Publicly Disclosed
PoC Exploits

🔴 Alway take caution when working with PoC Exploits 🔴

Discovered just now...

PoC for CVE-2023-6246

Red HatGlibc🟣 EPSS 27%8.4HIGH
Heap-Based Buffer Overflow Vulnerability in glibc Library

A heap-based buffer overflow vulnerability exists in the __vsyslog_internal function of the glibc library, which is crucial for logging system events through the syslog and vsyslog functionalities. The issue arises if the openlog function is not invoked or if it is invoked with a NULL ident argum...

Discovered 58 minutes ago

PoC for CVE-2026-33186

GrpcGrpc-go9.1CRITICAL
Authorization Bypass Vulnerability in gRPC-Go by Google

The gRPC-Go server has a vulnerability that allows an attacker to bypass authorization checks due to improper input validation on the HTTP/2 ':path' pseudo-header. Specifically, versions before 1.79.3 accepted requests with omitted leading slashes in the ':path', allowing unauthorized access to s...

Discovered 59 minutes ago

PoC for CVE-2026-32945

PjsipPjproject8.4HIGH
Heap-based Buffer Overflow in PJSIP Open Source Multimedia Communic...

The PJSIP multimedia communication library has a vulnerability related to a heap-based buffer overflow in the DNS parser's name length handler. This issue impacts applications using PJSIP's integrated DNS resolver, which is configured through pjsua_config.nameserver or UaConfig.nameserver setting...

Discovered 1 hour ago

PoC for CVE-2026-27654

F5Nginx Open Source8.8HIGH
Buffer Overflow Vulnerability in NGINX Open Source and NGINX Plus

A vulnerability exists within the ngx_http_dav_module of NGINX Open Source and NGINX Plus that can be exploited to trigger a buffer overflow in the NGINX worker process. This scenario is possible when configuration files utilize the DAV module's MOVE or COPY methods combined with specific prefix ...

PoC for CVE-2025-55182

MetaReact-server-dom-webpack🟣 EPSS 66%10CRITICAL
Remote Code Execution Vulnerability in React Server Components by Meta

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

Discovered 3 hours ago

PoC for CVE-2023-32749

PydioCells🟣 EPSS 47%8.8HIGH
Privilege Escalation in Pydio Cells by External User Role Manipulation

Pydio Cells allows users to create external users for file sharing. However, by altering the HTTP request during this process, it is possible to assign arbitrary roles to new external users. This vulnerability enables an attacker to grant themselves or any other unauthorized user access to all ce...

PoC for CVE-2025-30065

ApacheApache Parquet Java10CRITICAL
Code Execution Vulnerability in Apache Parquet Product by Apache

The parquet-avro module of Apache Parquet versions 1.15.0 and earlier contains a schema parsing vulnerability that enables attackers to execute arbitrary code. It is crucial for users to upgrade to version 1.15.1 or later to mitigate this risk and secure their systems against potential exploitation.

Discovered 4 hours ago

PoC for CVE-2026-5705

Code-projectsOnline Hotel Booking5.3MEDIUM
Cross-Site Scripting in Online Hotel Booking by Code-Projects

A cross-site scripting vulnerability exists in the Online Hotel Booking 1.0 software, specifically affecting the /booknow.php component. This flaw allows attackers to manipulate the roomname parameter, enabling them to execute arbitrary scripts in the context of another user's browser. The exploi...

PoC for CVE-2026-5692

TotolinkA7100ru6.9MEDIUM
OS Command Injection Vulnerability in Totolink A7100RU Router

A security flaw has been identified in the Totolink A7100RU router, specifically in the function setGameSpeedCfg located in /cgi-bin/cstecgi.cgi. This vulnerability allows for OS command injection through manipulation of the 'enable' argument, potentially enabling an attacker to execute arbitrary...

Discovered 5 hours ago

PoC for CVE-2026-5691

TotolinkA7100ru6.9MEDIUM
OS Command Injection in Totolink Router A7100RU

A security flaw has been identified in the Totolink A7100RU router, specifically within the setFirewallType function of the cstecgi.cgi file. This vulnerability allows attackers to manipulate the firewallType parameter, potentially leading to OS command injection. This threat can be exploited rem...

PoC for CVE-2026-5690

TotolinkA7100ru6.9MEDIUM
OS Command Injection Vulnerability in Totolink A7100RU Router

A vulnerability exists in the Totolink A7100RU router due to improper validation in the setRemoteCfg function of the cstecgi.cgi file. By manipulating the enable argument, an attacker can execute OS commands remotely, potentially compromising the device's security. This exploit has been publicly ...

PoC for CVE-2026-5689

TotolinkA7100ru6.9MEDIUM
OS Command Injection in Totolink A7100RU Product

A vulnerability has been identified in the Totolink A7100RU firmware version 7.4cu.2313_b20191024, specifically within the setNtpCfg function of the cgi-bin/cstecgi.cgi file. This issue arises from improper handling of the 'tz' argument, allowing attackers to perform OS command injection. Such ma...

PoC for CVE-2026-5688

TotolinkA7100ru6.9MEDIUM
OS Command Injection Vulnerability in Totolink A7100RU

A security flaw exists in the Totolink A7100RU router, specifically within the setDdnsCfg function of the /cgi-bin/cstecgi.cgi file. This vulnerability allows an attacker to manipulate the 'provider' argument, potentially leading to OS command injection. Such attacks can be executed remotely, mak...

Discovered 6 hours ago

PoC for CVE-2026-5687

TendaCx12l8.7HIGH
Buffer Overflow Vulnerability in Tenda CX12L Router

A vulnerability exists in the Tenda CX12L router, specifically within the fromNatStaticSetting function located in the /goform/NatStaticSetting file. This weakness allows an attacker to execute a stack-based buffer overflow by manipulating input arguments. The vulnerability can be exploited remot...

PoC for CVE-2026-5686

TendaCx12l8.7HIGH
Stack-Based Buffer Overflow in Tenda CX12L Router

A security vulnerability has been identified in the Tenda CX12L router's handling of the RouteStatic function, specifically affecting the /goform/RouteStatic file. An attacker can exploit this flaw by manipulating the 'page' argument, leading to a stack-based buffer overflow. The nature of this v...

PoC for CVE-2026-5685

TendaCx12l8.7HIGH
Stack-Based Buffer Overflow in Tenda CX12L Router

A stack-based buffer overflow vulnerability has been discovered in the Tenda CX12L router version 16.03.53.12, specifically within the fromAddressNat function located in the /goform/addressNat file. This flaw allows an attacker to remotely manipulate the argument page, potentially leading to expl...

PoC for CVE-2026-5684

TendaCx12l8.6HIGH
Stack-Based Buffer Overflow in Tenda CX12L Router by Tenda

A stack-based buffer overflow vulnerability exists in the Tenda CX12L router's webExcptypemanFilter function. By manipulating the 'page' argument within the '/goform/webExcptypemanFilter' endpoint, an attacker with local network access may exploit this issue, potentially leading to remote code ex...

Discovered 7 hours ago

PoC for CVE-2026-5683

TendaCx12l5.1MEDIUM
Stack-based Buffer Overflow in Tenda CX12L Device

A stack-based buffer overflow vulnerability exists in the Tenda CX12L device, specifically in the fromP2pListFilter function located in the /goform/P2pListFilter file. This vulnerability is triggered by manipulating the 'page' argument and can allow an attacker to execute arbitrary code. The expl...

Discovered 8 hours ago

PoC for CVE-2026-5682

MeeshoOnline Shopping App6.3MEDIUM
Cryptographic Vulnerability in Meesho Online Shopping App for Android

The Meesho Online Shopping App for Android, specifically the component com.meesho.supply, has a vulnerability involving an unknown function within the /api/endpoint. This issue allows for the manipulation of cryptographic algorithms, potentially leading to insecure data handling. Although the com...

PoC for CVE-2026-5681

ItsourcecodeSanitize Or Validate T...5.3MEDIUM
SQL Injection Vulnerability in itsourcecode Parameter Handler

A SQL injection vulnerability has been identified in the itsourcecode sanitize or validate this input version 1.0, specifically within the borrowedequip.php file of the Parameter Handler component. This flaw allows attackers to manipulate the emp_id argument, enabling unauthorized SQL queries to ...

Discovered 9 hours ago

PoC for CVE-2026-5679

TotolinkA3300r5.1MEDIUM
OS Command Injection Vulnerability in Totolink A3300R Router

A security vulnerability has been identified in the Totolink A3300R router, specifically within the function vsetTr069Cfg located in the /cgi-bin/cstecgi.cgi file. This issue arises from improper handling of the stun_pass argument, allowing an attacker to execute arbitrary commands on the operati...

PoC for CVE-2026-35022

AnthropicClaude Code9.3CRITICAL
OS Command Injection Vulnerability in Anthropic Claude Code CLI and...

The Anthropic Claude Code CLI and Claude Agent SDK are susceptible to an OS command injection vulnerability in the authentication helper execution. This flaw arises from the lack of input validation in the execution of helper configuration values, allowing an attacker with the ability to manipula...

PoC for CVE-2026-5678

TotolinkA7100ru6.9MEDIUM
OS Command Injection in Totolink A7100RU Router Software

A security weakness has been discovered in the Totolink A7100RU router effective with the software version 7.4cu.2313_b20191024, specifically in the function setScheduleCfg located in /cgi-bin/cstecgi.cgi. This vulnerability allows attackers to manipulate the 'mode' argument, potentially enabling...

PoC for CVE-2026-5677

TotolinkA7100ru6.9MEDIUM
Command Injection Vulnerability in Totolink A7100RU Router

A security vulnerability has been identified in the Totolink A7100RU router, specifically within the CsteSystem function of the cgi-bin/cstecgi.cgi file. This flaw allows attackers to manipulate the resetFlags argument, thereby executing arbitrary OS commands remotely. The existence of this explo...

PoC for CVE-2026-5676

TotolinkA8000r6.9MEDIUM
Improper Authentication Vulnerability in Totolink A8000R Router

A significant vulnerability exists in the Totolink A8000R router, particularly within the 'setLanguageCfg' function located in the /cgi-bin/cstecgi.cgi file. This weakness stems from the improper handling of the 'langType' argument, resulting in a lack of required authentication for certain opera...

Discovered 10 hours ago

PoC for CVE-2026-5675

ItsourcecodeConstruction Managemen...5.3MEDIUM
SQL Injection Vulnerability in itsourcecode Construction Management...

A vulnerability has been identified in the itsourcecode Construction Management System 1.0 that allows an SQL injection through the manipulation of the 'emp' argument in the 'borrowed_tool.php' file. This weakness enables remote attackers to execute unauthorized SQL commands, potentially compromi...

PoC for CVE-2026-5672

Code-projectsSimple It Discussion F...6.9MEDIUM
SQL Injection Vulnerability in Simple IT Discussion Forum by Code-P...

The Simple IT Discussion Forum version 1.0 by Code-Projects contains a vulnerability in the edit-category.php file within its Parameter Handler component. This flaw allows for SQL injection, where manipulating the cat_id parameter can enable an attacker to execute malicious SQL queries remotely. ...

PoC for CVE-2026-5671

Cyber-iiiStudent-management-system5.3MEDIUM
Cross-Site Scripting Vulnerability in Cyber-III Student-Management-...

A cross-site scripting vulnerability is present in the Cyber-III Student-Management-System within the Class Schedule Deletion Endpoint located at /admin/class%20schedule/delete_batch.php. This flaw allows an attacker to manipulate the 'batch' argument, potentially leading to the injection of mali...

Discovered 11 hours ago

PoC for CVE-2026-5670

Cyber-iiiStudent-management-system5.3MEDIUM
Unrestricted File Upload Vulnerability in Cyber-III Student-Managem...

A vulnerability in the Cyber-III Student-Management System allows for unrestricted file uploads through the manipulation of the 'File' parameter in the 'move_uploaded_file' function located in '/AssignmentSection/submission/upload.php'. This issue can be exploited remotely, enabling attackers to ...

PoC for CVE-2026-5669

Cyber-iiiStudent-management-system6.9MEDIUM
SQL Injection Vulnerability in Cyber-III Student-Management System

A SQL injection vulnerability has been identified in the Cyber-III Student-Management System specifically affecting the /login.php file within the Parameter Handler component. This vulnerability allows for remote exploitation through manipulation of the Password argument, enabling attackers to ex...

PoC for CVE-2026-5668

Cyber-iiiStudent-management-system4.8MEDIUM
Cross-Site Scripting Vulnerability in Cyber-III Student-Management-...

A security flaw has been identified in the Cyber-III Student-Management-System, which impacts the /admin/Add%20notice/add%20notice.php file. This vulnerability arises from improper handling of the $_SERVER['PHP_SELF'] parameter, allowing a potential attacker to exploit cross-site scripting (XSS) ...

Discovered 12 hours ago

PoC for CVE-2024-14032

TwitchTwitch Studio8.5HIGH
Privilege Escalation Vulnerability in Twitch Studio by Twitch

Twitch Studio versions up to 0.114.8 are vulnerable to a privilege escalation issue stemming from an unprotected XPC service in the application's privileged helper tool. This flaw allows local attackers to execute arbitrary code with root privileges. By exploiting the installFromPath:toPath:withR...

PoC for CVE-2026-5666

Code-projectsOnline Fir System6.9MEDIUM
Sensitive Information Exposure in Online FIR System by Code-Projects

A vulnerability has been identified in the Online FIR System version 1.0, specifically within the file /complaints.sql related to the SQL Database Backup File Handler. This issue allows for the insecure storage of sensitive information, posing a risk of unauthorized access. The exploitation can b...

PoC for CVE-2026-5665

Code-projectsOnline Fir System6.9MEDIUM
SQL Injection Vulnerability in Online FIR System by Code-Projects

A security vulnerability has been identified in version 1.0 of the Online FIR System developed by Code-Projects. The issue arises from a flaw in the login functionality, specifically within the file /Login/checklogin.php. Attackers can exploit this vulnerability by manipulating the 'email' and 'p...

Discovered 13 hours ago

PoC for CVE-2026-1668

Tp-link Systems Inc.Sg2008p 3.2x7.7HIGH
Remote Code Execution Vulnerability in Omada Switches - Omada Networks

The web interface of multiple Omada switches lacks proper validation for certain external inputs, potentially allowing out-of-bounds memory access when processing specially crafted requests. This flaw creates an opportunity for an unauthenticated attacker with network access to exploit the affect...

PoC for CVE-2026-5661

Linux FoundationFree5gc6.9MEDIUM
Denial of Service Vulnerability in Free5GC by Linux Foundation

A vulnerability has been discovered in the Free5GC 4.2.0 framework, affecting the NGSetupRequest Handler component. An attacker could exploit this vulnerability to initiate a denial of service attack, which can be executed remotely. The exploit is publicly accessible, posing significant risks to ...

Discovered 14 hours ago

PoC for CVE-2026-5660

ItsourcecodeConstruction Managemen...5.3MEDIUM
SQL Injection Vulnerability in itsourcecode Construction Management...

A SQL injection vulnerability exists in the itsourcecode Construction Management System 1.0, specifically within an unknown function of the /borrowed_equip.php file related to parameter handling. This security flaw allows attackers to manipulate the 'emp' argument, which could lead to unauthorize...

Discovered 15 hours ago

PoC for CVE-2026-5659

PytriesDatrie5.3MEDIUM
Deserialization Vulnerability in pytries datrie by pytries

A security vulnerability has been identified in the pytries datrie component, specifically affecting the Trie.load, Trie.read, and Trie.__setstate__ functions within the src/datrie.pyx file. This deserialization flaw can be exploited remotely, allowing an attacker to manipulate the data structure...

Discovered 16 hours ago

PoC for CVE-2026-5650

Code-projectsOnline Application Sys...6.9MEDIUM
Sensitive Information Exposure in code-projects Online Application ...

A vulnerability exists in the code-projects Online Application System for Admission 1.0, specifically within its database handling functionality. This flaw allows for the insecure storage of sensitive information, which can be remotely manipulated by an attacker. The risk of exploitation is signi...

PoC for CVE-2026-5649

Code-projectsOnline Application Sys...5.3MEDIUM
SQL Injection Vulnerability in Code-Projects Online Admission System

A vulnerability in the Online Application System for Admission version 1.0 by Code-Projects has been identified, allowing for potential SQL injection attacks. This security flaw affects the file /enrollment/admsnform.php within the Endpoint component, enabling attackers to manipulate queries exec...

Discovered 17 hours ago

PoC for CVE-2026-5648

Code-projectsSimple Laundry System6.9MEDIUM
SQL Injection Vulnerability in Simple Laundry System by code-projects

A SQL injection vulnerability has been identified in the Simple Laundry System version 1.0, specifically within the /userfinishregister.php file, related to the Parameter Handler component. This flaw allows for remote exploitation through manipulation of the 'firstName' argument, potentially enab...

PoC for CVE-2026-5647

Code-projectsOnline Shoe Store4.8MEDIUM
Cross Site Scripting Vulnerability in Code-Projects Online Shoe Store

A Cross Site Scripting vulnerability has been identified in the Code-Projects Online Shoe Store version 1.0. The issue is rooted in the 'product_name' parameter of the file '/admin/admin_feature.php' within the Add Product Page component. This vulnerability allows an attacker to manipulate the in...

PoC for CVE-2026-5646

Code-projectsEasy Blog Site6.9MEDIUM
SQL Injection Vulnerability in Code-Projects Easy Blog Site by Code...

A SQL injection vulnerability has been identified in the Easy Blog Site 1.0 product. Specifically, the vulnerability lies within the login.php file, where improper validation of the username and password arguments allows for the execution of arbitrary SQL queries. This flaw can be exploited remot...

PoC for CVE-2026-5645

ProjectworldsCar Rental System6.9MEDIUM
SQL Injection Vulnerability in Projectworlds Car Rental System 1.0

An SQL injection vulnerability exists in the Projectworlds Car Rental System version 1.0, specifically within the '/pay.php' file's Parameter Handler component. This flaw can be exploited through a manipulation of the 'mpesa' argument, allowing attackers to execute arbitrary SQL code. The vulnera...

Discovered 18 hours ago

PoC for CVE-2026-5644

Cyber-iiiStudent-management-system4.8MEDIUM
Cross Site Scripting Vulnerability in Cyber-III Student-Management-...

A security flaw has been identified in the Cyber-III Student-Management-System that allows an attacker to leverage an unknown function within the batch-notice.php file. By manipulating the $_SERVER['PHP_SELF'] argument, an attacker can execute cross site scripting (XSS) attacks remotely. This vul...

PoC for CVE-2026-5643

Cyber-iiiStudent-management-system4.8MEDIUM
Cross Site Scripting Vulnerability in Cyber-III Student-Management-...

A cross site scripting vulnerability exists in the Cyber-III Student-Management-System, specifically within the Admin Add Endpoint. This issue arises due to manipulation of the $_SERVER['PHP_SELF'] argument in the notice.php file, allowing attackers to execute malicious scripts remotely. As the e...

PoC for CVE-2026-5642

Cyber-iiiStudent-management-system6.9MEDIUM
Improper Authorization Vulnerability in Cyber-III Student Managemen...

A vulnerability exists in the Cyber-III Student Management System related to improper authorization due to an issue in the HTTP POST Request Handler located in /viva/update.php. The problem arises from manipulation of the argument 'Name', allowing for unauthorized access. This vulnerability can b...

PoC for CVE-2026-5641

PHPgurukulOnline Shopping Portal...5.3MEDIUM
SQL Injection Vulnerability in PHPGurukul Online Shopping Portal 2.1

An SQL injection vulnerability exists in the PHPGurukul Online Shopping Portal version 2.1, specifically within the /admin/update-image1.php file's Parameter Handler. Attackers can exploit this vulnerability by manipulating the 'filename' argument, potentially leading to unauthorized access and m...

Discovered 19 hours ago

PoC for CVE-2026-5640

PHPgurukulOnline Shopping Portal...5.3MEDIUM
SQL Injection Vulnerability in PHPGurukul Online Shopping Portal 2.1

A vulnerability exists in PHPGurukul's Online Shopping Portal Project 2.1, specifically within the '/admin/update-image2.php' file's Parameter Handler component. This issue arises from improper handling of the 'filename' argument, which can lead to SQL injection exploits. Attackers can potentiall...

PoC for CVE-2026-5639

PHPgurukulOnline Shopping Portal...5.3MEDIUM
SQL Injection Vulnerability in PHPGurukul Online Shopping Portal 2.1

A security flaw exists in the PHPGurukul Online Shopping Portal Project version 2.1, specifically within an unclassified function in the file /admin/update-image3.php. This vulnerability allows an attacker to manipulate the 'filename' argument, potentially leading to a remote SQL injection attack...