Publicly Disclosed
PoC Exploits

🔴 Alway take caution when working with PoC Exploits 🔴

Discovered just now...

PoC for CVE-2026-14459

Tubitak Bilgem So...Pardus-software8.8HIGH
Argument Injection Vulnerability in TUBITAK BILGEM Software

The TUBITAK BILGEM Software Technologies Research Institute's pardus-software is vulnerable to argument injection due to improper neutralization of argument delimiters. This flaw allows malformed input to be interpreted in unintended ways, potentially compromising the software's integrity. Affect...

Discovered 3 hours ago

PoC for CVE-2026-14607

RT-ThreadRt-thread6.8MEDIUM
Memory Corruption Vulnerability in RT-Thread by RT-Thread

A vulnerability has been identified in RT-Thread versions up to 5.0.2 that affects the function sys_getaddrinfo. This weakness allows an attacker with local access to manipulate the argument ai_addr, which can lead to memory corruption. Current exploits of this vulnerability are publicly availabl...

PoC for CVE-2026-14606

RT-ThreadRt-thread8.5HIGH
Buffer Overflow Vulnerability in SWM341 CAN Handler by RT-Thread

A vulnerability has been identified in the RT-Thread SWM341 CAN Handler up to version 5.0.2, specifically in the CAN_Receive function found in the CMSIS DeviceSupport library. This flaw allows for a stack-based buffer overflow, which can be exploited locally to manipulate the application's execut...

PoC for CVE-2026-14605

RT-ThreadRt-thread8.5HIGH
Stack-Based Buffer Overflow in RT-Thread RTOS Affecting ls1c CAN Ha...

A vulnerability has been discovered in the RT-Thread Real-Time Operating System (RTOS) related to the ls1c CAN Handler. Specifically, the issue lies within the 'recvmsg' function located in bsp/loongson/ls1cdev/libraries/ls1c_can.h. This vulnerability can lead to a stack-based buffer overflow, wh...

Discovered 4 hours ago

PoC for CVE-2026-14604

Open Asset Import...Assimp5.3MEDIUM
Double Free Vulnerability in Open Asset Import Library Assimp's PLY...

A vulnerability in the Open Asset Import Library Assimp affects the PLY Model Handler's ExportToBlob function. This issue allows for a double free, which can be exploited remotely. The vulnerability could lead to destabilization of applications utilizing the affected component. The Assimp project...

Discovered 7 hours ago

PoC for CVE-2026-49468

BerriaiLitellm9.5CRITICAL
Proxy Server Flaw in LiteLLM by BerriAI Affects Multiple Versions

A security vulnerability in LiteLLM, an AI Gateway proxy server designed to facilitate calls to LLM APIs, was identified in all versions prior to 1.84.0. This flaw potentially exposes users to various security risks. It is critical for users to update to version 1.84.0 or newer to mitigate these ...

Discovered 12 hours ago

PoC for CVE-2022-36021

RedisRedis🟣 EPSS 60%5.5MEDIUM
Redis string pattern matching can be abused to achieve Denial of Se...

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions ...

PoC for CVE-2022-36021

RedisRedis🟣 EPSS 60%5.5MEDIUM
Redis string pattern matching can be abused to achieve Denial of Se...

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions ...

Discovered 18 hours ago

PoC for CVE-2026-13768

GardynGardyn Home Firmware9.5CRITICAL
IoT Device Vulnerability in Gardyn Products

Gardyn devices are susceptible to a severe security flaw that exposes a privileged iothubowner key. This key grants malicious users the ability to manipulate the IoTHub Registry Manager, potentially revealing critical connection information for all connected Gardyn Home Kit and Studio devices. Fu...

PoC for CVE-2026-38751

DevCode-itOpenSTAManager7.2HIGH
Arbitrary File Upload Vulnerability in OpenSTAManager by DevCode-it

OpenSTAManager versions up to and including 2.10 contain a vulnerability that allows an attacker to upload arbitrary files via the module update functionality. This flaw exists in the 'upload_modules.php' script, which does not adequately validate file uploads, potentially enabling unauthorized a...

PoC for CVE-2025-57819

FreepbxEndpoint🟣 EPSS 93%10CRITICAL
Unauthenticated Access Vulnerability in FreePBX by Sangoma Technolo...

FreePBX, an open-source web-based GUI, suffers from a vulnerability that permits unauthenticated users to gain access to the FreePBX Administrator interface. This is primarily due to insufficient sanitization of user-provided data. The flaw can lead to unauthorized database manipulation and may a...

Discovered 1 day ago

PoC for CVE-2026-58460

Ajith-abReact-native-receive-s...7HIGH
Path Traversal Vulnerability in React Native Receive Sharing Intent...

The react-native-receive-sharing-intent library is susceptible to a path traversal vulnerability. This flaw permits a co-resident malicious application to exploit the system by manipulating the _display_name value to include dot-dot path components. Through this vulnerability, attackers can lever...

PoC for CVE-2026-58467

Cockpit-projectCockpit8.2HIGH
Path Traversal and Local File Inclusion in Cockpit CMS by Cockpit P...

Cockpit CMS prior to version 364 is susceptible to a path traversal and local file inclusion vulnerability, allowing unauthenticated attackers to access arbitrary files or execute PHP scripts by manipulating the REQUEST_URI. This flaw occurs due to improper validation of the PATH_INFO variable du...

PoC for CVE-2026-59102

ForgejoForgejo2.1LOW
Stored Cross-Site Scripting Vulnerability in Forgejo by Codeberg

Forgejo, a platform developed by Codeberg, is vulnerable to a stored cross-site scripting attack that can be exploited by authenticated users. Attackers can embed malicious JavaScript code into the display name field. When the DEFAULT_SHOW_FULL_NAME option is activated, this name gets rendered in...

PoC for CVE-2026-59100

LobehubLobehub2.3LOW
Broken Object Level Authorization in LobeChat Affects User Data Man...

LobeChat version 2.2.9 has a broken object level authorization vulnerability that allows authenticated users to manipulate other users' chat-group agent data. By using arbitrary group identifiers, attackers can perform unauthorized actions such as retrieving agent listings, altering agent roles a...

PoC for CVE-2026-59099

ApereoCas9.3CRITICAL
Cryptographic Vulnerability in Apereo CAS Version 7.3.0

Apereo CAS versions prior to 8.0.0-RC6 are susceptible to a cryptographic vulnerability that enables remote unauthenticated attackers to recover plaintext conversation state. This issue arises from AES-GCM initialization vector reuse, where the use of a constant all-zero IV in conjunction with a ...

PoC for CVE-2026-59098

LobehubLobehub7.1HIGH
Broken Access Control in LobeChat Affects User Data Privacy

LobeChat versions up to 2.2.9 are affected by a broken access control vulnerability in its retrieval-augmented-generation semantic search functionality. This flaw allows authenticated attackers to exploit missing user-identifier checks, granting them unauthorized access to other users' data. By m...

PoC for CVE-2026-59097

TaigaTaiga-back6.9MEDIUM
Missing Authorization Vulnerability in Taiga Project Management Tool

Taiga, a popular project management tool, has a security flaw that allows unauthorized remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints. This vulnerability affects users of version 6.10.1 and earlier, where attackers can bypass permission...

PoC for CVE-2026-59095

LobehubLobehub8.3HIGH
Server-Side Request Forgery in LobeChat by LobeHub

LobeChat versions prior to 2.2.10-canary.18 contain a server-side request forgery vulnerability. This issue allows authenticated attackers to manipulate internal HTTP requests by exploiting user-controlled inputs in services such as skill import and topic cover updates. Through these entry points...

PoC for CVE-2026-59094

PathwaycomPathway8.7HIGH
Denial of Service in Pathway Document Store Affecting Users of Pathway

The Pathway Document Store is susceptible to a denial of service attack due to its handling of caller-supplied glob patterns. From the unauthenticated HTTP endpoints, an attacker can submit malicious patterns that lead to high CPU consumption, as the application evaluates these patterns without s...

PoC for CVE-2026-58579

InfiniflowRagflow5.1MEDIUM
Stored Cross-Site Scripting in RAGFlow by Infiniflow

RAGFlow versions prior to 0.26.3 are exposed to a stored cross-site scripting vulnerability due to insufficient sanitization of agent pipeline node names. The normalize_dsl function validates JSON serialization but does not sanitize the node name itself. This leads to scenarios where an authentic...

PoC for CVE-2026-58578

LobehubLobehub7.1HIGH
Regular Expression Denial of Service in LobeChat by LobeHub

The vulnerability in LobeChat enables authenticated attackers to exploit regular expression denial of service (ReDoS) by injecting catastrophic-backtracking patterns into a GitHub repository URL path during skill import. This flaw allows attackers to obstruct the Node.js event loop, leading to si...

PoC for CVE-2026-33017

Langflow-aiLangflow🟣 EPSS 98%9.3CRITICAL
Authentication Bypass in Langflow Tool for AI-Powered Workflows

Langflow, a tool for constructing and deploying AI-driven agents and workflows, is susceptible to a vulnerability in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint in versions before 1.9.0. This vulnerability enables an attacker to build public flows without authentication, leveraging ...

PoC for CVE-2021-27877

VeritasBackup Exec🟣 EPSS 65%8.2HIGH
Remote Code Execution Vulnerability in Veritas Backup Exec

A vulnerability in Veritas Backup Exec allows attackers to exploit outdated SHA authentication support, which has not been disabled in versions prior to 21.2. By leveraging this weakness, an attacker can gain unauthorized access to an Agent, enabling them to execute privileged commands remotely. ...

PoC for CVE-2024-58352

Shenzhen Landray ...Landry Office Automati...8.7HIGH
Unauthenticated HQL Injection Vulnerability in Landray OA Software

Landray OA is affected by a serious unauthenticated HQL injection vulnerability, which enables attackers to manipulate the system's database queries by injecting harmful HQL syntax via the uid POST parameter of the wechatLoginHelper.do endpoint. This vulnerability stems from a failure to adequate...

PoC for CVE-2022-50973

Yonyou Network Te...Ksoa9.3CRITICAL
Unauthenticated File Upload Vulnerability in Yonyou KSOA 9.0

Yonyou KSOA 9.0 is vulnerable to an unauthenticated file upload issue in the com.sksoft.bill.ImageUpload servlet. This flaw allows attackers to upload arbitrary files simply by submitting a POST request with manipulated filepath and filename parameters, bypassing crucial authentication, file type...

PoC for CVE-2022-50973

Yonyou Network Te...Ksoa9.3CRITICAL
Unauthenticated File Upload Vulnerability in Yonyou KSOA 9.0

Yonyou KSOA 9.0 is vulnerable to an unauthenticated file upload issue in the com.sksoft.bill.ImageUpload servlet. This flaw allows attackers to upload arbitrary files simply by submitting a POST request with manipulated filepath and filename parameters, bypassing crucial authentication, file type...

PoC for CVE-2022-50973

Yonyou Network Te...Ksoa9.3CRITICAL
Unauthenticated File Upload Vulnerability in Yonyou KSOA 9.0

Yonyou KSOA 9.0 is vulnerable to an unauthenticated file upload issue in the com.sksoft.bill.ImageUpload servlet. This flaw allows attackers to upload arbitrary files simply by submitting a POST request with manipulated filepath and filename parameters, bypassing crucial authentication, file type...

PoC for CVE-2021-1931

QualcommSnapdragon Auto, Snapd...6.7MEDIUM
Buffer Overflow Vulnerability in Qualcomm Snapdragon Products

This security vulnerability is caused by improper validation of the buffer length when processing fast boot commands across various Qualcomm Snapdragon products. An attacker could exploit this flaw to execute arbitrary code or cause unintended behavior, potentially compromising the affected devices.

PoC for CVE-2024-14037

Guangzhou Red Sea...Red Sea Cloud Ehr9.3CRITICAL
Arbitrary File Upload Vulnerability in Redsea Cloud eHR

Redsea Cloud eHR is affected by an arbitrary file upload vulnerability that permits unauthenticated attackers to execute remote code. By exploiting the PtFjk.mob servlet endpoint, attackers can submit multipart POST requests containing malicious files disguised as image/jpeg, thereby circumventin...

PoC for CVE-2024-14037

Guangzhou Red Sea...Red Sea Cloud Ehr9.3CRITICAL
Arbitrary File Upload Vulnerability in Redsea Cloud eHR

Redsea Cloud eHR is affected by an arbitrary file upload vulnerability that permits unauthenticated attackers to execute remote code. By exploiting the PtFjk.mob servlet endpoint, attackers can submit multipart POST requests containing malicious files disguised as image/jpeg, thereby circumventin...

Discovered 2 days ago

PoC for CVE-2026-53753

UnclecodeCrawl4ai9.8CRITICAL
Open-source LLM Friendly Web Crawler Vulnerability in Crawl4AI

Crawl4AI, an open-source LLM-friendly web crawler, prior to version 0.8.7, contains a critical vulnerability in its computed fields feature. The _safe_eval_expression() function employs an AST validator that inadequately restricts attribute access, allowing attributes without an underscore prefix...

PoC for CVE-2025-69212

Devcode-itOpenstamanager9.4CRITICAL
OS Command Injection Vulnerability in OpenSTAManager by DevCode

OpenSTAManager, an open source management tool for technical assistance and invoicing, has a vulnerability in the P7M file decoding functionality. Versions 2.9.8 and earlier allow authenticated attackers to upload a ZIP file containing a maliciously crafted .p7m file. This could lead to the execu...

PoC for CVE-2026-11965

WordPressUser Registration & Me...6.5MEDIUM
User Registration & Membership Plugin Flaw in WordPress Enables Una...

The User Registration & Membership plugin for WordPress prior to version 5.2.0 allows unauthenticated individuals to activate paid membership subscriptions without completing payment. This flaw occurs due to the lack of enforcement on payment verification during the account registration process, ...

PoC for CVE-2026-11781

WordPressAdminify2.7LOW
User Privilege Escalation in Adminify WordPress Plugin

The Adminify WordPress plugin prior to version 4.2.10 fails to enforce appropriate read-capability checks for its administration search functionality. This oversight enables users with lower privileges, such as Contributors, to access and reveal sensitive information that should remain protected....

PoC for CVE-2026-10077

WordPressYootheme6.8MEDIUM
Stored Cross-Site Scripting in Yootheme WordPress Theme

The Yootheme WordPress theme prior to version 5.0.35 is vulnerable to stored Cross-Site Scripting (XSS) attacks. This occurs as the theme fails to adequately sanitize certain HTML attributes, allowing users with the Author role to inject malicious scripts. When a post containing such scripts is v...

PoC for CVE-2026-11578

WordPressFluent Forms2.7LOW
Improper Access Control in Fluent Forms Plugin by WordPress

The Fluent Forms WordPress plugin, prior to version 6.2.5, has a serious vulnerability related to improper access control. Specifically, it fails to restrict a Manager's ability to delete form submission entries associated with forms they are not authorized to manage. This could result in unautho...

PoC for CVE-2026-38751

DevCode-itOpenSTAManager7.2HIGH
Arbitrary File Upload Vulnerability in OpenSTAManager by DevCode-it

OpenSTAManager versions up to and including 2.10 contain a vulnerability that allows an attacker to upload arbitrary files via the module update functionality. This flaw exists in the 'upload_modules.php' script, which does not adequately validate file uploads, potentially enabling unauthorized a...

PoC for CVE-2025-69212

Devcode-itOpenstamanager9.4CRITICAL
OS Command Injection Vulnerability in OpenSTAManager by DevCode

OpenSTAManager, an open source management tool for technical assistance and invoicing, has a vulnerability in the P7M file decoding functionality. Versions 2.9.8 and earlier allow authenticated attackers to upload a ZIP file containing a maliciously crafted .p7m file. This could lead to the execu...

PoC for CVE-2026-6307

GoogleChrome8.8HIGH
Type Confusion Vulnerability in Google Chrome

A type confusion vulnerability exists within Turbofan in Google Chrome, affecting versions prior to 147.0.7727.101. This flaw allows a remote attacker to execute arbitrary code within a sandboxed environment by crafting a malicious HTML page. Exploiting this vulnerability can lead to unauthorized...

PoC for CVE-2026-6307

GoogleChrome8.8HIGH
Type Confusion Vulnerability in Google Chrome

A type confusion vulnerability exists within Turbofan in Google Chrome, affecting versions prior to 147.0.7727.101. This flaw allows a remote attacker to execute arbitrary code within a sandboxed environment by crafting a malicious HTML page. Exploiting this vulnerability can lead to unauthorized...

PoC for CVE-2026-23111

LinuxLinux7.8HIGH
Local Privilege Escalation Vulnerability in Linux Kernel Utilizing ...

A vulnerability exists in the Linux kernel's netfilter module that affects the nft_map_catchall_activate() function. This function encounters an inverted element activity check, leading to a failure in appropriately handling catchall map elements during a failed transaction. The bug arises when t...

PoC for CVE-2026-43735

AppleSafari8.1HIGH
Cross-Origin Data Exfiltration Vulnerability in Safari and iOS Prod...

A vulnerability has been identified in Safari and related Apple products that allows malicious websites to potentially exfiltrate sensitive data across different origins. The issue has been remediated with enhanced verification protocols in the latest versions, ensuring that requests made to exte...

PoC for CVE-2026-58593

NodebbNodebb8.7HIGH
ActivityPub Author Spoofing in NodeBB by a Remote Actor

NodeBB's implementation of ActivityPub allows for an author spoofing vulnerability, where a remote actor can impersonate local users by manipulating the 'attributedTo' field in inbound ActivityPub objects. This is due to inadequate validation processes that fail to ensure that the 'attributedTo' ...

PoC for CVE-2026-58592

LadybirdbrowserLadybird8.9HIGH
Dangling Reference Memory-Safety Flaw in Ladybird WebAssembly Modul...

The Ladybird browser contains a memory-safety vulnerability characterized by a dangling reference in its WebAssembly ESM integration module loader. When JavaScript functions are imported into WebAssembly modules, improper handling results in a callback retaining a reference to a destroyed Functio...

PoC for CVE-2026-58457

Shenzhen Aitemi E...M300 Wi-fi Repeater9.3CRITICAL
Unauthenticated OS Command Injection in Shenzhen Aitemi M300 Wi-Fi ...

The Shenzhen Aitemi M300 Wi-Fi Repeater, specifically the hardware model MT02, is susceptible to an unauthenticated OS command injection vulnerability. This flaw allows network-adjacent attackers to execute arbitrary shell commands by exploiting unsanitized input through the smacfilter_conf handl...

PoC for CVE-2026-58451

HordeImp7.1HIGH
Path Traversal Flaw in Horde IMP Affects Configuration Files

The path traversal vulnerability in Horde IMP allows authenticated attackers to exploit improper validation in lib/Compose.php, enabling them to read arbitrary files from the server's filesystem. This occurs by embedding traversal sequences after an expected CKEditor path prefix in img src URLs. ...

PoC for CVE-2026-42945

F5Nginx Plus🟣 EPSS 61%9.2CRITICAL
Heap Buffer Overflow in NGINX Plus and NGINX Open Source Affecting ...

A vulnerability exists in the ngx_http_rewrite_module of NGINX Plus and NGINX Open Source, triggered when a rewrite directive is followed by an if or set directive that includes a Perl-Compatible Regular Expression (PCRE) capture and a replacement string with a question mark. Attackers can exploi...

PoC for CVE-2026-34114

GuardianLanguage-system9.3CRITICAL
OS Command Injection in Guardian Language-System by Vendor

The Guardian Language-System is vulnerable to an OS command injection through the 'id' parameter in the translate_text.php script. The application directly processes user input without proper sanitization, allowing an unauthenticated attacker to append malicious shell commands. This can lead to a...

PoC for CVE-2026-58454

JaiotlinkC492a-w6 Wi-fi Ip Camera7.7HIGH
Remote Code Execution Vulnerability in JAIOTlink Wi-Fi IP Cameras

The JAIOTlink C492A-W6 Wi-Fi IP cameras with firmware version 4.8.30.57701411 are vulnerable to a remote code execution flaw. Authenticated attackers can exploit this vulnerability by saving arbitrary shell scripts in the writable persistent JFFS2 storage. By utilizing the authenticated HTTP endp...