Publicly Disclosed
PoC Exploits
🔴 Alway take caution when working with PoC Exploits 🔴
Discovered just now...
PoC for CVE-2026-63030
A confusion issue in the REST API batch endpoint of WordPress versions 6.9.x prior to 6.9.5 and 7.0.x prior to 7.0.2 could facilitate an exploit. This vulnerability, when combined with an existing SQL Injection flaw in the author__not_in WP_Query feature, can allow attackers to execute unauthoriz...
PoC for CVE-2026-60137
A vulnerability in WordPress allows for potential SQL Injection due to improper sanitization of the author__not_in parameter in WP_Query. When untrusted input is passed to this parameter via a plugin or theme, it could lead to unauthorized database queries. Affected versions include WordPress 6.8...
PoC for CVE-2026-63030
A confusion issue in the REST API batch endpoint of WordPress versions 6.9.x prior to 6.9.5 and 7.0.x prior to 7.0.2 could facilitate an exploit. This vulnerability, when combined with an existing SQL Injection flaw in the author__not_in WP_Query feature, can allow attackers to execute unauthoriz...
PoC for CVE-2023-49092
RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is curren...
PoC for CVE-2026-63030
A confusion issue in the REST API batch endpoint of WordPress versions 6.9.x prior to 6.9.5 and 7.0.x prior to 7.0.2 could facilitate an exploit. This vulnerability, when combined with an existing SQL Injection flaw in the author__not_in WP_Query feature, can allow attackers to execute unauthoriz...
PoC for CVE-2026-63030
A confusion issue in the REST API batch endpoint of WordPress versions 6.9.x prior to 6.9.5 and 7.0.x prior to 7.0.2 could facilitate an exploit. This vulnerability, when combined with an existing SQL Injection flaw in the author__not_in WP_Query feature, can allow attackers to execute unauthoriz...
Discovered 2 hours ago
PoC for CVE-2026-63030
A confusion issue in the REST API batch endpoint of WordPress versions 6.9.x prior to 6.9.5 and 7.0.x prior to 7.0.2 could facilitate an exploit. This vulnerability, when combined with an existing SQL Injection flaw in the author__not_in WP_Query feature, can allow attackers to execute unauthoriz...
PoC for CVE-2026-16155
A cross-site scripting vulnerability exists in the SourceCodester Class and Exam Timetabling System, specifically within the '/schoolyr.php' file. This vulnerability allows attackers to manipulate the argument 'sy' to inject malicious scripts that can be executed in the user's browser. The attack...
PoC for CVE-2026-16154
A vulnerability has been identified in the SourceCodester Class and Exam Timetabling System, specifically within the edit_room1.php file. This issue stems from improper handling of the ID argument, enabling attackers to exploit the system via SQL injection techniques. This vulnerability allows re...
Discovered 3 hours ago
PoC for CVE-2026-16152
A SQL injection vulnerability has been identified in the SourceCodester Class and Exam Timetabling System version 1.0. The issue originates from improper handling of the argument ID in the file /edit_rooma.php. Remote attackers can exploit this vulnerability by manipulating input parameters, pote...
Discovered 4 hours ago
PoC for CVE-2026-16133
A vulnerability exists in LiuMengxuan04 MiniCode version 0.1.0, specifically in the child_process.spawn function within the mcp.ts file. This flaw enables remote attackers to perform command injection, given certain manipulation techniques, though the exploitation process is complex. As of now, a...
PoC for CVE-2026-16131
A vulnerability has been discovered in the itsourcecode Hospital Management System 1.0, specifically within the '/prescriptionrecord.php' file. This issue arises from improper handling of an input parameter, 'delid', which can be manipulated to execute SQL injection attacks. Attackers can exploit...
Discovered 5 hours ago
PoC for CVE-2026-43499
A vulnerability exists in the Linux kernel's rtmutex component where the remove_waiter() function incorrectly utilizes current instead of waiter::task during a dequeue operation within various mutex handling paths. This mismanagement leads to multiple issues, including potential use-after-free vu...
PoC for CVE-2026-16130
A vulnerability has been detected in the NearAI Ironclaw product, specifically in the validate_path function located in the path_utils.rs file within the write_file component. This issue enables link following, which could be exploited with local access to the system. An attacker needs to manipul...
Discovered 6 hours ago
PoC for CVE-2023-33107
A memory corruption vulnerability exists in the Graphics Linux component of Qualcomm's products. This flaw occurs when assigning a shared virtual memory region during an IOCTL call. An attacker could exploit this vulnerability to potentially execute arbitrary code or cause a denial-of-service con...
PoC for CVE-2026-16129
The princezuda SafestClaw web interface contains a vulnerability within the ShellAction._validate_command function, which can lead to an incomplete blacklist for input validation. This flaw could potentially allow local attackers to exploit the system by manipulating allowed shell commands, posin...
PoC for CVE-2026-63030
A confusion issue in the REST API batch endpoint of WordPress versions 6.9.x prior to 6.9.5 and 7.0.x prior to 7.0.2 could facilitate an exploit. This vulnerability, when combined with an existing SQL Injection flaw in the author__not_in WP_Query feature, can allow attackers to execute unauthoriz...
PoC for CVE-2026-16128
A security vulnerability has been identified in Zevorn RT-Claw up to version 0.2.0. The flaw resides in the receiver_thread function within the http_request component of the file claw/services/swarm/swarm.c. This can lead to server-side request forgery, enabling malicious actors to exploit the vu...
Discovered 7 hours ago
PoC for CVE-2026-16127
A vulnerability exists in the RT-Claw tool, specifically affecting the function claw_net_get/claw_net_post in the http_request component. The flaw allows for manipulation of the URL argument, which can lead to server-side request forgery (SSRF). This vulnerability can be exploited remotely, posin...
PoC for CVE-2026-16126
A critical vulnerability exists in the Zevorn RT-Claw’s Swarm RPC Receiver due to improper authorization in the handle_rpc_request function located in swarm.c. This flaw allows an attacker to manipulate responses and gain unauthorized access to system functions. The vulnerability can be exploited...
PoC for CVE-2026-63030
A confusion issue in the REST API batch endpoint of WordPress versions 6.9.x prior to 6.9.5 and 7.0.x prior to 7.0.2 could facilitate an exploit. This vulnerability, when combined with an existing SQL Injection flaw in the author__not_in WP_Query feature, can allow attackers to execute unauthoriz...
PoC for CVE-2026-16125
A vulnerability has been identified in the RT-Claw component of Zevorn, where improper handling of the URL argument in the claw_net_get/claw_net_post functions within net.c allows for Server-Side Request Forgery (SSRF). This flaw can be exploited remotely, potentially enabling attackers to manipu...
Discovered 8 hours ago
PoC for CVE-2026-16124
A security vulnerability found in Nextlevelbuilder's GoClaw, specifically in the web_fetch component, could allow an attacker to leverage server-side request forgery. This occurs when the CheckSSRF/isPrivateIP function located in the file internal/tools/web_shared.go is manipulated. Attackers can...
PoC for CVE-2026-16123
A vulnerability has been identified in the nextlevelbuilder GoClaw product, specifically affecting versions up to 3.13.2. This issue resides in the ServeHTTP function of the tools_invoke.go file within the Invoke Endpoint component. The flaw results in missing authorization checks, allowing unaut...
PoC for CVE-2026-43499
A vulnerability exists in the Linux kernel's rtmutex component where the remove_waiter() function incorrectly utilizes current instead of waiter::task during a dequeue operation within various mutex handling paths. This mismanagement leads to multiple issues, including potential use-after-free vu...
PoC for CVE-2026-16122
A security flaw in GoClaw up to version 3.13.2 allows for incorrect authorization via the extractBin/RequestApproval/matchesAllowlist function in internal/tools/exec_approval.go. This exploit, made public, poses a risk as it can be manipulated for unauthorized actions within the system, potential...
PoC for CVE-2026-16121
A vulnerability has been discovered in GoClaw by Nextlevelbuilder, affecting version 3.13.2. This issue is centered around the isSafeBin function in the internal/tools/exec_approval.go file. Due to improper authorization handling, attackers can exploit this vulnerability remotely, leading to unau...
Discovered 9 hours ago
PoC for CVE-2026-16120
A vulnerability has been identified in nextlevelbuilder GoClaw up to version 3.13.3-beta.3, affecting the matchesAllowlist/extractBin function located in internal/tools/exec_approval.go. This vulnerability allows for the potential exploitation to execute manipulations resulting in improperly reso...
Discovered 10 hours ago
PoC for CVE-2026-16119
A vulnerability has been identified in GoClaw up to version 3.13.2 that affects the WebSocket Approval Endpoint's RequestApproval function. Attackers can exploit this flaw to manipulate authorization processes, enabling unauthorized actions to be performed remotely. The exploit is publicly known,...
PoC for CVE-2026-63030
A confusion issue in the REST API batch endpoint of WordPress versions 6.9.x prior to 6.9.5 and 7.0.x prior to 7.0.2 could facilitate an exploit. This vulnerability, when combined with an existing SQL Injection flaw in the author__not_in WP_Query feature, can allow attackers to execute unauthoriz...
Discovered 13 hours ago
PoC for CVE-2026-43074
A use-after-free vulnerability exists in the Linux kernel related to the eventpoll functionality, specifically during the execution of the ep_free() function in eventpoll.c. This flaw allows for the struct eventpoll to be deallocated while still being accessed by another thread, leading to potent...
PoC for CVE-2026-16088
A security flaw has been identified in the Halo Files Backup Endpoint, specifically in the MigrationEndpoint.java file as part of versions up to 2.24.2. This vulnerability enables attackers to perform path traversal, allowing them to access sensitive files on the server. The issue can be exploite...
PoC for CVE-2026-16085
A security vulnerability exists in Sipeed PicoClaw versions up to 0.2.9 related to the NewContextBuilder function located in pkg/agent/context.go. This flaw allows attackers to manipulate the system by including functionality from an untrusted control sphere, potentially leading to unauthorized a...
Discovered 14 hours ago
PoC for CVE-2026-16084
A vulnerability has been discovered in versions of Sipeed PicoClaw up to 0.2.9, affecting the web_fetch function found in the pkg/tools/integration/web.go file. This security flaw enables server-side request forgery (SSRF), allowing remote attackers to exploit the system by sending crafted reques...
PoC for CVE-2026-16083
A security flaw exists in the Sipeed PicoClaw up to version 0.2.9, specifically within the webhook.ParseRequest function located in pkg/channels/line/line.go. This vulnerability allows remote attackers to exploit the authentication mechanism through capture-replay techniques, potentially unlockin...
PoC for CVE-2026-63030
A confusion issue in the REST API batch endpoint of WordPress versions 6.9.x prior to 6.9.5 and 7.0.x prior to 7.0.2 could facilitate an exploit. This vulnerability, when combined with an existing SQL Injection flaw in the author__not_in WP_Query feature, can allow attackers to execute unauthoriz...
PoC for CVE-2026-16082
A vulnerability exists in the Sipeed PicoClaw up to version 0.2.9, specifically within the ExecTool.executeRun function in the file pkg/agent/pipeline_execute.go. This flaw arises from improper handling of the argument 'cwe' which can lead to a time-of-check time-of-use condition. The exploit mus...
Discovered 15 hours ago
PoC for CVE-2026-63030
A confusion issue in the REST API batch endpoint of WordPress versions 6.9.x prior to 6.9.5 and 7.0.x prior to 7.0.2 could facilitate an exploit. This vulnerability, when combined with an existing SQL Injection flaw in the author__not_in WP_Query feature, can allow attackers to execute unauthoriz...
PoC for CVE-2026-16081
A vulnerability exists in Sipeed PicoClaw (up to version 0.2.9) that can be exploited via a maliciously crafted request, allowing attackers to perform unauthorized actions on behalf of authenticated users. This is due to an issue in the `web/backend/api/auth.go` file, making the affected system v...
Discovered 16 hours ago
PoC for CVE-2026-16077
AstrBot by AstrBotDevs is susceptible to an improper link resolution vulnerability in the _normalize_rw_path function within the Filesystem Computer-Use Tool component. This flaw allows attackers with local access to manipulate the tool, leveraging link following capabilities to access unauthoriz...
Discovered 17 hours ago
PoC for CVE-2026-16076
A vulnerability exists in the AstrBot API, specifically within the OpenApiRoute.chat_send function. By manipulating the Username parameter, an attacker can bypass authentication, enabling unauthorized access to the system. This flaw is remotely exploitable, posing a significant risk to users. Des...
PoC for CVE-2026-63030
A confusion issue in the REST API batch endpoint of WordPress versions 6.9.x prior to 6.9.5 and 7.0.x prior to 7.0.2 could facilitate an exploit. This vulnerability, when combined with an existing SQL Injection flaw in the author__not_in WP_Query feature, can allow attackers to execute unauthoriz...
Discovered 19 hours ago
PoC for CVE-2026-16075
A significant security flaw has been identified in AstrBot by AstrBotDevs, specifically affecting the session-listing endpoint of the OpenApiRoute.get_chat_sessions function. This vulnerability stems from improper handling of the 'Username' argument within the open_api.py file, allowing unauthori...
Discovered 22 hours ago
PoC for CVE-2026-48205
An input validation flaw in Apache Camel's DNS component enables attackers to exploit an SSRF vulnerability. This weakness permits manipulation of DNS operation parameters through Headers that lack proper filtering, allowing attackers to direct requests to malicious DNS servers. The vulnerability...
Discovered 23 hours ago
PoC for CVE-2026-43499
A vulnerability exists in the Linux kernel's rtmutex component where the remove_waiter() function incorrectly utilizes current instead of waiter::task during a dequeue operation within various mutex handling paths. This mismanagement leads to multiple issues, including potential use-after-free vu...
Discovered 1 day ago
PoC for CVE-2025-8110
The vulnerability in the PutContents API of Gogs arises from improper handling of symbolic links, potentially allowing local execution of arbitrary code. This misconfiguration may expose sensitive data and facilitate unauthorized access to critical systems. Users and administrators are urged to u...
PoC for CVE-2026-48204
A vulnerability exists in Apache Camel's Mongodb GridFS component due to improper input validation and access control. This issue arises when the producer selects GridFS operations based on unvalidated headers when not explicitly set. An attacker can exploit this by injecting crafted headers, all...
PoC for CVE-2026-50416
An information disclosure vulnerability in Windows Win32K allows authorized attackers to access sensitive information locally. This security flaw could enable an unauthorized actor to obtain confidential data, leading to potential exploitation in compromised systems. Users are urged to apply avai...
PoC for CVE-2007-2447
The MS-RPC functionality within the Samba server allows attackers to execute arbitrary commands remotely due to improper handling of shell metacharacters. When the 'username map script' configuration option is enabled, a malicious user can exploit the SamrChangePassword function to inject command...
PoC for CVE-2026-16074
A vulnerability identified in the AstrBotDevs AstrBot version 4.25.2 affects the Plugin Update Handler component, specifically within the update_plugin/update_all_plugins function located in the file astrbot/dashboard/routes/plugin.py. This flaw allows for manipulation of the download_url/downloa...