Publicly Disclosed
PoC Exploits

🔴 Alway take caution when working with PoC Exploits 🔴

Discovered just now...

PoC for CVE-2026-23744

McpjamInspector🟣 EPSS 29%9.8CRITICAL
Remote Code Execution Vulnerability in MCPJam Inspector by MCP

MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...

Discovered 2 hours ago

PoC for CVE-2026-32852

MailenableMailenable5.1MEDIUM
Reflected Cross-Site Scripting Vulnerability in MailEnable Webmail ...

A reflected cross-site scripting vulnerability exists in MailEnable versions prior to 10.55, affecting its webmail interface. This security flaw allows remote attackers to execute arbitrary JavaScript in a victim's browser. By crafting a malicious URL with an exploited StartDate parameter in the ...

PoC for CVE-2026-4595

Code-projectsExam Form Submission4.8MEDIUM
Cross-Site Scripting Vulnerability in Code-Projects Exam Form Submi...

A cross-site scripting (XSS) vulnerability has been identified within the Exam Form Submission 1.0 product from Code-Projects. This vulnerability is related to improper handling of the 'sname' argument within the /admin/update_s6.php file, potentially allowing remote attackers to inject malicious...

PoC for CVE-2026-25075

StrongswanStrongswan8.7HIGH
Integer Underflow Vulnerability in strongSwan's EAP-TTLS AVP Parser

strongSwan versions ranging from 4.5.0 up to 6.0.4 are impacted by an integer underflow vulnerability in the EAP-TTLS AVP parser. This flaw enables unauthenticated remote attackers to disrupt service by submitting specially crafted AVP data with erroneous length fields during IKEv2 authentication...

Discovered 3 hours ago

PoC for CVE-2026-4594

EruptsErupt6.9MEDIUM
SQL Injection Vulnerability in Erupt Framework by Erupt

A vulnerability has been identified in the Erupt Framework's EruptJpaUtils.java file, specifically within the geneEruptHqlOrderBy function. This flaw allows attackers to manipulate the sort.field argument, potentially leading to SQL injection attacks through an improperly validated input. The vul...

Discovered 4 hours ago

PoC for CVE-2026-4593

EruptsErupt5.3MEDIUM
SQL Injection Vulnerability in Erupt MCP Tool Interface by Erupt

A significant vulnerability has been identified in the Erupt MCP Tool Interface, specifically within the EruptDataQuery function located in EruptDataQuery.java. This flaw allows for SQL injection via improper input validation, enabling remote attackers to manipulate database queries. The exploit ...

Discovered 7 hours ago

PoC for CVE-2019-25625

PixarraBlob Studio6.9MEDIUM
Denial of Service Vulnerability in Blob Studio 2.17 by Pixarra

Blob Studio version 2.17 is susceptible to a denial of service vulnerability, which can be exploited by local attackers. By supplying malformed input through the key entry mechanism, an attacker can create a text file filled with excessively repeated characters. When this file is accessed by the ...

PoC for CVE-2019-25624

PixarraLiquid Studio6.9MEDIUM
Denial of Service Vulnerability in Liquid Studio by Pixarra

Liquid Studio 2.17 is affected by a denial of service vulnerability that enables local attackers to crash the application through malformed input via the keyboard interface. When arbitrary characters are entered during the application's runtime, it can lead to the application becoming unresponsiv...

PoC for CVE-2019-25622

PixarraPaint Studio6.9MEDIUM
Denial of Service Vulnerability in Paint Studio by Pixarra

Paint Studio version 2.17 is susceptible to a denial of service vulnerability that allows local attackers to crash the application. By providing malformed input through the key entry mechanism, attackers can create a specially crafted text file that causes the application to consume excessive res...

PoC for CVE-2019-25623

PixarraLuminance Studio6.9MEDIUM
Denial of Service Vulnerability in Luminance Studio by Pixarra

Luminance Studio 2.17 is susceptible to a denial of service issue that arises when local attackers input malformed characters via the keyboard interface. By generating specially crafted text files with arbitrary character sequences, these attackers can cause the application to either freeze or te...

PoC for CVE-2019-25621

PixarraPixel Studio6.9MEDIUM
Denial of Service Vulnerability in Pixel Studio by Pixarra

Pixel Studio 2.17 contains a vulnerability that allows local attackers to disrupt the application’s functionality through malformed input via the keyboard interface. By entering arbitrary characters, an attacker can cause the application to become unresponsive or to terminate unexpectedly, leadin...

PoC for CVE-2019-25620

PixarraTree Studio6.9MEDIUM
Denial of Service Vulnerability in Tree Studio by Pixarra

Tree Studio version 2.17 is vulnerable to a denial of service attack that can be exploited by local attackers. By providing malformed input via the keyboard interface, an attacker can cause the application to crash or become unresponsive. This vulnerability allows for the execution of arbitrary c...

Discovered 9 hours ago

PoC for CVE-2026-4586

CodephiliaxChat2db5.3MEDIUM
Unrestricted Upload Vulnerability in CodePhiliaX Chat2DB by CodePhi...

A vulnerability has been identified in CodePhiliaX's Chat2DB, affecting versions up to 0.3.7. The issue resides in the JDBC Driver Upload functionality, specifically within the Upload method of the JdbcDriverController.java file. This flaw enables attackers to perform unauthorized file uploads, a...

Discovered 10 hours ago

PoC for CVE-2026-4585

TiandyEasy7 Integrated Manag...9.3CRITICAL
OS Command Injection Vulnerability in Tiandy Easy7 Integrated Manag...

An OS command injection vulnerability has been identified in the Tiandy Easy7 Integrated Management Platform, specifically affecting versions up to 7.17.0. This flaw resides in the Configuration Handler component, particularly within the ImportSystemConfiguration.jsp file. By manipulating the arg...

PoC for CVE-2026-4584

Shenzhen Hcc Tech...Mpos M6 Plus2.3LOW
Cleartext Transmission Vulnerability in Shenzhen HCC Technology MPO...

A flaw in the Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N poses a significant risk due to inappropriate handling of cardholder data. This vulnerability allows for the potential cleartext transmission of sensitive information over the local network, exposing it to unauthorized access. Exploiting ...

PoC for CVE-2026-4583

Shenzhen Hcc Tech...Mpos M6 Plus2.3LOW
Bluetooth Handler Vulnerability in Shenzhen HCC Technology MPOS M6 ...

A vulnerability exists within the Bluetooth Handler of the Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This flaw enables an attacker to bypass authentication through capture-replay techniques. Exploitation requires the attacker to be on the same local network, complicating the attack process. D...

Discovered 11 hours ago

PoC for CVE-2026-4582

Shenzhen Hcc Tech...Mpos M6 Plus2.3LOW
Bluetooth Authentication Issue in Shenzhen HCC Technology MPOS M6 PLUS

A security vulnerability has been identified in the Shenzhen HCC Technology MPOS M6 PLUS, specifically related to the Bluetooth component where authentication is absent. This vulnerability allows potential local network exploitation, although such attacks are complex and challenging to execute. D...

PoC for CVE-2026-4581

Code-projectsSimple Laundry System6.9MEDIUM
SQL Injection Vulnerability in Simple Laundry System by Code-Projects

A significant SQL injection vulnerability has been discovered in the Simple Laundry System version 1.0, specifically affecting the /checklogin.php file within the Parameters Handler component. The flaw allows unauthorized manipulation of the Username argument, enabling remote attackers to execute...

Discovered 12 hours ago

PoC for CVE-2026-4580

Code-projectsSimple Laundry System6.9MEDIUM
SQL Injection Vulnerability in Code-Projects Simple Laundry System

A security vulnerability has been found in version 1.0 of the Code-Projects Simple Laundry System, specifically within the checkupdatestatus.php file related to the Parameters Handler component. An attacker can exploit this vulnerability by manipulating the serviceId argument, enabling a remote S...

Discovered 13 hours ago

PoC for CVE-2025-21756

LinuxLinux7.8HIGH
Socket Binding Vulnerability in Linux Kernel

A vulnerability in the Linux kernel allows for improper socket binding, leading to potential use-after-free scenarios. Specifically, the issue arises in the vsock module where socket bindings may not be preserved correctly during transport reassignment. This flaw can cause unintended memory acces...

PoC for CVE-2026-4579

Code-projectsSimple Laundry System6.9MEDIUM
SQL Injection Vulnerability in Simple Laundry System by Code-Projects

A security flaw has been discovered in Simple Laundry System version 1.0, specifically within the Parameters Handler component. This vulnerability occurs in the /viewdetail.php file, where improper handling of the input parameter 'serviceId' can result in SQL injection. Attackers can exploit this...

PoC for CVE-2026-4578

Code-projectsExam Form Submission4.8MEDIUM
Cross-Site Scripting Vulnerability in Exam Form Submission by code-...

A cross-site scripting vulnerability exists in the Exam Form Submission product developed by code-projects. This issue arises from improper validation of the 'sname' argument in the /admin/update_s3.php file. An attacker can exploit this vulnerability remotely by inputting malicious scripts, pote...

Discovered 14 hours ago

PoC for CVE-2026-23744

McpjamInspector🟣 EPSS 29%9.8CRITICAL
Remote Code Execution Vulnerability in MCPJam Inspector by MCP

MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...

PoC for CVE-2026-4577

Code-projectsExam Form Submission4.8MEDIUM
Cross-Site Scripting Vulnerability in Code-Projects Exam Form Submi...

A cross-site scripting vulnerability exists in the Code-Projects Exam Form Submission version 1.0, specifically in the '/admin/update_s4.php' file. Insufficient input validation allows an attacker to manipulate the 'sname' argument, leading to the execution of arbitrary scripts in the context of ...

Discovered 15 hours ago

PoC for CVE-2026-1969

WordPressTrx Addons5.3MEDIUM
File Upload Vulnerability in trx_addons Plugin by WordPress

The trx_addons WordPress plugin prior to version 2.38.5 contains a flaw in its AJAX action that improperly validates file types. This weakness enables unauthenticated users to upload malicious files, posing a significant threat to website security. The vulnerability stems from an unsuccessful fix...

PoC for CVE-2026-4576

Code-projectsExam Form Submission4.8MEDIUM
Cross Site Scripting Vulnerability in Code-Projects Exam Form Submi...

A vulnerability in the code-projects Exam Form Submission software has been identified, specifically within the file /admin/update_s5.php. The flaw allows remote attackers to manipulate the 'sname' parameter, leading to Cross Site Scripting (XSS) attacks. This exploitation can potentially comprom...

PoC for CVE-2026-4575

Code-projectsExam Form Submission4.8MEDIUM
Cross Site Scripting Vulnerability in Exam Form Submission by Code-...

A cross site scripting vulnerability exists in the Exam Form Submission 1.0 application, specifically in the handling of input within the /admin/update_s2.php file. The flaw allows an attacker to manipulate the 'sname' parameter, enabling remote code execution through malicious scripts. This coul...

Discovered 16 hours ago

PoC for CVE-2026-4574

SourcecodesterSimple E-learning System5.3MEDIUM
SQL Injection Vulnerability in SourceCodester Simple E-learning Sys...

A vulnerability has been identified in the SourceCodester Simple E-learning System 1.0, specifically within the User Profile Update Handler. This flaw allows an attacker to manipulate the 'firstName' argument, facilitating SQL injection attacks. Such an attack can be executed remotely, compromisi...

PoC for CVE-2026-4573

SourcecodesterSimple E-learning System5.3MEDIUM
SQL Injection in SourceCodester Simple E-learning System by SourceC...

A security vulnerability has been discovered in the SourceCodester Simple E-learning System that allows an attacker to manipulate the HTTP GET parameter 'post_id' within the delete_post.php file. This flaw can lead to SQL injection, enabling remote attackers to execute unauthorized SQL commands a...

Discovered 17 hours ago

PoC for CVE-2026-4572

SourcecodesterSales And Inventory Sy...5.3MEDIUM
SQL Injection Vulnerability in SourceCodester Sales and Inventory S...

A vulnerability exists in the SourceCodester Sales and Inventory System version 1.0 that allows an attacker to exploit the HTTP POST request handler in the /view_product.php file. By manipulating the searchtxt parameter, an SQL injection attack can be executed remotely, leading to unauthorized ac...

PoC for CVE-2026-4571

SourcecodesterSales And Inventory Sy...5.3MEDIUM
SQL Injection Vulnerability in SourceCodester Sales and Inventory S...

A security flaw has been identified in the SourceCodester Sales and Inventory System 1.0, specifically within the '/view_payments.php' file associated with the HTTP POST Request Handler component. By manipulating the 'searchtxt' argument, an attacker can exploit this vulnerability to execute SQL ...

PoC for CVE-2026-4570

SourcecodesterSales And Inventory Sy...5.3MEDIUM
SQL Injection Vulnerability in SourceCodester Sales and Inventory S...

A vulnerability exists in the SourceCodester Sales and Inventory System 1.0, specifically within the /view_customers.php file. The HTTP POST Request Handler is susceptible to SQL injection due to improper validation of the 'searchtxt' parameter. An attacker can exploit this loophole remotely, all...

Discovered 18 hours ago

PoC for CVE-2026-4569

SourcecodesterSales And Inventory Sy...5.3MEDIUM
SQL Injection Vulnerability in SourceCodester Sales and Inventory S...

A SQL injection vulnerability exists in the SourceCodester Sales and Inventory System version 1.0, specifically within the /view_category.php file. The issue arises due to improper handling of the 'searchtxt' parameter in HTTP POST requests. This flaw allows attackers to manipulate the input to e...

Discovered 19 hours ago

PoC for CVE-2026-4568

SourcecodesterSales And Inventory Sy...5.3MEDIUM
SQL Injection Vulnerability in SourceCodester Sales and Inventory S...

A vulnerability in the SourceCodester Sales and Inventory System version 1.0 allows for SQL injection through improper handling of the 'sid' argument in the /update_supplier.php file. This weakness can be exploited remotely, potentially allowing attackers to execute arbitrary SQL commands and com...

Discovered 20 hours ago

PoC for CVE-2026-4567

TendaA159.3CRITICAL
Stack-based Buffer Overflow Vulnerability in Tenda A15 by Tenda

A vulnerability has been identified in the Tenda A15 router, specifically in the function UploadCfg located at /cgi-bin/UploadCfg. The flaw arises from improper handling of the File argument, which can lead to a stack-based buffer overflow. This vulnerability allows for remote exploitation, posin...

PoC for CVE-2026-4566

BelkinF9k11228.7HIGH
Stack-Based Buffer Overflow in Belkin F9K1122 Router

A vulnerability has been identified in the Belkin F9K1122 router version 1.00.33, specifically within the function formWISP5G located in the /goform/formWISP5G file. This flaw allows an attacker to manipulate the 'webpage' argument, potentially leading to a stack-based buffer overflow. The exploi...

PoC for CVE-2026-4565

TendaAc218.7HIGH
Buffer Overflow Vulnerability in Tenda AC21 by Tenda

A buffer overflow vulnerability in Tenda AC21 affects the formSetQosBand function in the /goform/SetNetControlList file. This security issue can be triggered by manipulating the argument list, allowing remote attackers to exploit the vulnerability. The potential for exploitation is now public, ra...

Discovered 21 hours ago

PoC for CVE-2026-4564

YangzongzhuanRuoyi5.1MEDIUM
Code Injection Vulnerability in RuoYi Management System by yangzong...

A security flaw has been identified in the RuoYi Management System by yangzongzhuan, affecting versions up to 4.8.2. The vulnerability resides in the Quartz Job Handler, specifically in the handling of arguments for the /monitor/job/ file. This issue allows unauthorized code execution via injecte...

PoC for CVE-2026-4563

MacCMSMaccms5.3MEDIUM
Authorization Bypass in MacCMS Affects Member Order Detail Interface

A vulnerability has been discovered in MacCMS versions prior to 2025.1000.4052, specifically within the order_info function located in the User.php file of the Member Order Detail Interface. This security flaw allows an attacker to manipulate the order_id argument, potentially leading to unauthor...

Discovered 22 hours ago

PoC for CVE-2026-4562

MacCMSMaccms6.9MEDIUM
Weak Authentication Flaw in MacCMS 2025.1000.4052

A security flaw has been identified in MacCMS 2025.1000.4052, specifically within the file application/api/controller/Timming.php of the Timming API Endpoint. This vulnerability leads to missing authentication, allowing attackers to execute unauthorized actions remotely. The exploit has been publ...

Discovered 23 hours ago

PoC for CVE-2021-41773

ApacheApache Http Server🟣 EPSS 94%7.5HIGH
Path traversal and file disclosure vulnerability in Apache HTTP Ser...

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default config...

Discovered 1 day ago

PoC for CVE-2025-64446

FortinetFortiweb🟣 EPSS 87%9.4CRITICAL
Relative Path Traversal Vulnerability in Fortinet FortiWeb Products

A relative path traversal vulnerability exists in Fortinet FortiWeb products versions 8.0.0 to 8.0.1, 7.6.0 to 7.6.4, 7.4.0 to 7.4.9, 7.2.0 to 7.2.11, and 7.0.0 to 7.0.11. This vulnerability allows an attacker to potentially execute unauthorized administrative commands on the system by sending sp...

PoC for CVE-2026-4558

LinksysMr96008.7HIGH
OS Command Injection in Linksys MR9600 Router by Cisco

A significant vulnerability has been identified in the Linksys MR9600 firmware version 2.0.6.206937. A flaw in the 'smartConnectConfigure' function located in the SmartConnect.lua file allows for OS command injection through manipulation of specific arguments such as configApSsid, configApPassphr...

PoC for CVE-2026-4557

Code-projectsExam Form Submission5.3MEDIUM
Cross Site Scripting Vulnerability in Code-Projects Exam Form Submi...

A cross site scripting vulnerability has been identified in the Exam Form Submission product by Code-Projects, specifically within the updating function located in /admin/update_s1.php. By manipulating the 'sname' argument, an attacker can inject malicious scripts into web pages viewed by other u...

PoC for CVE-2015-8522

IBMTivoli Storage Manager...9.8CRITICAL
Buffer Overflow Vulnerability in IBM Tivoli Storage Manager

A buffer overflow vulnerability exists in the server component of IBM Tivoli Storage Manager FastBack versions 5.5.x and 6.x prior to 6.1.12.2. This flaw allows remote attackers to exploit the system by sending specially crafted commands, potentially leading to arbitrary code execution on the aff...

PoC for CVE-2026-4555

D-linkDir-5138.7HIGH
Remote Stack-Based Buffer Overflow in D-Link DIR-513 Routers

A vulnerability has been identified in the D-Link DIR-513 router, specifically within the formEasySetTimezone function in the boa component. This issue can lead to a stack-based buffer overflow when the curTime argument is manipulated. Attackers can exploit this vulnerability remotely, potentiall...

PoC for CVE-2026-4554

TendaF4535.3MEDIUM
Command Injection Vulnerability in Tenda F453 Router

A security flaw has been identified in the Tenda F453 router, specifically in the FormWriteFacMac function located within the /goform/WriteFacMac file. This vulnerability allows for command injection through manipulation of the mac argument, enabling an attacker to execute unauthorized commands r...

PoC for CVE-2014-0160

OpenSSLOpenSSL🟣 EPSS 94%7.5HIGH
Buffer Over-read Vulnerability in OpenSSL TLS and DTLS Implementations

The vulnerability in the TLS and DTLS implementations of OpenSSL versions prior to 1.0.1g allows remote attackers to exploit crafted Heartbeat Extension packets. This exploitation results in a buffer over-read, potentially revealing sensitive information from the memory of the affected process. A...

PoC for CVE-2026-4553

TendaF4538.7HIGH
Buffer Overflow Vulnerability in Tenda F453 Parameters Handler

A stack-based buffer overflow vulnerability has been identified in the Tenda F453 device, specifically in the Parameters Handler within the function fromNatlimit. The vulnerability arises due to improper handling of argument manipulation for the 'page' parameter in the /goform/Natlimit file. An a...

PoC for CVE-2026-4552

TendaF4538.7HIGH
Stack-Based Buffer Overflow in Tenda F453 Router

A stack-based buffer overflow vulnerability exists in the Tenda F453 router version 1.0.0.3, specifically within the fromVirtualSer function in the Parameters Handler. By manipulating the 'page' argument of the /goform/VirtualSer file, an attacker can exploit this vulnerability remotely, potentia...