Publicly Disclosed
PoC Exploits

🔴 Alway take caution when working with PoC Exploits 🔴

Discovered 25 minutes ago

PoC for CVE-2026-21045

SamsungSamsung Devices8.4HIGH
Out-of-Bounds Write Vulnerability in libimagecodec.media.quram.so, ...

An out-of-bounds write vulnerability exists in the TIFF parsing component of libimagecodec.media.quram.so. This flaw allows remote attackers to exploit the system by writing to areas of memory that are not allocated for that purpose, potentially leading to arbitrary code execution or crashes. Use...

Discovered 2 hours ago

PoC for CVE-2026-12979

WordPressFunnelkit
Path Traversal Vulnerability in FunnelKit WordPress Plugin

The FunnelKit WordPress plugin prior to version 3.15.0.6 suffers from a path traversal vulnerability. This issue arises when the plugin does not properly validate user-supplied paths during file deletion operations related to template imports. Administrators, if compromised, could exploit this vu...

PoC for CVE-2026-12907

WordPressRtmkit
Authorization Bypass in RTMKit WordPress Plugin by RTM

The RTMKit WordPress plugin prior to version 2.0.9 suffers from an authorization bypass vulnerability that permits users with Author role privileges to invoke a specific AJAX action. This flaw enables unauthorized users to create and activate site-wide templates, allowing them to modify critical ...

PoC for CVE-2026-12869

WordPressHeader Footer Builder ...
Unauthorized Template Import in Header Footer Builder for Elementor...

The Header Footer Builder plugin for Elementor allows users with the 'edit_posts' capability, such as Contributors, to import dashboard templates without proper administrative control. This oversight enables these users to inject potentially harmful JavaScript through an Elementor HTML widget. As...

PoC for CVE-2026-12906

WordPressRtmkit
Unauthorized Access Vulnerability in RTMKit WordPress Plugin

The RTMKit plugin for WordPress prior to version 2.0.9 is affected by an access control vulnerability. It fails to implement a necessary capability check for one of its AJAX actions, allowing users with just the Contributor role to exploit this flaw. This vulnerability enables them to gain unauth...

PoC for CVE-2026-12978

WordPressFunnelkit
Reflected Cross-Site Scripting in FunnelKit WordPress Plugin by Fun...

The FunnelKit WordPress plugin versions prior to 3.15.0.6 are vulnerable to reflected cross-site scripting attacks due to improper handling of user-supplied parameters in its AJAX actions. This flaw enables unauthenticated attackers to inject malicious scripts that are executed in the context of ...

PoC for CVE-2026-12684

WordPressCustomer Reviews For W...
Media Upload Vulnerability in Customer Reviews for WooCommerce Plug...

The Customer Reviews for WooCommerce WordPress plugin, prior to version 5.113.0, lacks necessary authentication and nonce checks in its AJAX actions related to media uploads. When the review media attachment feature is activated, this flaw permits unauthorized users to upload files to the Media L...

PoC for CVE-2026-11866

WordPressAppointment Booking Pl...
CSRF Vulnerability in Appointment Booking Plugin for WordPress by W...

The Appointment Booking Plugin for WordPress, prior to version 5.6.3, is vulnerable to Cross-Site Request Forgery (CSRF) due to inadequate validation of CSRF nonces across several actions managed by its central request dispatcher. This flaw permits attackers to exploit logged-in administrators, e...

PoC for CVE-2026-12492

WordPressHappy Coders Otp Login...
Authentication Bypass Vulnerability in Happy Coders OTP Login Plugi...

The Happy Coders OTP Login for WooCommerce plugin prior to version 2.8 suffers from an authentication bypass issue. This flaw allows attackers to bypass the one-time password validation mechanism, enabling them to log in as any user, including administrative accounts. Furthermore, this vulnerabil...

PoC for CVE-2026-12510

WordPressAi Engine
Data Exposure in AI Engine WordPress Plugin by AI Engine

The AI Engine WordPress plugin, prior to version 3.5.5, has a security flaw that allows users with subscriber-level access to improperly access private conversations of other users. This issue arises from the plugin's failure to confirm user ownership of a specified chatbot conversation based on ...

PoC for CVE-2026-12395

WordPressWP Job Portal
SQL Injection Vulnerability in WP Job Portal Plugin by WordPress

The WP Job Portal plugin for WordPress prior to version 2.5.5 is susceptible to SQL injection due to improper sanitization and escaping of parameters in SQL queries. This flaw can be exploited by authenticated users with subscriber-level accounts to execute unauthorized SQL commands, potentially ...

PoC for CVE-2026-12525

WordPressRedux Framework
Privilege Escalation Vulnerability in Redux Framework Plugin for Wo...

The Redux Framework plugin for WordPress prior to version 4.5.13 contains a vulnerability that allows unauthorized users with Subscriber roles to write arbitrary user meta keys when saving custom profile fields. This flaw can lead to privilege escalation, enabling these users to gain Administrato...

PoC for CVE-2026-12585

WordPressAbandoned Cart Lite Fo...
Unauthenticated Access Vulnerability in Abandoned Cart Lite for Woo...

The Abandoned Cart Lite for WooCommerce plugin prior to version 6.8.2 presents a significant security concern by failing to safeguard the integrity of its cart-recovery tokens. This vulnerability enables unauthenticated attackers to generate fraudulent recovery links, potentially allowing them to...

PoC for CVE-2026-11371

WordPressBetterdocs
Prompt Injection Vulnerability in BetterDocs Plugin for WordPress

The BetterDocs WordPress plugin prior to version 4.5.5 fails to properly sanitize AI-generated documentation summaries. This oversight allows unauthenticated users to exploit the feature by injecting malicious payloads through prompt injection. Once stored, these payloads can execute in the brows...

PoC for CVE-2026-48909

Joomshaper.netSp Lms Extension For J...9.5CRITICAL
Remote Code Execution Vulnerability in SP LMS by JoomShaper

The SP LMS component (com_splms) version prior to 4.1.4 by JoomShaper contains a vulnerability that allows unauthenticated attackers to execute arbitrary code on the server. This issue arises from the unsanitized deserialization of user-controlled cookie data, posing significant security risks fo...

Discovered 4 hours ago

PoC for CVE-2026-46591

ApacheApache Camel8.2HIGH
Improper Data Query Logic in Apache Camel's Neo4J Component

The Apache Camel Neo4J component suffers from a vulnerability that allows for improper neutralization of special elements in data query logic. Specifically, it arises from how the camel-neo4j producer constructs Cypher queries from the CamelNeo4jMatchProperties map. Despite prior measures address...

PoC for CVE-2026-58138

Conductor-ossConductor9.3CRITICAL
Unauthenticated Remote Code Execution in Orkes Conductor by Orkes

An unauthenticated remote code execution vulnerability in Orkes Conductor versions prior to 3.30.2 could allow remote attackers to execute arbitrary operating system commands by submitting malicious JavaScript or Python expressions through workflow definitions to the workflow API endpoint without...

PoC for CVE-2026-3891

WordPressPix For WooCommerce9.8CRITICAL
Arbitrary File Upload Vulnerability in Pix for WooCommerce Plugin b...

The Pix for WooCommerce plugin for WordPress is susceptible to arbitrary file uploads due to a lack of capability checks and insufficient file type validation within the 'lkn_pix_for_woocommerce_c6_save_settings' function. This vulnerability exists across all versions through 1.5.0. An unauthenti...

Discovered 7 hours ago

PoC for CVE-2026-15409

SonicwallSma100010CRITICAL
Server-Side Request Forgery in SonicWall SMA1000 Appliance Work Pla...

A Server-side Request Forgery (SSRF) vulnerability has been identified within the Work Place interface of the SMA1000 Appliance. This security flaw allows a remote attacker, without authentication, to exploit the appliance, enabling it to make requests to unintended and potentially malicious loca...

Discovered 10 hours ago

PoC for CVE-2026-46590

ApacheApache Camel8.8HIGH
Deserialization Vulnerability in Apache Camel PQC Component

The deserialization vulnerability in Apache Camel's PQC component allows malicious actors to exploit untrusted data during key lifecycle operations. This vulnerability arises from the use of raw object deserialization without proper input filtering, particularly affecting pluggable KeyLifecycleMa...

PoC for CVE-2024-5082

SonatypeNexus Repository
Remote Code Execution vulnerability discovered in Nexus Repository 2

A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2.  This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.

Discovered 11 hours ago

PoC for CVE-2026-46588

ApacheApache Camel7.3HIGH
Improper Input Validation in Apache Camel by Apache

An improper input validation vulnerability has been identified in Apache Camel. This flaw allows attackers to submit invalid input data, potentially leading to unexpected behavior in applications using vulnerable versions of the software. It is crucial for users to promptly update to secure versi...

Discovered 13 hours ago

PoC for CVE-2026-46587

ApacheApache Camel7.3HIGH
Improper Input Validation in Apache Camel Affects Multiple Versions

An improper input validation vulnerability in Apache Camel has been identified, impacting versions up to 4.14.7, from 4.15.0 to 4.18.2, and from 4.19.0 to 4.20.0. This flaw can lead to potential exploitation if untrusted input is processed. It is strongly advised for users to upgrade to Apache Ca...

PoC for CVE-2026-43499

LinuxLinux7.8HIGH
Linux Kernel Vulnerability in rtmutex Component Affecting Multiple ...

A vulnerability exists in the Linux kernel's rtmutex component where the remove_waiter() function incorrectly utilizes current instead of waiter::task during a dequeue operation within various mutex handling paths. This mismanagement leads to multiple issues, including potential use-after-free vu...

PoC for CVE-2026-43499

LinuxLinux7.8HIGH
Linux Kernel Vulnerability in rtmutex Component Affecting Multiple ...

A vulnerability exists in the Linux kernel's rtmutex component where the remove_waiter() function incorrectly utilizes current instead of waiter::task during a dequeue operation within various mutex handling paths. This mismanagement leads to multiple issues, including potential use-after-free vu...

Discovered 14 hours ago

PoC for CVE-2026-40501

CherryhqCherry-studio8.6HIGH
Remote Code Execution Vulnerability in Cherry Studio by Cherry HQ

Cherry Studio is vulnerable to remote code execution due to a misconfiguration in the SearchService component. Versions 1.2.2 through 1.9.12 have been identified as affected, enabling attackers to exploit controlled search provider content delivered via malicious JavaScript. If the Electron Brows...

Discovered 15 hours ago

PoC for CVE-2026-59258

Immich-appImmich7.2HIGH
Access Control Flaw in Immich Affects Album Permissions

Immich versions before 3.0.3 are susceptible to a broken access control vulnerability in the PUT /albums/:id/user/:userId endpoint. This issue allows users with editor access to improperly alter member roles within shared albums, enabling them to demote the actual album owner to an editor positio...

PoC for CVE-2026-59255

SpecteropsBloodhound7.1HIGH
Missing Authorization Flaw in BloodHound Allows Unauthorized Modifi...

BloodHound versions up to 9.4.0 contain a vulnerability within the custom-nodes API endpoints due to inadequate authorization checks. This flaw permits any authenticated user to manipulate the global graph schema. Exploitable by attackers holding valid session tokens, it enables the creation, mod...

PoC for CVE-2026-58660

KanboardKanboard7.2HIGH
Task Enumeration Vulnerability in Kanboard by Kanboard Project

A vulnerability exists in Kanboard's BoardAjaxController, where the save() method fails to properly validate task ownership during drag-and-drop operations. This allows authenticated users to manipulate tasks across different projects, even those they do not have direct access to. By exploiting t...

PoC for CVE-2026-58659

Lightning-aiPytorch-lightning8.4HIGH
Remote Code Execution Vulnerability in PyTorch Lightning

A vulnerability in PyTorch Lightning allows attackers to execute arbitrary code through the _load_state function. By crafting malicious checkpoint files that manipulate checkpoint _instantiator hyperparameters, an attacker can bypass the weights_only=True protection mechanism. When the LightningM...

PoC for CVE-2026-58658

GpustackGpustack8.8HIGH
Unauthenticated Information Disclosure in GPUStack by GPUStack Inc.

The vulnerability in GPUStack before version 2.2.1 allows unauthenticated attackers to exploit the unprotected /serveLogs and /debug endpoints on the worker port. This exploitation enables attackers to access sensitive inference logs, including enumerating model instance IDs, streaming logs conta...

PoC for CVE-2026-59827

MetabaseMetabase9.9CRITICAL
Deserialization Flaw in Metabase's H2 Database Connection

Metabase, an open-source business intelligence and embedded analytics tool, suffers from a deserialization vulnerability in versions prior to 1.58.15, 1.59.12, 1.60.6.3, and 1.61.1.4. When configured with an H2 database connection, including the default sample database, this flaw permits authenti...

PoC for CVE-2026-46585

ApacheApache Camel Lucene7.5HIGH
Improper Input Validation in Apache Camel's Lucene Component

The Apache Camel Lucene Component is susceptible to an improper input validation and authorization bypass vulnerability. This flaw occurs when the camel-lucene producer processes input headers that are not properly filtered due to missing Camel prefix checks, allowing any HTTP client to manipulat...

Discovered 16 hours ago

PoC for CVE-2026-27483

MindsdbMindsdb🟣 EPSS 11%8.8HIGH
Path Traversal Vulnerability in MindsDB Affects File Upload Functio...

MindsDB, a data-driven AI platform, has a vulnerability in its /api/files interface that allows authenticated attackers to exploit path traversal in the 'Upload File' module. This weakness is due to insufficient validation of file paths, permitting attackers to incorporate '../' sequences in the ...

Discovered 17 hours ago

PoC for CVE-2026-27944

0xjackyNginx-ui🟣 EPSS 22%9.8CRITICAL
Authentication Bypass in Nginx UI Affects Nginx Web Server

Nginx UI, a web interface for the Nginx web server, has a critical security flaw where the /api/backup endpoint is accessible without authentication. This vulnerability allows unauthenticated attackers to retrieve a complete system backup that includes sensitive information such as user credentia...

Discovered 19 hours ago

PoC for CVE-2025-27591

Meta Platforms, IncBelow6.8MEDIUM
Privilege Escalation Vulnerability in Below Service by Facebook

A privilege escalation vulnerability was identified in the Below service prior to version 0.9.0. This vulnerability arises from the creation of a world-writable directory located at /var/log/below. As a result, local unprivileged users can exploit this flaw through symlink attacks, potentially ma...

PoC for CVE-2026-43499

LinuxLinux7.8HIGH
Linux Kernel Vulnerability in rtmutex Component Affecting Multiple ...

A vulnerability exists in the Linux kernel's rtmutex component where the remove_waiter() function incorrectly utilizes current instead of waiter::task during a dequeue operation within various mutex handling paths. This mismanagement leads to multiple issues, including potential use-after-free vu...

Discovered 20 hours ago

PoC for CVE-2026-15410

SonicwallSma10007.2HIGH
Code Injection Vulnerability in SMA1000 Appliance Management Consol...

A vulnerability has been identified in the SMA1000 Appliance Management Console that allows a post-authentication improper control of code generation. Under specific conditions, an authenticated remote attacker could exploit this flaw to execute arbitrary operating system commands. This vulnerabi...

PoC for CVE-2026-15409

SonicwallSma100010CRITICAL
Server-Side Request Forgery in SonicWall SMA1000 Appliance Work Pla...

A Server-side Request Forgery (SSRF) vulnerability has been identified within the Work Place interface of the SMA1000 Appliance. This security flaw allows a remote attacker, without authentication, to exploit the appliance, enabling it to make requests to unintended and potentially malicious loca...

Discovered 1 day ago

PoC for CVE-2026-26718

xxl-job-adminxxl-job-admin
Cross-Site Request Forgery Vulnerability in XXL-Job-Admin Web Appli...

A Cross-Site Request Forgery vulnerability has been identified in the XXL-Job-Admin web application version 3.0.0. This flaw permits attackers to execute unauthorized modifications to Glue IDE shell scripts. The vulnerability arises due to inadequate CSRF token validation and the acceptance of ar...

PoC for CVE-2026-11580

WordPressKali Forms — Contact F...5.5MEDIUM
Unauthorized Post Duplication in Kali Forms WordPress Plugin

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin prior to version 2.4.17 is susceptible to an insufficient access control vulnerability. This flaw allows users with Contributor-level access or higher to duplicate any post, circumventing ownership restrictions. As a result, t...

PoC for CVE-2026-12281

WordPressShibboleth8.1HIGH
Authentication Bypass in Shibboleth WordPress Plugin

The Shibboleth plugin for WordPress before version 2.5.4 is vulnerable to an authentication bypass due to a flaw in its HTTP header identity mode. When this mode is activated without an anti-spoofing key, the plugin erroneously authenticates any request carrying identity headers without proper ve...

PoC for CVE-2026-11579

WordPressKali Forms — Contact F...5.3MEDIUM
File Upload Vulnerability in Kali Forms Plugin for WordPress

The Kali Forms plugin for WordPress, specifically versions before 2.4.17, contains a significant vulnerability where it fails to verify if a file upload is associated with an existing form that has a file-upload field. This oversight allows unauthorized users to upload files directly to the WordP...

PoC for CVE-2026-12512

WordPressQuotes Llama8.6HIGH
SQL Injection Vulnerability in Quotes Llama WordPress Plugin

The Quotes Llama WordPress plugin prior to version 3.1.6 is susceptible to SQL injection due to improper sanitization and escaping of user-supplied parameters in SQL queries. This vulnerability enables unauthenticated attackers to manipulate the database, potentially allowing them to retrieve sen...

PoC for CVE-2026-23744

McpjamInspector🟣 EPSS 44%9.8CRITICAL
Remote Code Execution Vulnerability in MCPJam Inspector by MCP

MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...

PoC for CVE-2026-46584

ApacheApache Camel Mail3.7LOW
Improper Input Validation Vulnerability in Apache Camel Mail Component

An improper input validation vulnerability in the Apache Camel Mail Component allows for the potential exposure of sensitive information due to untrusted input being processed without proper filtering. Specifically, the MailProducer may construct JavaMail sessions with headers from untrusted sour...

PoC for CVE-2026-0740

WordPressNinja Forms - File Upl...🟣 EPSS 54%9.8CRITICAL
Arbitrary File Upload Vulnerability in Ninja Forms File Uploads Plu...

The Ninja Forms - File Uploads plugin for WordPress contains a vulnerability allowing unauthenticated attackers to upload arbitrary files due to inadequate file type validation in the upload handling function. This oversight affects all versions upto and including 3.3.26, potentially enabling att...

PoC for CVE-2026-43499

LinuxLinux7.8HIGH
Linux Kernel Vulnerability in rtmutex Component Affecting Multiple ...

A vulnerability exists in the Linux kernel's rtmutex component where the remove_waiter() function incorrectly utilizes current instead of waiter::task during a dequeue operation within various mutex handling paths. This mismanagement leads to multiple issues, including potential use-after-free vu...

PoC for CVE-2026-15753

ZhinianbokeXianyu-auto-reply5.3MEDIUM
Remote Manipulation Vulnerability in Zhinianboke Xianyu-Auto-Reply ...

A critical vulnerability has been identified in the Zhinianboke Xianyu-Auto-Reply server that allows an attacker to manipulate server-side HTTP permission methods through the vulnerable 'review' functionality at /api/v1/payment/withdraw/review?action=approve. This manipulation can facilitate unau...

PoC for CVE-2026-15751

Mastergo-designMastergo-magic-mcp4.8MEDIUM
Path Traversal Vulnerability in Mastergo Design's Magic MCP Tool

A security vulnerability has been discovered in the Mastergo Design Magic MCP tool, particularly affecting the function execute in the component mcp__getComponentGenerator located in mastergo/component-workflow.md. This vulnerability allows unauthorized access to file paths due to improper handli...