Publicly Disclosed
PoC Exploits
🔴 Alway take caution when working with PoC Exploits 🔴
Discovered 1 hour ago
PoC for CVE-2026-53360
A vulnerability exists in the Linux kernel related to KVM SEV-SNP that allows guest-controlled memory accesses to result in out-of-bounds reads and writes, leading to potential heap corruption and information disclosure. Specifically, the error arises when the guest sets parameters that exceed ex...
Discovered 2 hours ago
PoC for CVE-2026-14654
A vulnerability exists in the Simple and Nice Shopping Cart Script version 1.0, found in the file /admin/girlsproductdeletequery.php. This vulnerability allows for SQL injection through manipulation of the user_id parameter. If exploited, this could lead to unauthorized access to the database. Th...
PoC for CVE-2026-14653
A vulnerability exists in the SourceCodester Simple and Nice Shopping Cart Script 1.0, specifically within the /admin/mensproductdeletequery.php file. This vulnerability allows manipulation of the 'user_id' argument, leading to SQL injection. The nature of this vulnerability permits remote exploi...
PoC for CVE-2026-14652
The SourceCodester Simple and Nice Shopping Cart Script 1.0 has a vulnerability located in the Admin Login component, specifically within the /admin/login.php file. This flaw allows an attacker to manipulate the Username argument, which can lead to SQL injection attacks. The issue can be exploite...
PoC for CVE-2026-33017
Langflow, a tool for constructing and deploying AI-driven agents and workflows, is susceptible to a vulnerability in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint in versions before 1.9.0. This vulnerability enables an attacker to build public flows without authentication, leveraging ...
Discovered 3 hours ago
PoC for CVE-2026-14651
A denial of service vulnerability has been identified in the Connorskees Grass compiler up to version 0.13.4. This issue arises from the affected function in the compiler that can lead to resource exhaustion due to its non-linear runtime behavior, significantly impacting performance. Attackers ca...
PoC for CVE-2026-14650
A vulnerability exists in connorskees Grass versions up to 0.13.4 within the UTF-8 Character Handler's function grass_compiler::raw_to_parse_error. This flaw allows for manipulation that can lead to a Denial of Service (DoS) condition. While the attack is limited to local execution, it is notewor...
Discovered 4 hours ago
PoC for CVE-2026-14648
A security vulnerability has been identified in the code-projects Online Voting System up to version 0.x/1.0. The issue resides in the Login component, specifically within the function test_input of the file /authentication.php. Manipulating the parameters adminUserName or adminPassword allows an...
PoC for CVE-2026-14647
A vulnerability has been detected in onnxruntime, specifically in the convPoolShapeInference_opset19 function within the file onnx/defs/nn/old.cc. This weakness allows for remote exploitation, resulting in out-of-bounds reads that could lead to unauthorized access or manipulation of data. With a ...
PoC for CVE-2026-14642
A critical SQL injection vulnerability has been discovered in the SourceCodester Class and Exam Timetabling System version 1.0, specifically affecting the /edit_class2.php file. This vulnerability allows attackers to manipulate the ID argument, leading to unauthorized database queries. The exploi...
PoC for CVE-2026-14641
The SourceCodester Class and Exam Timetabling System version 1.0 contains a vulnerability in the edit_course.php file that allows for SQL injection via manipulation of the ID argument. This can be exploited remotely, enabling attackers to execute unauthorized SQL queries on the database. The vuln...
Discovered 5 hours ago
PoC for CVE-2026-14640
A SQL injection vulnerability exists in the Login component of the CodeAstro Apartment Visitor Management System version 1.0. This issue arises due to improper sanitization of the 'Username' parameter in the /index.php file. Attackers can exploit this vulnerability to execute remote SQL queries, ...
PoC for CVE-2026-14639
A SQL injection vulnerability exists within the CodeAstro Ecommerce Website 1.0, specifically in the my_account.php file when manipulating the 'c_name' argument. This flaw allows attackers to execute arbitrary SQL queries against the database, potentially leading to unauthorized data access and m...
PoC for CVE-2026-14638
A vulnerability exists in version 1.0 of the itsourcecode Hospital Management System, specifically within the /patient.php file. An attacker can manipulate the 'editid' parameter, leading to SQL injection, which may enable unauthorized access to the database. This flaw can be exploited remotely, ...
PoC for CVE-2026-14637
A deserialization vulnerability has been identified in the Ecommerce-CodeIgniter-Bootstrap framework, specifically affecting the getCartItems function in the ShoppingCart.php library. This issue allows for remote manipulation of the shopping_cart argument, potentially enabling attackers to execut...
Discovered 6 hours ago
PoC for CVE-2026-14635
A security flaw in the Ecommerce-CodeIgniter-Bootstrap product, specifically within the AddProduct.php file of the Vendor Multi-Image Endpoint, allows for unauthorized access through path traversal. By manipulating the argument related to the folder, attackers can exploit this vulnerability remot...
Discovered 7 hours ago
PoC for CVE-2026-14634
A Cross Site Scripting vulnerability has been identified in the Ecommerce-CodeIgniter-Bootstrap, specifically affecting the Subscribed Emails Admin Page. The issue arises from improper handling of the User-Agent argument in the checkForPostRequests function located in application/core/MY_Controll...
PoC for CVE-2026-34197
Apache ActiveMQ Broker is prone to a code injection vulnerability due to improper input validation in the Jolokia JMX-HTTP bridge. By default, this bridge exposes a web console that allows the execution of operations on all ActiveMQ MBeans. An authenticated attacker can exploit this vulnerability...
PoC for CVE-2026-14633
A cross site scripting vulnerability exists in the Ecommerce-CodeIgniter-Bootstrap due to improper validation of user-supplied input in the Hidden REST API Endpoint. The flaw can be exploited remotely, leading to potential unauthorized script execution in users' browsers. A patch has been issued ...
Discovered 8 hours ago
PoC for CVE-2026-14632
A flaw exists in the `setReferrer` function of the `MY_Controller.php` file within the Trusted Backend Interface of Ecommerce-CodeIgniter-Bootstrap. This vulnerability allows an attacker to manipulate the `href` argument, leading to an open redirect issue. Such an exploit can be executed remotely...
Discovered 9 hours ago
PoC for CVE-2026-14630
A vulnerability in the ForceInjection AI-fundermentals product, specifically affecting the get_conversation_history function of the Memory Recall Handler component, allows for weak hash usage. This flaw may enable remote exploitation, although executing the attack is complex and challenging. Rece...
Discovered 10 hours ago
PoC for CVE-2026-14629
A vulnerability exists in the RT-Thread operating system up to version 5.2.2, specifically within the Parameter Handler component. The flaw, located in the read/write/sys_ioctl functions of lwp_syscall.c, may allow an attacker to manipulate the execution path, potentially leading to a divide by z...
PoC for CVE-2026-14628
A vulnerability exists in the NousResearch hermes-agent's Live Webhook Endpoint that allows attackers to perform path traversal through the extract_media function in the gateway/platforms/base.py file. This vulnerability enables unauthorized access to files and directories outside the intended di...
PoC for CVE-2026-14627
A serious security flaw exists in the NousResearch Hermes Agent, specifically affecting the Discord Platform Integration feature. This vulnerability is found in the DiscordAdapter._is_allowed_user function located in the gateway/platforms/discord.py file, allowing for improper authentication. Att...
Discovered 11 hours ago
PoC for CVE-2026-12196
The HestiaCP panel features a broken access control vulnerability within its cronjob functionality. This issue allows low privilege users to modify cronjobs, enabling them to execute HestiaCP management scripts without proper authentication. As a result, attackers can potentially gain unauthorize...
PoC for CVE-2026-14626
A vulnerability exists in the NousResearch hermes-agent, specifically within the AIAgent.run_conversation function of the run_agent.py file in the HTTP API component. This flaw can be exploited by manipulating the 'todos' argument, leading to a denial of service condition. The attack can be initi...
PoC for CVE-2026-48907
A flaw in the JCE editor extension for Joomla permits unauthorized users to create new editor profiles. This malicious capability exposes the site to risks, including the ability to upload PHP code and execute it, potentially leading to a full compromise of the website security. Site administrato...
PoC for CVE-2026-12195
myVesta contains a vulnerability that allows low-privileged users to execute arbitrary commands by manipulating the v_ftp_user parameter when attempting to delete FTP usernames. This flaw can potentially lead to unauthorized execution of commands with administrator privileges, posing significant ...
PoC for CVE-2026-14625
A security flaw has been identified in the NousResearch hermes-agent, specifically affecting versions up to 0.15.2. The vulnerability lies in the shell.exec function found in the tui_gateway/server.py file, leading to a failure in protective mechanisms. This flaw allows attackers to execute comma...
Discovered 13 hours ago
PoC for CVE-2026-14624
A security vulnerability has been discovered in the omec-project AMF, specifically within the NGSetupRequest Handler component. This flaw allows an attacker to remotely trigger a denial of service attack, affecting the stability and availability of the affected service. The vulnerability exists i...
PoC for CVE-2026-14623
A vulnerability exists in the omec-project's amf component, specifically within the RRCInactiveTransitionReport function of the NGAP Message Handler. This flaw allows an attacker to remotely manipulate the function to trigger a denial of service condition. The potential for exploitation has been ...
Discovered 14 hours ago
PoC for CVE-2026-14622
A missing authentication vulnerability has been identified in the jairiidriss Restaurant Website PHP MySQL, specifically within the AJAX Endpoint component. An attacker could exploit this flaw to bypass authentication mechanisms, allowing unauthorized remote access to critical functionality withi...
Discovered 15 hours ago
PoC for CVE-2026-14621
A vulnerability exists in the OSX Broker of FederatedAI FATE versions up to 2.2.0, specifically in the function QueuePushReqStreamObserver.initEggroll. This issue arises from improper handling of the rollSiteSessionId, dstRole, and dstPartyId arguments, which could allow an attacker to compromise...
Discovered 16 hours ago
PoC for CVE-2026-12194
PHPIPAM is subjected to an authenticated local file inclusion vulnerability that enables users with API access to execute or include arbitrary PHP files from the web server's file system. Although the API feature is not enabled by default, if activated, the flaw could potentially allow attackers ...
PoC for CVE-2026-14619
A vulnerability has been identified in the itsourcecode Hospital Management System version 1.0 that allows for SQL injection through crafted input passed to the 'editid' parameter in the /medicine.php file. This flaw may enable remote attackers to manipulate database queries, leading to unauthori...
Discovered 17 hours ago
PoC for CVE-2026-14618
A vulnerability has been identified in Open5GS's AMF component that could lead to a denial of service condition. Specifically, the issue resides in the `amf_nnrf_handle_nf_discover` function within the source file `src/amf/nnrf-handler.c`. This vulnerability can be exploited remotely, allowing an...
PoC for CVE-2017-12615
A security vulnerability exists in Apache Tomcat versions 7.0.0 through 7.0.79 on Windows when HTTP PUT requests are enabled. This flaw allows an attacker to upload a malicious JSP file to the server through crafted requests. If successfully executed, the uploaded JSP file can be accessed and run...
Discovered 18 hours ago
PoC for CVE-2024-1561
A significant vulnerability exists within the Gradio product where the `/component_server` endpoint inadequately manages method invocations on the `Component` class while allowing input directed by attackers. By leveraging the `move_resource_to_block_cache()` method from the `Block` class, an att...
Discovered 20 hours ago
PoC for CVE-2026-14459
The TUBITAK BILGEM Software Technologies Research Institute's pardus-software is vulnerable to argument injection due to improper neutralization of argument delimiters. This flaw allows malformed input to be interpreted in unintended ways, potentially compromising the software's integrity. Affect...
Discovered 1 day ago
PoC for CVE-2026-14617
A security flaw has been identified in the NousResearch hermes-agent, specifically in the Streaming Reasoning Tag Filter functionality. The vulnerability occurs within the GatewayStreamConsumer._filter_and_accumulate method in the file gateway/stream_consumer.py. The issue relates to improper han...
PoC for CVE-2026-14610
A vulnerability exists in the Open Asset Import Library Assimp within the CSM File Handler, specifically in the function Assimp::CSMImporter::InternReadFile. This flaw results in a heap-based buffer overflow, which can be exploited through local execution of crafted inputs. An exploit for this vu...
PoC for CVE-2026-14607
A vulnerability has been identified in RT-Thread versions up to 5.0.2 that affects the function sys_getaddrinfo. This weakness allows an attacker with local access to manipulate the argument ai_addr, which can lead to memory corruption. Current exploits of this vulnerability are publicly availabl...
PoC for CVE-2026-14606
A vulnerability has been identified in the RT-Thread SWM341 CAN Handler up to version 5.0.2, specifically in the CAN_Receive function found in the CMSIS DeviceSupport library. This flaw allows for a stack-based buffer overflow, which can be exploited locally to manipulate the application's execut...
PoC for CVE-2026-14605
A vulnerability has been discovered in the RT-Thread Real-Time Operating System (RTOS) related to the ls1c CAN Handler. Specifically, the issue lies within the 'recvmsg' function located in bsp/loongson/ls1cdev/libraries/ls1c_can.h. This vulnerability can lead to a stack-based buffer overflow, wh...
PoC for CVE-2026-14604
A vulnerability in the Open Asset Import Library Assimp affects the PLY Model Handler's ExportToBlob function. This issue allows for a double free, which can be exploited remotely. The vulnerability could lead to destabilization of applications utilizing the affected component. The Assimp project...
PoC for CVE-2026-49468
A security vulnerability in LiteLLM, an AI Gateway proxy server designed to facilitate calls to LLM APIs, was identified in all versions prior to 1.84.0. This flaw potentially exposes users to various security risks. It is critical for users to update to version 1.84.0 or newer to mitigate these ...
PoC for CVE-2026-34835
The Rack web server interface is susceptible to host header poisoning due to improper parsing of the Host header in specific versions. It allows the inclusion of illegal characters that violate RFC-compliances, such as /, ?, #, and @. This vulnerability exposes applications relying on the parsed ...
Discovered 2 days ago
PoC for CVE-2022-36021
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions ...
PoC for CVE-2022-36021
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions ...
PoC for CVE-2026-56290
The Joomla extension Page Builder CK contains a vulnerability that allows unauthenticated attackers to upload arbitrary files. This weakness can be exploited to upload executable files, resulting in remote code execution on the server. The implications of this vulnerability are severe, as it may ...