester Sales and Inventory System 1.0, specifically within the /view_customers.php file. The HTTP POST Request Handler is susceptible to SQL injection due to improper validation of the 'searchtxt' parameter. An attacker can exploit this loophole remotely, all...
Discovered 11 hours ago
PoC for CVE-2026-4569
A SQL injection vulnerability exists in the SourceCodester Sales and Inventory System version 1.0, specifically within the /view_category.php file. The issue arises due to improper handling of the 'searchtxt' parameter in HTTP POST requests. This flaw allows attackers to manipulate the input to e...
Discovered 12 hours ago
PoC for CVE-2026-4568
A vulnerability in the SourceCodester Sales and Inventory System version 1.0 allows for SQL injection through improper handling of the 'sid' argument in the /update_supplier.php file. This weakness can be exploited remotely, potentially allowing attackers to execute arbitrary SQL commands and com...
PoC for CVE-2026-4567
A vulnerability has been identified in the Tenda A15 router, specifically in the function UploadCfg located at /cgi-bin/UploadCfg. The flaw arises from improper handling of the File argument, which can lead to a stack-based buffer overflow. This vulnerability allows for remote exploitation, posin...
PoC for CVE-2026-4566
A vulnerability has been identified in the Belkin F9K1122 router version 1.00.33, specifically within the function formWISP5G located in the /goform/formWISP5G file. This flaw allows an attacker to manipulate the 'webpage' argument, potentially leading to a stack-based buffer overflow. The exploi...
Discovered 14 hours ago
PoC for CVE-2026-4564
A security flaw has been identified in the RuoYi Management System by yangzongzhuan, affecting versions up to 4.8.2. The vulnerability resides in the Quartz Job Handler, specifically in the handling of arguments for the /monitor/job/ file. This issue allows unauthorized code execution via injecte...
PoC for CVE-2026-4563
A vulnerability has been discovered in MacCMS versions prior to 2025.1000.4052, specifically within the order_info function located in the User.php file of the Member Order Detail Interface. This security flaw allows an attacker to manipulate the order_id argument, potentially leading to unauthor...
Discovered 15 hours ago
PoC for CVE-2026-4562
A security flaw has been identified in MacCMS 2025.1000.4052, specifically within the file application/api/controller/Timming.php of the Timming API Endpoint. This vulnerability leads to missing authentication, allowing attackers to execute unauthorized actions remotely. The exploit has been publ...
Discovered 16 hours ago
PoC for CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default config...
Discovered 20 hours ago
PoC for CVE-2025-64446
A relative path traversal vulnerability exists in Fortinet FortiWeb products versions 8.0.0 to 8.0.1, 7.6.0 to 7.6.4, 7.4.0 to 7.4.9, 7.2.0 to 7.2.11, and 7.0.0 to 7.0.11. This vulnerability allows an attacker to potentially execute unauthorized administrative commands on the system by sending sp...
PoC for CVE-2026-4558
A significant vulnerability has been identified in the Linksys MR9600 firmware version 2.0.6.206937. A flaw in the 'smartConnectConfigure' function located in the SmartConnect.lua file allows for OS command injection through manipulation of specific arguments such as configApSsid, configApPassphr...
PoC for CVE-2026-4557
A cross site scripting vulnerability has been identified in the Exam Form Submission product by Code-Projects, specifically within the updating function located in /admin/update_s1.php. By manipulating the 'sname' argument, an attacker can inject malicious scripts into web pages viewed by other u...
Discovered 21 hours ago
PoC for CVE-2026-4555
A vulnerability has been identified in the D-Link DIR-513 router, specifically within the formEasySetTimezone function in the boa component. This issue can lead to a stack-based buffer overflow when the curTime argument is manipulated. Attackers can exploit this vulnerability remotely, potentiall...
PoC for CVE-2026-4554
A security flaw has been identified in the Tenda F453 router, specifically in the FormWriteFacMac function located within the /goform/WriteFacMac file. This vulnerability allows for command injection through manipulation of the mac argument, enabling an attacker to execute unauthorized commands r...
Discovered 22 hours ago
PoC for CVE-2014-0160
The vulnerability in the TLS and DTLS implementations of OpenSSL versions prior to 1.0.1g allows remote attackers to exploit crafted Heartbeat Extension packets. This exploitation results in a buffer over-read, potentially revealing sensitive information from the memory of the affected process. A...
PoC for CVE-2026-4553
A stack-based buffer overflow vulnerability has been identified in the Tenda F453 device, specifically in the Parameters Handler within the function fromNatlimit. The vulnerability arises due to improper handling of argument manipulation for the 'page' parameter in the /goform/Natlimit file. An a...
Discovered 23 hours ago
PoC for CVE-2026-4552
A stack-based buffer overflow vulnerability exists in the Tenda F453 router version 1.0.0.3, specifically within the fromVirtualSer function in the Parameters Handler. By manipulating the 'page' argument of the /goform/VirtualSer file, an attacker can exploit this vulnerability remotely, potentia...
PoC for CVE-2026-4551
A vulnerability in the Tenda F453 device allows for a stack-based buffer overflow due to improper handling of user-supplied input in the fromSafeClientFilter function of the Parameters Handler component. This issue can be exploited remotely, potentially allowing attackers to manipulate the menufa...
Discovered 1 day ago
PoC for CVE-2026-4550
An SQL injection vulnerability exists in the Simple Gym Management System's func.php file, specifically through unsanitized data passed via the Trainer_id or fname parameters. This flaw allows attackers to execute arbitrary SQL queries, potentially leading to unauthorized data access or modificat...
PoC for CVE-2019-25619
FTP Shell Server version 6.83 is vulnerable to a buffer overflow attack in the 'Account name to ban' field. This flaw enables local attackers to execute arbitrary code on the system by supplying a crafted string within the Manage FTP Accounts dialog. By manipulating the account name parameter, at...
PoC for CVE-2019-25617
The Ease Audio Converter version 5.30 is vulnerable to a denial of service attack through its Audio Cutter function. This vulnerability allows local attackers to exploit the application by processing specially crafted MP4 files that contain oversized buffers. When these malformed files are loaded...
PoC for CVE-2019-25618
AdminExpress 1.2.5 is susceptible to a denial of service vulnerability that enables local attackers to crash the application. By submitting oversized input in the Folder Path field within the System Compare feature, attackers can trigger unresponsiveness or a full crash of the application, render...
PoC for CVE-2019-25616
AnMing MP3 CD Burner version 2.0 is susceptible to a buffer overflow vulnerability that can be exploited by local attackers. By inputting a specially crafted oversized string (up to 6000 bytes) into the registration name field, an attacker can trigger a denial of service condition, effectively cr...
PoC for CVE-2019-25615
Lavavo CD Ripper 4.20 has a structured exception handling (SEH) buffer overflow vulnerability that can be exploited by local attackers to execute arbitrary code. By providing a specially crafted string in the License Activation Name field, an attacker can manipulate the application's memory and c...
PoC for CVE-2019-25614
Free Float FTP 1.0 has a critical buffer overflow vulnerability in its STOR command handler. This flaw allows an unauthenticated attacker to execute arbitrary code on the FTP server. By sending a specially crafted STOR request with an oversized payload, attackers can manipulate the server into ex...
PoC for CVE-2019-25613
The Easy Chat Server version 3.1 is susceptible to a denial of service attack, which allows remote attackers to crash the server. By sending an excessively large message through the message parameter in a POST request to the chat.ghp endpoint, attackers can disrupt the normal functioning of the a...
PoC for CVE-2019-25612
The version 1.2.5.485 of Admin Express, developed by Softonic, is susceptible to a local structured exception handling buffer overflow vulnerability. This flaw allows an attacker with local access to craft a payload that, when injected into the Folder Path field through the System Compare feature...
PoC for CVE-2019-25611
MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function, which allows local attackers to execute arbitrary code. This occurs when oversized configuration values are provided, specifically exceeding 128 bytes. Attackers can craft a malicious miniftpd.conf file to ov...
PoC for CVE-2019-25609
The JetAudio JetCast Server 2.0 contains a vulnerability in the Log Directory configuration field that leads to a stack-based buffer overflow. Local attackers can exploit this weakness by injecting specially crafted alphanumeric encoded shellcode into the Log Directory field. This manipulation al...
PoC for CVE-2019-25610
The NetNumber Titan Master 7.9.1 is vulnerable to a path traversal issue in the drp endpoint. This flaw permits authenticated users to exploit directory traversal sequences, enabling them to download arbitrary files from the server. By manipulating the path parameter using base64-encoded payloads...
PoC for CVE-2019-25608
Iperius Backup 6.1.0 is susceptible to a vulnerability that permits low-privilege users to execute arbitrary applications with elevated permissions. This is achieved by crafting backup jobs that can trigger the execution of malicious scripts or programs, either before or after backup processes. T...
PoC for CVE-2019-25606
Fast AVI MPEG Joiner version 1.2.0812 is susceptible to a buffer overflow vulnerability that permits local attackers to crash the application. By injecting an oversized payload, specifically a text file with 6000 bytes of data into the License Name field, an attacker can trigger a denial of servi...
PoC for CVE-2019-25607
Axessh version 4.2 suffers from a stack-based buffer overflow vulnerability in the log file name field. Local attackers can exploit this vulnerability by providing an excessively long filename, which leads to buffer overflow at an offset of 214 bytes. This allows them to overwrite the instruction...
PoC for CVE-2019-25607
Axessh version 4.2 suffers from a stack-based buffer overflow vulnerability in the log file name field. Local attackers can exploit this vulnerability by providing an excessively long filename, which leads to buffer overflow at an offset of 214 bytes. This allows them to overwrite the instruction...
PoC for CVE-2019-25607
Axessh version 4.2 suffers from a stack-based buffer overflow vulnerability in the log file name field. Local attackers can exploit this vulnerability by providing an excessively long filename, which leads to buffer overflow at an offset of 214 bytes. This allows them to overwrite the instruction...
PoC for CVE-2019-25605
EquityPandit version 1.0 is susceptible to an insecure logging vulnerability that permits malicious actors to retrieve sensitive user credentials. By exploiting the Android Debug Bridge (ADB), attackers can gain access to developer console logs where plaintext passwords are recorded during the pa...
PoC for CVE-2019-25603
TuneClone 2.20 is susceptible to a structured exception handler (SEH) buffer overflow vulnerability. Local attackers can exploit this weakness by providing a specially crafted license code string, which allows for arbitrary code execution. By manipulating the buffer and redirecting execution flow...