Publicly Disclosed
PoC Exploits

đź”´ Alway take caution when working with PoC Exploits đź”´

Discovered 57 minutes ago

PoC for CVE-2026-11510

CodeastroLeave Management System5.3MEDIUM
CodeAstro Leave Management System add_leave.php sql injection

A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/add_leave.php. Performing a manipulation of the argument type_of_leave results in sql injection. It is possible to initiate the attack remotely. The exploit has been relea...

Discovered 1 hour ago

PoC for CVE-2026-11508

CodeastroLeave Management System5.3MEDIUM
CodeAstro Leave Management System search_staff_to_assign_pc.php sql...

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search_staff_to_assign_pc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The...

Discovered 2 hours ago

PoC for CVE-2026-11507

CodeastroLeave Management System5.3MEDIUM
CodeAstro Leave Management System delete_leave_type.php sql injection

A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/delete_leave_type.php. The manipulation of the argument leave_type results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

PoC for CVE-2026-11506

CodeastroLeave Management System5.3MEDIUM
CodeAstro Leave Management System search_staff_for_deletion.php sql...

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search_staff_for_deletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed t...

PoC for CVE-2026-11504

TendaCx12l8.7HIGH
Tenda CX12L Wi-Fi Schedule Configuration Endpoint openSchedWifi set...

A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration Endpoint. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer ...

Discovered 3 hours ago

PoC for CVE-2026-11503

TendaCx12l8.7HIGH
Tenda CX12L Wi-Fi Configuration Endpoint fast_setting_wifi_set form...

A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overfl...

PoC for CVE-2026-11502

Jeecgboot2.3LOW
JeecgBoot Third-Party Login ThirdLoginController.java HttpServletRe...

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of ...

PoC for CVE-2026-11501

SourcecodesterHospitals Patient Reco...6.9MEDIUM
SourceCodester Hospitals Patient Records Management System Master.p...

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=save_patient. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remot...

PoC for CVE-2026-11500

Weaviate2.3LOW
Weaviate Static API Key client.go validateConfig authorization

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is pos...

Discovered 6 hours ago

PoC for CVE-2026-11497

D-linkDcs-56156.9MEDIUM
D-Link DCS-5615 Boa Webserver boa.conf least privilege violation

A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely. The exploit has bee...

PoC for CVE-2026-11495

CodeastroIngredients Stock Mana...5.3MEDIUM
CodeAstro Ingredients Stock Management System add_stock.php sql inj...

A vulnerability was detected in CodeAstro Ingredients Stock Management System 1.0. This impacts an unknown function of the file /Ingredients-Stock/add_stock.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be...

PoC for CVE-2026-11494

TotolinkAc1200 T85.3MEDIUM
TOTOLINK AC1200 T8 vsftpd vsftpd.conf least privilege violation

A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least privilege violation. The attack may be initiated remotely. The exploit has been disclosed publicly ...

Discovered 7 hours ago

PoC for CVE-2026-11493

TendaAc152.3LOW
Tenda AC15 Samba smb.conf weak password

A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/smb.conf of the component Samba. Executing a manipulation can lead to weak password requirements. The attack is only possible within the local network. A high complexity level...

PoC for CVE-2026-11492

D-linkDir-823g5.3MEDIUM
D-Link DIR-823G vsftpd vsftpd.conf least privilege violation

A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to...

PoC for CVE-2026-11491

CodeastroHuman Resource Managem...4.8MEDIUM
CodeAstro Human Resource Management System Notice Board Management ...

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/All_notice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input <svg onload="alert('Stored XSS Triggered by Ashi...

PoC for CVE-2026-11490

Code-projectsOnline Music Site6.9MEDIUM
code-projects Online Music Site Search.php sql injection

A vulnerability was determined in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Frontend/Search.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclo...

Discovered 8 hours ago

PoC for CVE-2026-11489

Code-projectsOnline Music Site6.9MEDIUM
code-projects Online Music Site AdminDeleteAlbum.php sql injection

A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminDeleteAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public an...

PoC for CVE-2026-11488

Code-projectsSimple Flight Ticket B...6.9MEDIUM
code-projects Simple Flight Ticket Booking System POST Parameter ch...

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remot...

PoC for CVE-2026-11487

Neovim4.8MEDIUM
Neovim View Branch secure.lua M.read command injection

A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argument path can lead to command injection. It is possible to launch the attack on the local host. The ...

PoC for CVE-2026-11486

SourcecodesterClass And Exam Timetab...6.9MEDIUM
SourceCodester Class and Exam Timetabling System archive1.php sql i...

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /archive1.php. Performing a manipulation of the argument sy results in sql injection. Remote exploitation of the attack is possible. The exp...

Discovered 9 hours ago

PoC for CVE-2026-11485

SourcecodesterClass And Exam Timetab...6.9MEDIUM
SourceCodester Class and Exam Timetabling System archive2.php sql i...

A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive2.php. Such manipulation of the argument sy leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly ...

PoC for CVE-2026-11484

SourcecodesterClass And Exam Timetab...6.9MEDIUM
SourceCodester Class and Exam Timetabling System archive3.php sql i...

A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public an...

PoC for CVE-2026-11483

SourcecodesterClass And Exam Timetab...6.9MEDIUM
SourceCodester Class and Exam Timetabling System archive4.php sql i...

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /archive4.php. The manipulation of the argument sy results in sql injection. The attack can be launched remotely. The exploit has been released to the public a...

PoC for CVE-2026-11482

SourcecodesterClass And Exam Timetab...6.9MEDIUM
SourceCodester Class and Exam Timetabling System archive5.php sql i...

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /archive5.php. The manipulation of the argument sy leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and mi...

Discovered 10 hours ago

PoC for CVE-2026-11481

YoanbernabeuGrepai2LOW
yoanbernabeu grepai Postgres Embedding Cache chunker.go PostgresSto...

A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Embedding Cache. Executing a manipulation of the argument content_hash can lead to use of weak hash. ...

PoC for CVE-2026-11480

Chengdu Everbrite...Beikeshop5.3MEDIUM
Chengdu Everbrite Network Technology BeikeShop Admin Design Builder...

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Builder Endpoint. Performing a manipulation of the argument settings.value results in sql injection. I...

PoC for CVE-2026-11479

YoanbernabeuGrepai2.3LOW
yoanbernabeu grepai Qdrant Backend chunker.go weak hash

A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use of weak hash. The attack may be performed from remote. Attacks of this nature are highly complex....

PoC for CVE-2026-11478

KokkeTiny-regex-c4.8MEDIUM
kokke tiny-regex-c Pattern re.c matchstar redos

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local ex...

Discovered 11 hours ago

PoC for CVE-2024-58349

WordPressTravelscape9.3CRITICAL
WordPress Theme Travelscape 1.0.3 Arbitrary File Upload

WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them...

PoC for CVE-2024-58348

WordPressBackground Image Cropper9.3CRITICAL
WordPress Background Image Cropper 1.2 Remote Code Execution

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary...

PoC for CVE-2023-54352

WordPressTravelscape9.3CRITICAL
WordPress Seotheme Remote Code Execution Unauthenticated

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands ...

PoC for CVE-2023-54351

WordPressSonaar Music Plugin5.1MEDIUM
WordPress Sonaar Music Plugin 4.7 Stored XSS via Comments

WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php which are stored an...

PoC for CVE-2023-54350

WordPressAugmented Reality8.7HIGH
WordPress Augmented-Reality Plugin Remote Code Execution Unauthenti...

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...

PoC for CVE-2022-50953

WordPressAdmin-word-count-column6.9MEDIUM
WordPress Plugin admin-word-count-column 2.2 Local File Read

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...

PoC for CVE-2021-47983

WordPressAccept Stripe Payments5.1MEDIUM
WordPress Plugin Stripe Payments 2.0.39 Stored XSS via currency_code

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settings[currency_code] parameter. Attackers can submit POST requests to /wp-admin/options.php with script ...

PoC for CVE-2021-47984

WordPressWP24 Domain Check5.1MEDIUM
WordPress Plugin WP24 Domain Check 1.6.2 Stored XSS

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at ...

PoC for CVE-2021-47982

WordPressWP-paginate5.1MEDIUM
WordPress Plugin WP-Paginate 2.1.3 Stored XSS via preset

WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the preset parameter...

PoC for CVE-2026-11477

Hs-webHsweb-framework5.3MEDIUM
hs-web hsweb-framework OAuth2 Client OAuth2Client.java OAuth2Client...

A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java of the component OAuth2 Client. The manipulation results in op...

PoC for CVE-2026-11476

Kushan2kStudent-management-system5.3MEDIUM
Kushan2k student-management-system Profile Update Endpoint AdminCon...

A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controllers/AdminController.php of the component Profile Update Endpoint. The manipulation of the argument...

PoC for CVE-2026-11475

Kushan2kStudent-management-system5.3MEDIUM
Kushan2k student-management-system Certificate Verification Endpoin...

A weakness has been identified in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this vulnerability is the function getStatus of the file controllers/GradeController.php of the component Certificate Verification Endpoint. Executing a manipulation of...

PoC for CVE-2026-11474

Kushan2kStudent-management-system6.9MEDIUM
Kushan2k student-management-system Registration Endpoint RegisterSe...

A security flaw has been discovered in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected is an unknown function of the file service/RegisterService.php of the component Registration Endpoint. Performing a manipulation of the argument stimg results in unre...

Discovered 12 hours ago

PoC for CVE-2026-11472

SourcecodesterClass And Exam Timetab...6.9MEDIUM
SourceCodester Class and Exam Timetabling System index1.php sql inj...

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /index1.php. This manipulation of the argument Password causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may ...

PoC for CVE-2026-11471

SourcecodesterClass And Exam Timetab...6.9MEDIUM
SourceCodester Class and Exam Timetabling System index2.php sql inj...

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /index2.php. The manipulation of the argument Password results in sql injection. It is possible to launch the attack remotely. The exploit has been made publi...

PoC for CVE-2026-11470

Hs-webHsweb-framework5.3MEDIUM
hs-web hsweb-framework File Upload FileUploadProperties.java denied...

A vulnerability has been found in hs-web hsweb-framework up to 5.0.1. The affected element is the function denied of the file hsweb-system/hsweb-system-file/src/main/java/org/hswebframework/web/file/FileUploadProperties.java of the component File Upload. The manipulation of the argument filename ...

Discovered 13 hours ago

PoC for CVE-2026-11468

SourcecodesterHospitals Patient Reco...4.8MEDIUM
SourceCodester Hospitals Patient Records Management System page roo...

A vulnerability was detected in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /admin/?page=room_types. Performing a manipulation of the argument room results in cross site scripting. The attack is possible to be carried out ...

PoC for CVE-2026-11467

JishenghuaJsherp5.3MEDIUM
jishenghua jshERP addAccountHeadAndDetail Endpoint AccountHeadServi...

A security vulnerability has been detected in jishenghua jshERP up to 3.6. This vulnerability affects the function addAccountHeadAndDetail of the file jshERP-boot/src/main/java/com/jsh/erp/service/AccountHeadService.java of the component addAccountHeadAndDetail Endpoint. Such manipulation of the ...

PoC for CVE-2026-11466

ZilliztechDeep-searcher5.3MEDIUM
zilliztech deep-searcher collection_router.py CollectionRouter.invo...

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. T...

Discovered 14 hours ago

PoC for CVE-2026-11465

SongquanpengOne-api2.3LOW
songquanpeng one-api Redemption Code Top-Up Endpoint redemption.go ...

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

PoC for CVE-2026-11464

Jeecgboot2.3LOW
JeecgBoot User List Endpoint SysUserController.java queryPageList i...

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

PoC for CVE-2026-11463

UscilabCereal6.3MEDIUM
USCiLab Cereal Shared Pointer type confusion

A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor ...