Publicly Disclosed
PoC Exploits

đź”´ Alway take caution when working with PoC Exploits đź”´

Discovered just now...

PoC for CVE-2026-46453

ApacheApache Camel5.3MEDIUM
Improper Input Validation in Apache Camel ElasticSearch Rest Client

The ElasticSearch Rest Client component of Apache Camel is vulnerable to improper input validation, leading to potential authorization bypass. It allows untrusted HTTP clients to manipulate several Exchange headers that control the component’s behavior, such as SEARCH_QUERY and OPERATION, without...

PoC for CVE-2026-43867

ApacheApache Camel9.8CRITICAL
Deserialization Vulnerability in Apache Camel PQC Component

The Apache Camel PQC Component is susceptible to a vulnerability allowing deserialization of untrusted data. This occurs when the AwsSecretsManagerKeyLifecycleManager reads post-quantum key metadata from AWS Secrets Manager without adequate validation measures, enabling potential code execution w...

PoC for CVE-2026-43499

LinuxLinux7.8HIGH
Linux Kernel Vulnerability in rtmutex Component Affecting Multiple ...

A vulnerability exists in the Linux kernel's rtmutex component where the remove_waiter() function incorrectly utilizes current instead of waiter::task during a dequeue operation within various mutex handling paths. This mismanagement leads to multiple issues, including potential use-after-free vu...

PoC for CVE-2026-53805

Nv-tlabsGen3c9.3CRITICAL
Unauthenticated Remote Code Execution Vulnerability in NVIDIA SIL G...

The GEN3C product from NVIDIA's Spatial Intelligence Lab is affected by a serious vulnerability that allows unauthenticated remote code execution. This flaw resides in the inference API server, specifically in the /request-inference and /seed-model endpoints, which utilize Python's pickle.loads()...

Discovered 1 hour ago

PoC for CVE-2026-43499

LinuxLinux7.8HIGH
Linux Kernel Vulnerability in rtmutex Component Affecting Multiple ...

A vulnerability exists in the Linux kernel's rtmutex component where the remove_waiter() function incorrectly utilizes current instead of waiter::task during a dequeue operation within various mutex handling paths. This mismanagement leads to multiple issues, including potential use-after-free vu...

Discovered 4 hours ago

PoC for CVE-2026-15559

CodeastroSimple Online Leave Ma...5.3MEDIUM
SQL Injection Vulnerability in CodeAstro Simple Online Leave Manage...

A vulnerability has been identified in the CodeAstro Simple Online Leave Management System version 1.0, specifically within the POST Handler component located in the /SimpleOnlineLeave/admin/accept.php file. By manipulating the 'appid' parameter, an attacker may execute SQL injection attacks remo...

PoC for CVE-2026-15558

CodeastroSimple Online Leave Ma...5.3MEDIUM
SQL Injection Vulnerability in CodeAstro Simple Online Leave Manage...

A vulnerability has been identified in the CodeAstro Simple Online Leave Management System 1.0, specifically within the file /SimpleOnlineLeave/admin/deletemp.php. This flaw allows attackers to manipulate the ID argument, leading to SQL injection attacks that can be executed remotely. The nature ...

Discovered 6 hours ago

PoC for CVE-2026-15557

WaooaiWaoowaoo6.9MEDIUM
Improper Authentication in waooAI waoowaoo by WaooAI

A vulnerability has been identified in waooAI waoowaoo, specifically in the library function located in src/lib/api-auth.ts. This weakness affects key authentication processes including getInternalTaskSession, getAuthSession, requireUserAuth, and requireProjectAuth. Attackers can exploit this vul...

Discovered 7 hours ago

PoC for CVE-2026-15547

ShibbyTomato5.3MEDIUM
OS Command Injection in Shibby Tomato Router Firmware

A vulnerability has been identified in Shibby Tomato firmware versions up to 1.28.0000, specifically within the CIFS Mount Handler function sub_2D048. This weakness allows for the manipulation of CIFS arguments, potentially resulting in remote OS command injection. The publicly available exploit ...

PoC for CVE-2026-15546

ShibbyTomato5.3MEDIUM
OS Command Injection Vulnerability in Shibby Tomato Router Firmware

A security vulnerability has been identified in Shibby Tomato firmware versions up to 1.28.0000, affecting the function responsible for handling the execution of JFFS2 commands. This flaw allows an attacker to manipulate the argument within the jffs2_exec function, leading to potential remote OS ...

Discovered 8 hours ago

PoC for CVE-2026-15545

ShibbyTomato8.7HIGH
Out-of-Bounds Write Vulnerability in Shibby Tomato Router Firmware

A significant out-of-bounds write vulnerability has been discovered in the Shibby Tomato firmware, specifically affecting the apcupsd component found in the file www/apcupsd/tomatodata.cgi. This flaw resides within the main function, allowing attackers to manipulate the flow of data, potentially ...

PoC for CVE-2026-43499

LinuxLinux7.8HIGH
Linux Kernel Vulnerability in rtmutex Component Affecting Multiple ...

A vulnerability exists in the Linux kernel's rtmutex component where the remove_waiter() function incorrectly utilizes current instead of waiter::task during a dequeue operation within various mutex handling paths. This mismanagement leads to multiple issues, including potential use-after-free vu...

PoC for CVE-2026-15544

ShibbyTomato8.7HIGH
Stack-Based Buffer Overflow in Shibby Tomato Firmware by Shibby

A vulnerability has been identified in the Shibby Tomato firmware affecting the function getupsvar within the apcupsd component. The flaw, which leads to a stack-based buffer overflow, can be exploited remotely when malformed arguments are passed. This issue is particularly critical given its pub...

PoC for CVE-2026-15543

TendaCh228.7HIGH
Buffer Overflow Vulnerability in Tenda CH22 Router

A vulnerability exists within the Tenda CH22 router, specifically in the formCertListInfo function located at /goform/CertListInfo. This issue arises due to improper handling of the argument Name, leading to a buffer overflow condition. An attacker can exploit this vulnerability remotely, potenti...

Discovered 10 hours ago

PoC for CVE-2026-12582

WordPressLibrary Management System
SQL Injection Vulnerability in Library Management System Plugin for...

The Library Management System WordPress plugin, prior to version 3.5.8, is susceptible to a SQL injection vulnerability due to inadequate sanitization and escaping of user-supplied parameters. This flaw enables unauthenticated attackers to manipulate SQL queries and gain unauthorized access to se...

PoC for CVE-2026-12273

WordPressTutor Lms
Authorization Flaw in Tutor LMS Plugin Enables Comment Bypass for W...

The Tutor LMS WordPress plugin prior to version 3.9.13 contains a significant security flaw that allows authenticated users, including those with subscriber-level access and above, to post comments without undergoing the appropriate authorization checks. This vulnerability enables the posting of ...

PoC for CVE-2026-12274

WordPressTutor Lms
Authentication Bypass in Tutor LMS Plugin for WordPress

The Tutor LMS plugin for WordPress prior to version 3.9.13 is vulnerable due to a failure to adequately verify user permissions when saving content. This oversight allows authenticated users with instructor-level access to overwrite any post or page, disregarding the ownership of the content. Thu...

PoC for CVE-2026-12275

WordPressTutor Lms
Unauthorized Access Vulnerability in Tutor LMS Plugin by WordPress

The Tutor LMS WordPress plugin prior to version 3.9.13 is vulnerable due to insufficient access control measures in its Droip and Kirki page-builder integrations. This vulnerability allows authenticated users with only subscriber-level access to enroll in paid or private courses without proper au...

PoC for CVE-2026-12397

WordPressWP Job Portal
Information Disclosure Vulnerability in WP Job Portal by WordPress

The WP Job Portal plugin for WordPress prior to version 2.5.5 contains a vulnerability that fails to verify ownership when returning an employer's contact email for specific job listings. This weakness allows authenticated users with subscriber-level accounts to access and enumerate the private e...

PoC for CVE-2026-12396

WordPressWP Job Portal
Improper Access Control in WP Job Portal WordPress Plugin

The WP Job Portal WordPress plugin prior to version 2.5.5 has a serious flaw in its access control mechanisms. The plugin fails to adequately validate user capabilities or ownership, thereby allowing authenticated users with a subscriber-level account to perform job moderation actions. This could...

PoC for CVE-2026-12271

WordPressTutor Lms
Unauthorized Quiz Manipulation in Tutor LMS Plugin by Tutor Pro Inc.

The Tutor LMS WordPress plugin prior to version 3.9.13 contains an access control flaw that allows authenticated users with subscriber-level permissions or higher to manipulate quiz attempts. This vulnerability enables these users to overwrite quiz marks and force-complete the assessment for othe...

PoC for CVE-2026-12081

WordPressDatabase For Contact F...
PHP Object Injection Vulnerability in WordPress Form Plugins

A vulnerability exists in multiple WordPress form plugins, allowing unauthenticated users to inject arbitrary PHP objects through unserialized form-field values. When an administrator views the stored entry, these injected objects can be instantiated, potentially leading to unauthorized actions o...

PoC for CVE-2026-11963

WordPressUser Registration & Me...
Insufficient Authorization in User Registration & Membership Plugin...

The User Registration & Membership plugin for WordPress prior to version 5.2.2 has an authorization flaw that allows authenticated users to change the roles and membership tiers of other users. This occurs because the plugin does not adequately verify the identity of the user making the upgrade r...

PoC for CVE-2026-10551

WordPressBreeze Cache
Unauthenticated Stored Cross-Site Scripting Vulnerability in Breeze...

The Breeze Cache plugin for WordPress is susceptible to unauthenticated Stored Cross-Site Scripting (XSS). This vulnerability arises from a predictable replacement hash utilized during the HTML minification process, allowing malicious actors to exploit a regular expression flaw. As a result, atta...

PoC for CVE-2026-11964

WordPressUser Registration & Me...
Webhook Authentication Flaw in User Registration & Membership Plugi...

The User Registration & Membership plugin for WordPress prior to version 5.2.2 is vulnerable due to inadequate validation of incoming payment notifications from providers. This flaw allows an attacker to bypass payment verification and artificially trigger paid membership subscriptions, potential...

PoC for CVE-2026-15536

ItsourcecodeHospital Management Sy...5.3MEDIUM
SQL Injection Vulnerability in itsourcecode Hospital Management System

A vulnerability exists in the itsourcecode Hospital Management System, specifically in the file /patviewprescription.php. This issue arises from improper sanitization of the 'delid' argument, allowing attackers to perform SQL injection attacks. Such vulnerabilities can be exploited remotely, pote...

Discovered 11 hours ago

PoC for CVE-2026-15535

AkariasaiSelf-rag5.3MEDIUM
Deserialization Vulnerability in AkariAsai's Retrieval_LM Component

A vulnerability exists in the AkariAsai retrieval_lm component, specifically within the Indexer.deserialize_from function found in retrieval_lm/src/index.py. This flaw allows attackers to manipulate the index_meta.faiss argument, potentially leading to unsafe deserialization. The attack can be ex...

PoC for CVE-2026-15533

Shanghai Zhuozhuo...Dedecms5.1MEDIUM
Code Injection Vulnerability in DedeCMS 5.7.118 from Shanghai Zhuoz...

A significant security flaw has been identified in DedeCMS version 5.7.118, specifically within the Column Management feature located in the file /plus/search.php. This vulnerability allows an attacker to manipulate the Column Name argument, leading to the potential for remote code injection. Wit...

PoC for CVE-2026-15531

YashbhalgatHashnerf-pytorch4.8MEDIUM
Deserialization Vulnerability in HashNeRF-pytorch by yashbhalgat

A vulnerability identified in HashNeRF-pytorch allows for local deserialization attacks via the 'torch.load' function in the Checkpoint File Handler. By manipulating the 'ckpt_path' argument, attackers can exploit this weakness, potentially leading to unauthorized access or system compromise. Thi...

PoC for CVE-2023-29017

PatriksimekVm2🟣 EPSS 63%10CRITICAL
vm2 Sandbox Escape vulnerability

The vm2 sandbox, which is designed to execute untrusted code while restricting access to host resources, faced a significant security flaw prior to version 3.9.15. This vulnerability arose from improper handling of host objects in the `Error.prepareStackTrace` function during unhandled asynchrono...

Discovered 12 hours ago

PoC for CVE-2026-15530

WuzhiWuzhicms6.9MEDIUM
Information Disclosure Vulnerability in WuzhiCMS by Wuzhi

A vulnerability exists within the Attachment API of WuzhiCMS versions up to 4.1.0, specifically in the config/listimage function of the index.php file. This flaw allows remote attackers to manipulate the API, potentially leading to unauthorized information disclosure. Despite an early report of t...

PoC for CVE-2026-15528

LamaalrajihKicad-mcp4.8MEDIUM
File Processing Vulnerability in lamaalrajih kicad-mcp

A vulnerability has been identified in the lamaalrajih kicad-mcp project that affects the processing of certain files, specifically within the path_validator.py script. The flaw arises from the mishandling of input arguments related to project paths and schematic paths, leading to a failure in th...

Discovered 13 hours ago

PoC for CVE-2026-15527

Better-authBetter-icons4.8MEDIUM
Path Traversal Vulnerability in better-auth better-icons by Better ...

A vulnerability exists in the better-auth better-icons component, specifically in the scan_project_icons/sync_icon function, which is subject to a path traversal attack. This vulnerability affects versions up to 1.0.5 and can be exploited locally by manipulating the icons_file argument. Although ...

PoC for CVE-2026-15526

AugmntAugments-mcp-server4.8MEDIUM
Path Traversal Vulnerability in Augmnt Augments-mcp-server by Augmnt

A vulnerability has been identified in the augmnt augments-mcp-server version 7.1.0, specifically within the scanProjectDeps function located in the scan-project-deps.ts file. By manipulating the packageJsonPath argument, an attacker can perform path traversal, potentially exposing sensitive file...

PoC for CVE-2026-15525

KloskAdloop5.3MEDIUM
Server-Side Request Forgery Vulnerability in kLOsk Adloop

A vulnerability exists in kLOsk Adloop versions up to 0.9.0, specifically in the _validate_urls function located in src/adloop/ads/write.py. This flaw allows an attacker to manipulate the final_url argument, potentially leading to server-side request forgery. The vulnerability can be exploited re...

PoC for CVE-2023-34468

ApacheApache Nifi🟣 EPSS 64%8.8HIGH
Apache NiFi: Potential Code Injection with Database Services using H2

The DBCPConnectionPool and HikariCPConnectionPool services in Apache NiFi versions 0.0.2 through 1.21.0 are susceptible to a vulnerability that allows an authenticated and authorized user to configure a Database URL leveraging the H2 driver, leading to potential execution of custom code. The reco...

PoC for CVE-2026-15524

AliOShrMemory-bank-mcp4.8MEDIUM
Path Traversal Vulnerability in alioshr Memory-Bank-MCP

A security vulnerability is present in versions up to 0.2.1 and 3.1 of the alioshr memory-bank-mcp. This flaw is rooted in the vulnerability of the list-project-files-validation-factory.ts file, where manipulation of the 'projectName' argument can lead to path traversal attacks. Local access to t...

Discovered 14 hours ago

PoC for CVE-2026-15523

CodeastroSimple Online Leave Ma...5.3MEDIUM
SQL Injection Vulnerability in CodeAstro Simple Online Leave Manage...

A vulnerability exists in the CodeAstro Simple Online Leave Management System version 1.0 that allows for SQL injection via manipulation of parameters in the /SimpleOnlineLeave/admin/dashboard.php file. This issue can be exploited remotely, enabling attackers to execute arbitrary SQL queries with...

PoC for CVE-2026-15522

TugcantopalogluGodot-mcp4.8MEDIUM
Path Traversal Vulnerability in tugcantopaloglu godot-mcp Product

A security flaw has been identified in the tugcantopaloglu godot-mcp product version 2.0.0, specifically within the validatePath function located in build/index.js of the component run_project. The vulnerability allows for path traversal due to improper handling of the projectPath argument, which...

PoC for CVE-2026-15521

MakafeliN8n-workflow-builder4.8MEDIUM
Path Traversal Vulnerability in makafeli n8n-workflow-builder Software

A path traversal vulnerability exists in the makafeli n8n-workflow-builder, specifically in the 'update_node_from_file' function of the server file. This issue allows an attacker to manipulate the 'filePath' argument, potentially leading to unauthorized access of restricted files and directories....

PoC for CVE-2026-15520

GnuLibredwg4.8MEDIUM
Heap-Based Buffer Overflow in GNU LibreDWG Affecting Decompression ...

A vulnerability exists in the R2004 Section Decompression function of GNU LibreDWG version 0.13.4-154-g0b573035 that may lead to a heap-based buffer overflow if exploited. This issue requires local access to be successfully executed. The vulnerability is linked to the decompress_R2004_section fun...

Discovered 15 hours ago

PoC for CVE-2026-15519

UsestrixStrix2.3LOW
Remote Code Execution in usestrix strix Affected by PyPI Handler

A vulnerability exists in the usestrix strix product, specifically affecting the file system_prompt.jinja component within the PyPI Handler. This allows for the inclusion of functionality from untrusted control spheres, which may lead to unauthorized remote code execution. Although the exploit is...

PoC for CVE-2026-15518

Area 17Twill Cms5.1MEDIUM
Unrestricted File Upload Vulnerability in AREA 17 Twill CMS Media L...

An unrestricted file upload vulnerability exists in the Area 17 Twill CMS in the Media Library's FileLibraryController functionality. The vulnerability is triggered through improper handling of the input parameter 'qqfilename' in the 'storeFile' method located in the src/Http/Controllers/Admin/Fi...

PoC for CVE-2026-15517

JinherOa6.9MEDIUM
SQL Injection Vulnerability in Jinher OA 1.0 Affecting Remote Explo...

A vulnerability in Jinher OA version 1.0 allows attackers to exploit an unknown function in the file /C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx through the manipulation of the httpOID argument. This SQL Injection flaw enables remote exploitation, granting unauthorized access to users and poten...

Discovered 16 hours ago

PoC for CVE-2026-15514

Metasoft 美特软件Metacrm6.9MEDIUM
SQL Injection Risk in Metasoft MetaCRM Due to Remote Call Interface...

A vulnerability exists in Metasoft's MetaCRM software versions up to 6.4.0 Beta06, specifically within the RPC call handling function. By manipulating the argument 'phprpc_args' within the RPCService.query interface located at /customizemt/xkq/rpc.jsp, an attacker can execute a SQL injection atta...

PoC for CVE-2026-15513

WavlinkWl-nu516u15.3MEDIUM
OS Command Injection Vulnerability in Wavlink WL-NU516U1

A security flaw has been identified in the Wavlink WL-NU516U1, which is caused by an OS command injection vulnerability in the wlink_uci_set_value function of the /cgi-bin/adm.cgi file. By manipulating the 'lan_ip' argument, an attacker can execute arbitrary commands on the device remotely. This ...

PoC for CVE-2026-15512

Pig-meshPig5.3MEDIUM
Code Injection Vulnerability in Pig-mesh by Pig

A code injection vulnerability has been identified in the Pig-mesh software, affecting version 3.9.2 and earlier. The flaw resides in the component pig-codegen, specifically within the GeneratorServiceImpl.java file. Due to this vulnerability, an attacker can manipulate specific functionalities t...

Discovered 17 hours ago

PoC for CVE-2026-15511

ComfastCf-wr631ax V39.3CRITICAL
OS Command Injection in Comfast CF-WR631AX V3 Due to FastCGI Backen...

An OS command injection vulnerability exists in the Comfast CF-WR631AX V3, specifically in the system_wl_upload_pic_file function within the FastCGI Backend component. This vulnerability arises due to improper handling of the filename argument in the webmgnt interface, allowing an attacker to exe...

PoC for CVE-2026-15510

LeantimeLeantime5.3MEDIUM
Improper Authorization in Leantime Project Management System

A vulnerability exists in the Leantime Project Management System versions up to 3.8.0, where the 'Setting::saveSetting' function in the API does not properly enforce authorization checks. This flaw allows remote attackers to exploit the vulnerability, potentially manipulating critical configurati...

PoC for CVE-2026-15509

LeantimeLeantime5.3MEDIUM
Improper Authorization in Leantime Project Management System

A remote vulnerability exists in the Leantime project management system, specifically affecting versions up to 3.8.0. This flaw involves the JSON-RPC endpoint's editUser/addUser function, where improper authorization due to inadequate role manipulation can be exploited. Despite the vendor being n...