Publicly Disclosed
PoC Exploits

🔴 Alway take caution when working with PoC Exploits 🔴

Discovered 26 minutes ago

PoC for CVE-2025-29927

VercelNext.js🟣 EPSS 85%9.1CRITICAL
Authorization Bypass in Next.js Framework by Vercel

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

Discovered 1 hour ago

PoC for CVE-2024-53900

AutomatticMongoose
Search Injection Vulnerability in Mongoose by Automattic

The Mongoose software prior to version 8.8.3 contains a vulnerability that allows for improper handling of the $where clause in queries. This can lead to search injection attacks, enabling an attacker to manipulate query results and potentially retrieve unwanted or sensitive information. Users of...

Discovered 5 hours ago

PoC for CVE-2025-3184

ProjectworldsOnline Doctor Appointm...6.9MEDIUM
SQL Injection Vulnerability in Projectworlds Online Doctor Appointm...

A significant vulnerability exists within the Projectworlds Online Doctor Appointment Booking System 1.0, specifically affecting the processing of the '/patient/profile.php?patientId=1' file. This issue arises from the manipulation of the 'patientFirstName' parameter, which can lead to SQL inject...

PoC for CVE-2025-3183

ProjectworldsOnline Doctor Appointm...6.9MEDIUM
SQL Injection Vulnerability in Projectworlds Online Doctor Appointm...

A vulnerability exists in the Projectworlds Online Doctor Appointment Booking System 1.0, specifically in the /patient/patientupdateprofile.php file. The issue arises from improper handling of the patientFirstName parameter, allowing attackers to execute SQL injection attacks remotely. This flaw ...

Discovered 6 hours ago

PoC for CVE-2025-3182

ProjectworldsOnline Doctor Appointm...6.9MEDIUM
SQL Injection Vulnerability in Projectworlds Online Doctor Appointm...

A significant SQL injection vulnerability has been identified in the Projectworlds Online Doctor Appointment Booking System 1.0, specifically affecting the /patient/getschedule.php file. This vulnerability allows attackers to manipulate the 'q' argument, enabling unauthorized access to the databa...

PoC for CVE-2025-3181

ProjectworldsOnline Doctor Appointm...6.9MEDIUM
SQL Injection Vulnerability in Projectworlds Online Doctor Appointm...

A vulnerability has been identified in the Projectworlds Online Doctor Appointment Booking System version 1.0, specifically within the file /patient/appointment.php. The issue arises from improper handling of the scheduleDate parameter, allowing attackers to manipulate SQL queries through a craft...

PoC for CVE-2025-3180

ProjectworldsOnline Doctor Appointm...6.9MEDIUM
SQL Injection Vulnerability in Projectworlds Online Doctor Appointm...

A vulnerability has been identified in the Projectworlds Online Doctor Appointment Booking System 1.0, specifically within the /doctor/deleteschedule.php file. This vulnerability allows attackers to perform SQL injection by manipulating the argument ID, potentially leading to unauthorized data ac...

PoC for CVE-2025-3179

ProjectworldsOnline Doctor Appointm...6.9MEDIUM
SQL Injection Vulnerability in Projectworlds Online Doctor Appointm...

A vulnerability exists in the Projectworlds Online Doctor Appointment Booking System due to improper handling of input in the /doctor/deletepatient.php file. An attacker can exploit this flaw by manipulating the 'ic' parameter, leading to unauthorized SQL queries being executed on the database ba...

Discovered 7 hours ago

PoC for CVE-2025-30208

ViteVite🟣 EPSS 38%
Vite Frontend Development Tool Susceptible to File Access Vulnerabi...

A vulnerability in Vite's frontend development tooling allows attackers to bypass file access restrictions. Specifically, versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 expose the risk where app URLs can be manipulated with trailing query parameters such as '?raw?' or '?import&raw?' t...

PoC for CVE-2025-3178

ProjectworldsOnline Doctor Appointm...6.9MEDIUM
SQL Injection Vulnerability in Projectworlds Online Doctor Appointm...

A SQL injection vulnerability has been discovered in the Online Doctor Appointment Booking System 1.0 by Projectworlds. This flaw exists due to inadequate validation of the 'ID' parameter within the /doctor/deleteappointment.php file, allowing remote attackers to manipulate database queries. If e...

PoC for CVE-2025-3177

FastCMSFastcms2.3LOW
JWT Handler Vulnerability in FastCMS Affects Security Standards

A vulnerability has been identified in FastCMS version 0.1.5 concerning its JWT Handler, which erroneously implements a hard-coded cryptographic key. This flaw can compromise the integrity of authentication processes, potentially enabling attackers to perform unauthorized actions. As the vulnerab...

Discovered 8 hours ago

PoC for CVE-2025-3176

Project WorldsOnline Lawyer Manageme...6.9MEDIUM
SQL Injection Vulnerability in Project Worlds Online Lawyer Managem...

A vulnerability in Project Worlds Online Lawyer Management System version 1.0 exposes critical risks due to improper handling of user-input parameters in the /single_lawyer.php file. This flaw allows attackers to manipulate the 'u_id' argument, leading to potential SQL injection attacks. As a res...

PoC for CVE-2025-3175

Project WorldsOnline Lawyer Manageme...6.9MEDIUM
SQL Injection Vulnerability in Project Worlds Online Lawyer Managem...

A security flaw has been identified in the Project Worlds Online Lawyer Management System 1.0 that allows for SQL injection through the manipulation of the 'first_Name' argument in the /save_user_edit_profile.php file. This vulnerability can be exploited remotely, enabling an attacker to access a...

PoC for CVE-2025-3174

Project WorldsOnline Lawyer Manageme...6.9MEDIUM
SQL Injection Vulnerability in Project Worlds Online Lawyer Managem...

A security vulnerability exists in the Project Worlds Online Lawyer Management System version 1.0 that allows for SQL injection through manipulation of the 'experience' argument in the /searchLawyer.php file. This flaw can be exploited remotely by attackers, potentially leading to unauthorized ac...

Discovered 9 hours ago

PoC for CVE-2025-3173

Project WorldsOnline Lawyer Manageme...6.9MEDIUM
SQL Injection Vulnerability in Project Worlds Online Lawyer Managem...

A vulnerability was identified in Project Worlds Online Lawyer Management System version 1.0, specifically in the /save_booking.php file. This issue allows for remote SQL injection through manipulation of the lawyer_id parameter. Attackers can exploit this vulnerability to execute arbitrary SQL c...

PoC for CVE-2025-3172

Project WorldsOnline Lawyer Manageme...6.9MEDIUM
SQL Injection Vulnerability in Project Worlds Online Lawyer Managem...

A vulnerability has been identified in the Project Worlds Online Lawyer Management System, specifically within the /lawyer_booking.php file. This issue arises from improper handling of the unblock_id argument, which could allow an attacker to execute SQL injection attacks. The potential exploit c...

PoC for CVE-2025-3171

Project WorldsOnline Lawyer Manageme...6.9MEDIUM
SQL Injection Vulnerability in Project Worlds Online Lawyer Managem...

A SQL injection vulnerability exists in the Project Worlds Online Lawyer Management System 1.0. The vulnerability is due to improper validation of the 'unblock_id' argument in the file /approve_lawyer.php. Attackers can exploit this vulnerability remotely to manipulate queries and gain unauthoriz...

Discovered 10 hours ago

PoC for CVE-2025-3170

Project WorldsOnline Lawyer Manageme...6.9MEDIUM
SQL Injection Vulnerability in Project Worlds Online Lawyer Managem...

A SQL injection vulnerability has been identified in the Project Worlds Online Lawyer Management System version 1.0, specifically within the /admin_user.php file. This flaw allows an attacker to manipulate the arguments block_id and unblock_id, which can lead to unauthorized access and potential ...

PoC for CVE-2025-3169

ProjeqtorProjeqtor2.3LOW
Unrestricted File Upload Vulnerability in Projeqtor by Projeqtor Team

A vulnerability exists in Projeqtor versions up to 12.0.2 due to improper handling of the argument 'attachmentFiles' in the saveAttachment.php file, allowing unauthorized users to upload files without restriction. While the attack can be initiated remotely, the complexity of exploitation is relat...

PoC for CVE-2025-3168

PHPgurukulTime Table Generator S...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Time Table Generator System

A SQL injection vulnerability exists in the PHPGurukul Time Table Generator System 1.0, specifically within the /admin/edit-class.php file. This vulnerability allows an attacker to manipulate the argument 'editid', potentially enabling unauthorized access to the database and extraction of sensiti...

Discovered 11 hours ago

PoC for CVE-2025-3167

TendaAc237.1HIGH
Denial of Service Vulnerability in Tenda AC23 Router

A denial of service vulnerability has been detected in the Tenda AC23 Router, specifically affecting the API Interface component located at /goform/VerAPIMant. The flaw arises from improper processing of the getuid argument, allowing an attacker to trigger a denial of service condition. This issu...

PoC for CVE-2025-3166

Code-projectsProduct Management System4.8MEDIUM
Stack-based Buffer Overflow in code-projects Product Management System

A stack-based buffer overflow vulnerability was identified in the search_item function of the Product Management System. Manipulation of the target argument can result in a buffer overflow, potentially allowing unauthorized access. The vulnerability requires local access for exploitation and has ...

PoC for CVE-2025-22223

SpringSpring Security5.3MEDIUM
Authorization Bypass Vulnerability in Spring Security by Pivotal So...

The vulnerability in Spring Security versions 6.4.0 through 6.4.3 may allow unauthorized access due to improper handling of method security annotations on parameterized types or methods. If @EnableMethodSecurity is active and method security annotations are misconfigured, attackers may exploit th...

Discovered 12 hours ago

PoC for CVE-2025-3164

Tencent Music Ent...Supersonic5.1MEDIUM
Code Injection Vulnerability in Tencent Music Entertainment's Super...

A security vulnerability exists within Tencent Music Entertainment's SuperSonic application, specifically in the H2 Database Connection Handler. This flaw is associated with the '/api/semantic/database/testConnect' component, enabling remote attackers to execute arbitrary code by sending crafted ...

PoC for CVE-2025-3163

InternlmLmdeploy4.8MEDIUM
Code Injection Vulnerability in InternLM LMDeploy Product

A vulnerability exists within InternLM LMDeploy versions up to 0.7.1, specifically in the Open function of lmdeploy/docs/en/conf.py. This flaw allows for code injection, enabling attackers to manipulate the affected system by launching local attacks. The vulnerability has been publicly disclosed ...

PoC for CVE-2025-3162

InternlmLmdeploy4.8MEDIUM
Deserialization Vulnerability in InternLM LMDeploy PT File Handler

A vulnerability exists in the InternLM LMDeploy application affecting versions up to 0.7.1, specifically in the load_weight_ckpt function within the PT File Handler. This flaw can potentially allow for malicious deserialization, making it possible to manipulate how data is processed within the ap...

Discovered 13 hours ago

PoC for CVE-2025-3161

TendaAc108.7HIGH
Buffer Overflow Vulnerability in Tenda AC10 Router by Shenzhen Tend...

A stack-based buffer overflow vulnerability exists in the Tenda AC10 router, specifically in the ShutdownSetAdd function found in the /goform/ShutdownSetAdd file. By manipulating the argument list, attackers are able to exploit this weakness remotely, potentially leading to unauthorized access an...

PoC for CVE-2025-3160

Open Asset Import...Assimp4.8MEDIUM
Out-of-Bounds Read Vulnerability in Open Asset Import Library Assim...

A vulnerability has been identified in the Open Asset Import Library (Assimp) version 5.4.3, specifically within the Assimp::SceneCombiner::AddNodeHashes function located in the SceneCombiner.cpp file of the File Handler component. This issue allows for out-of-bounds read operations, potentially ...

PoC for CVE-2025-3159

Open Asset Import...Assimp4.8MEDIUM
Heap-based Buffer Overflow in Open Asset Import Library Assimp

A heap-based buffer overflow has been identified in the Open Asset Import Library Assimp version 5.4.3. This vulnerability stems from the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices, located in the ASEParser.cpp file. It exposes the software to potential attacks when exploited locally...

Discovered 14 hours ago

PoC for CVE-2025-3158

Open Asset Import...Assimp4.8MEDIUM
Heap-Based Buffer Overflow in Open Asset Import Library Assimp Affe...

A vulnerability has been identified in the Open Asset Import Library Assimp, specifically within the LWO File Handler component. The flaw resides in the Assimp::LWO::AnimResolver::UpdateAnimRangeSetup function, where improper handling of input can lead to a heap-based buffer overflow. This vulner...

Discovered 18 hours ago

PoC for CVE-2025-31864

Out The BoxBeam Me Up Scotty – Ba...5.9MEDIUM
Cross-site Scripting Vulnerability in Beam me up Scotty - Back to T...

The Beam me up Scotty - Back to Top Button, developed by Out the Box, contains a vulnerability that allows for Stored Cross-site Scripting (XSS). This occurs due to improper neutralization of input during web page generation, potentially enabling attackers to inject malicious scripts into web pag...

PoC for CVE-2025-30921

Tribulant SoftwareNewsletters7.6HIGH
SQL Injection Vulnerability in Tribulant Software Newsletters

An SQL Injection vulnerability exists in the Tribulant Software Newsletters plugin. This flaw allows attackers to manipulate SQL queries by improperly neutralizing special elements within the input fields. As a result, unauthorized access to sensitive data or database manipulation could occur. Th...

Discovered 19 hours ago

PoC for CVE-2025-3152

CaipeichaoThinkox5.1MEDIUM
Cross Site Scripting Vulnerability in ThinkOX by caipeichao

A cross site scripting vulnerability exists in the Search component of caipeichao ThinkOX 1.0. The issue is triggered by manipulation of the 'keywords' parameter in the /ThinkOX-master/index.php?s=/Weibo/Index/search.html file. This enables attackers to execute malicious scripts remotely, posing ...

PoC for CVE-2025-3151

SourcecodesterGym Management System6.9MEDIUM
SQL Injection in SourceCodester Gym Management System

A security flaw has been identified in the SourceCodester Gym Management System version 1.0, particularly within the functionality of the /signup.php file. This vulnerability allows attackers to manipulate the user_name parameter, enabling the execution of SQL injection attacks. Such exploitation...

Discovered 20 hours ago

PoC for CVE-2025-3150

ItningStudent Homework Manag...5.3MEDIUM
Cross-Site Request Forgery in itning Student Homework Management Sy...

A vulnerability in the itning Student Homework Management System allows attackers to exploit an unknown functionality through cross-site request forgery (CSRF). This manipulation can be executed remotely and affects multiple endpoints, potentially exposing sensitive user data and compromising sys...

PoC for CVE-2025-3149

ItningStudent Homework Manag...4.8MEDIUM
Cross Site Scripting Vulnerability in Itning Student Homework Manag...

A cross site scripting vulnerability has been identified in the Itning Student Homework Management System, specifically affecting versions up to 1.2.7. This vulnerability arises from the mishandling of the Course argument in the Edit Job Page component located in the /shw_war/fileupload file. Att...

PoC for CVE-2025-3148

CodeprojectsProduct Management System4.8MEDIUM
Buffer Overflow Vulnerability in Codeprojects Product Management Sy...

A buffer overflow vulnerability exists in the Codeprojects Product Management System 1.0, specifically related to the Login component. This flaw allows an attacker to manipulate the Str1 argument, potentially leading to unauthorized memory access. It is crucial to note that exploiting this vulner...

PoC for CVE-2025-3147

PHPgurukulBoat Booking System6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Boat Booking System

A security flaw has been identified in the PHPGurukul Boat Booking System version 1.0, specifically within the /add-subadmin.php file. This vulnerability allows an attacker to manipulate the 'sadminusername' argument, leading to a SQL injection attack. The threat can be exploited remotely, thereb...

Discovered 21 hours ago

PoC for CVE-2025-3146

PHPgurukulBus Pass Management Sy...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Bus Pass Management System

The PHPGurukul Bus Pass Management System 1.0 contains a vulnerability in the file /view-pass-detail.php. The flaw arises from improper handling of the 'viewid' parameter, allowing an attacker to manipulate SQL queries executed by the application. This vulnerability enables remote attackers to co...

PoC for CVE-2025-3145

HuaweiMindspore4.8MEDIUM
Memory Corruption Vulnerability in MindSpore by Huawei

A memory corruption vulnerability exists in MindSpore 2.5.0, specifically in the function mindspore.numpy.fft.rfft2. This issue requires local exploitation and can potentially allow an attacker to manipulate memory, leading to unauthorized access or disruption of service. The vulnerability has be...

PoC for CVE-2025-3143

SourcecodesterApartment Visitor Mana...5.3MEDIUM
SQL Injection Vulnerability in SourceCodester Apartment Visitor Man...

A SQL injection vulnerability exists in the SourceCodester Apartment Visitor Management System version 1.0, specifically in the /visitor-entry.php file. The manipulation of the 'visname' and 'address' parameters can allow an attacker to execute arbitrary SQL queries against the database remotely....

PoC for CVE-2025-2055

WordPressMappress Maps For Word...6.8MEDIUM
Cross-Site Scripting Vulnerability in MapPress Maps for WordPress P...

The MapPress Maps for WordPress plugin version prior to 2.94.9 contains a security flaw that fails to properly sanitize and escape certain parameters when displaying them on web pages. This oversight allows users with minimal permissions, such as those with a contributor role, to execute Cross-Si...

Discovered 22 hours ago

PoC for CVE-2025-3142

SourcecodesterApartment Visitor Mana...5.3MEDIUM
SQL Injection in SourceCodester Apartment Visitor Management System

An SQL injection vulnerability exists in the SourceCodester Apartment Visitor Management System, specifically within the /add-apartment.php file. This flaw allows attackers to manipulate the 'buildingno' parameter, potentially leading to unauthorized access to the database. The vulnerability can ...

PoC for CVE-2025-3141

SourcecodesterOnline Medicine Orderi...5.3MEDIUM
SQL Injection Vulnerability in SourceCodester Online Medicine Order...

A vulnerability has been identified in the SourceCodester Online Medicine Ordering System, specifically in the manage_category.php file. This issue arises from improper handling of user-supplied input, allowing an attacker to manipulate the ID argument and execute SQL queries. The attack can be i...

Discovered 23 hours ago

PoC for CVE-2025-3140

SourcecodesterOnline Medicine Orderi...5.3MEDIUM
SQL Injection Vulnerability in SourceCodester Online Medicine Order...

An SQL injection vulnerability has been identified in the SourceCodester Online Medicine Ordering System version 1.0. The issue arises due to improper handling of the ID argument in the /view_category.php file, allowing attackers to manipulate SQL queries remotely. This exploitation could lead to...

PoC for CVE-2025-3139

Code-projectsBus Reservation System4.8MEDIUM
Buffer Overflow Vulnerability in Code-Projects Bus Reservation Syst...

A buffer overflow vulnerability has been identified in the Login function of the Code-Projects Bus Reservation System 1.0. This flaw allows an attacker to manipulate the Str1 argument, potentially leading to unauthorized access and the execution of arbitrary code. Given that the exploit has been ...

PoC for CVE-2025-3138

PHPgurukulOnline Security Guards...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Online Security Guards Hi...

A vulnerability has been identified in PHPGurukul's Online Security Guards Hiring System, specifically within the /admin/edit-guard-detail.php file. This issue arises from improper handling of user input, allowing for SQL injection through manipulation of the editid argument. An attacker could ex...

Discovered 1 day ago

PoC for CVE-2025-3137

PHPgurukulOnline Security Guards...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Online Security Guards Hi...

A remote SQL injection vulnerability exists in the PHPGurukul Online Security Guards Hiring System version 1.0. This security weakness arises from improper handling of the 'editid' parameter in the /admin/changeimage.php file, allowing attackers to manipulate SQL queries and gain unauthorized acc...

PoC for CVE-2025-3136

PyTorchPytorch4.8MEDIUM
Memory Corruption Vulnerability in PyTorch 2.6.0 Affecting CUDACach...

A local memory corruption vulnerability has been discovered in PyTorch 2.6.0, specifically within the function torch.cuda.memory.caching_allocator_delete found in the CUDACachingAllocator.cpp file. This issue allows an attacker with local access to manipulate memory allocation, resulting in unint...

PoC for CVE-2025-29927

VercelNext.js🟣 EPSS 85%9.1CRITICAL
Authorization Bypass in Next.js Framework by Vercel

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...