Publicly Disclosed
PoC Exploits
🔴 Alway take caution when working with PoC Exploits 🔴
Discovered just now...
PoC for CVE-2026-49468
A security vulnerability in LiteLLM, an AI Gateway proxy server designed to facilitate calls to LLM APIs, was identified in all versions prior to 1.84.0. This flaw potentially exposes users to various security risks. It is critical for users to update to version 1.84.0 or newer to mitigate these ...
PoC for CVE-2022-36021
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions ...
PoC for CVE-2022-36021
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions ...
Discovered 5 hours ago
PoC for CVE-2026-13768
Gardyn devices are susceptible to a severe security flaw that exposes a privileged iothubowner key. This key grants malicious users the ability to manipulate the IoTHub Registry Manager, potentially revealing critical connection information for all connected Gardyn Home Kit and Studio devices. Fu...
PoC for CVE-2026-38751
OpenSTAManager versions up to and including 2.10 contain a vulnerability that allows an attacker to upload arbitrary files via the module update functionality. This flaw exists in the 'upload_modules.php' script, which does not adequately validate file uploads, potentially enabling unauthorized a...
PoC for CVE-2025-57819
FreePBX, an open-source web-based GUI, suffers from a vulnerability that permits unauthenticated users to gain access to the FreePBX Administrator interface. This is primarily due to insufficient sanitization of user-provided data. The flaw can lead to unauthorized database manipulation and may a...
Discovered 13 hours ago
PoC for CVE-2026-58460
The react-native-receive-sharing-intent library is susceptible to a path traversal vulnerability. This flaw permits a co-resident malicious application to exploit the system by manipulating the _display_name value to include dot-dot path components. Through this vulnerability, attackers can lever...
PoC for CVE-2026-58467
Cockpit CMS prior to version 364 is susceptible to a path traversal and local file inclusion vulnerability, allowing unauthenticated attackers to access arbitrary files or execute PHP scripts by manipulating the REQUEST_URI. This flaw occurs due to improper validation of the PATH_INFO variable du...
Discovered 14 hours ago
PoC for CVE-2026-59102
Forgejo, a platform developed by Codeberg, is vulnerable to a stored cross-site scripting attack that can be exploited by authenticated users. Attackers can embed malicious JavaScript code into the display name field. When the DEFAULT_SHOW_FULL_NAME option is activated, this name gets rendered in...
PoC for CVE-2026-59100
LobeChat version 2.2.9 has a broken object level authorization vulnerability that allows authenticated users to manipulate other users' chat-group agent data. By using arbitrary group identifiers, attackers can perform unauthorized actions such as retrieving agent listings, altering agent roles a...
PoC for CVE-2026-59099
Apereo CAS versions prior to 8.0.0-RC6 are susceptible to a cryptographic vulnerability that enables remote unauthenticated attackers to recover plaintext conversation state. This issue arises from AES-GCM initialization vector reuse, where the use of a constant all-zero IV in conjunction with a ...
PoC for CVE-2026-59098
LobeChat versions up to 2.2.9 are affected by a broken access control vulnerability in its retrieval-augmented-generation semantic search functionality. This flaw allows authenticated attackers to exploit missing user-identifier checks, granting them unauthorized access to other users' data. By m...
PoC for CVE-2026-59097
Taiga, a popular project management tool, has a security flaw that allows unauthorized remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints. This vulnerability affects users of version 6.10.1 and earlier, where attackers can bypass permission...
PoC for CVE-2026-59095
LobeChat versions prior to 2.2.10-canary.18 contain a server-side request forgery vulnerability. This issue allows authenticated attackers to manipulate internal HTTP requests by exploiting user-controlled inputs in services such as skill import and topic cover updates. Through these entry points...
PoC for CVE-2026-59094
The Pathway Document Store is susceptible to a denial of service attack due to its handling of caller-supplied glob patterns. From the unauthenticated HTTP endpoints, an attacker can submit malicious patterns that lead to high CPU consumption, as the application evaluates these patterns without s...
PoC for CVE-2026-58579
RAGFlow versions prior to 0.26.3 are exposed to a stored cross-site scripting vulnerability due to insufficient sanitization of agent pipeline node names. The normalize_dsl function validates JSON serialization but does not sanitize the node name itself. This leads to scenarios where an authentic...
PoC for CVE-2026-58578
The vulnerability in LobeChat enables authenticated attackers to exploit regular expression denial of service (ReDoS) by injecting catastrophic-backtracking patterns into a GitHub repository URL path during skill import. This flaw allows attackers to obstruct the Node.js event loop, leading to si...
Discovered 15 hours ago
PoC for CVE-2026-33017
Langflow, a tool for constructing and deploying AI-driven agents and workflows, is susceptible to a vulnerability in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint in versions before 1.9.0. This vulnerability enables an attacker to build public flows without authentication, leveraging ...
PoC for CVE-2021-27877
A vulnerability in Veritas Backup Exec allows attackers to exploit outdated SHA authentication support, which has not been disabled in versions prior to 21.2. By leveraging this weakness, an attacker can gain unauthorized access to an Agent, enabling them to execute privileged commands remotely. ...
Discovered 16 hours ago
PoC for CVE-2024-58352
Landray OA is affected by a serious unauthenticated HQL injection vulnerability, which enables attackers to manipulate the system's database queries by injecting harmful HQL syntax via the uid POST parameter of the wechatLoginHelper.do endpoint. This vulnerability stems from a failure to adequate...
PoC for CVE-2022-50973
Yonyou KSOA 9.0 is vulnerable to an unauthenticated file upload issue in the com.sksoft.bill.ImageUpload servlet. This flaw allows attackers to upload arbitrary files simply by submitting a POST request with manipulated filepath and filename parameters, bypassing crucial authentication, file type...
PoC for CVE-2022-50973
Yonyou KSOA 9.0 is vulnerable to an unauthenticated file upload issue in the com.sksoft.bill.ImageUpload servlet. This flaw allows attackers to upload arbitrary files simply by submitting a POST request with manipulated filepath and filename parameters, bypassing crucial authentication, file type...
PoC for CVE-2022-50973
Yonyou KSOA 9.0 is vulnerable to an unauthenticated file upload issue in the com.sksoft.bill.ImageUpload servlet. This flaw allows attackers to upload arbitrary files simply by submitting a POST request with manipulated filepath and filename parameters, bypassing crucial authentication, file type...
PoC for CVE-2021-1931
This security vulnerability is caused by improper validation of the buffer length when processing fast boot commands across various Qualcomm Snapdragon products. An attacker could exploit this flaw to execute arbitrary code or cause unintended behavior, potentially compromising the affected devices.
PoC for CVE-2024-14037
Redsea Cloud eHR is affected by an arbitrary file upload vulnerability that permits unauthenticated attackers to execute remote code. By exploiting the PtFjk.mob servlet endpoint, attackers can submit multipart POST requests containing malicious files disguised as image/jpeg, thereby circumventin...
PoC for CVE-2024-14037
Redsea Cloud eHR is affected by an arbitrary file upload vulnerability that permits unauthenticated attackers to execute remote code. By exploiting the PtFjk.mob servlet endpoint, attackers can submit multipart POST requests containing malicious files disguised as image/jpeg, thereby circumventin...
Discovered 1 day ago
PoC for CVE-2026-53753
Crawl4AI, an open-source LLM-friendly web crawler, prior to version 0.8.7, contains a critical vulnerability in its computed fields feature. The _safe_eval_expression() function employs an AST validator that inadequately restricts attribute access, allowing attributes without an underscore prefix...
PoC for CVE-2025-69212
OpenSTAManager, an open source management tool for technical assistance and invoicing, has a vulnerability in the P7M file decoding functionality. Versions 2.9.8 and earlier allow authenticated attackers to upload a ZIP file containing a maliciously crafted .p7m file. This could lead to the execu...
PoC for CVE-2026-11578
The Fluent Forms WordPress plugin, prior to version 6.2.5, has a serious vulnerability related to improper access control. Specifically, it fails to restrict a Manager's ability to delete form submission entries associated with forms they are not authorized to manage. This could result in unautho...
PoC for CVE-2026-11781
The Adminify WordPress plugin prior to version 4.2.10 fails to enforce appropriate read-capability checks for its administration search functionality. This oversight enables users with lower privileges, such as Contributors, to access and reveal sensitive information that should remain protected....
PoC for CVE-2026-11965
The User Registration & Membership plugin for WordPress prior to version 5.2.0 allows unauthenticated individuals to activate paid membership subscriptions without completing payment. This flaw occurs due to the lack of enforcement on payment verification during the account registration process, ...
PoC for CVE-2026-10077
The Yootheme WordPress theme prior to version 5.0.35 is vulnerable to stored Cross-Site Scripting (XSS) attacks. This occurs as the theme fails to adequately sanitize certain HTML attributes, allowing users with the Author role to inject malicious scripts. When a post containing such scripts is v...
PoC for CVE-2026-38751
OpenSTAManager versions up to and including 2.10 contain a vulnerability that allows an attacker to upload arbitrary files via the module update functionality. This flaw exists in the 'upload_modules.php' script, which does not adequately validate file uploads, potentially enabling unauthorized a...
PoC for CVE-2025-69212
OpenSTAManager, an open source management tool for technical assistance and invoicing, has a vulnerability in the P7M file decoding functionality. Versions 2.9.8 and earlier allow authenticated attackers to upload a ZIP file containing a maliciously crafted .p7m file. This could lead to the execu...
PoC for CVE-2026-6307
A type confusion vulnerability exists within Turbofan in Google Chrome, affecting versions prior to 147.0.7727.101. This flaw allows a remote attacker to execute arbitrary code within a sandboxed environment by crafting a malicious HTML page. Exploiting this vulnerability can lead to unauthorized...
PoC for CVE-2026-6307
A type confusion vulnerability exists within Turbofan in Google Chrome, affecting versions prior to 147.0.7727.101. This flaw allows a remote attacker to execute arbitrary code within a sandboxed environment by crafting a malicious HTML page. Exploiting this vulnerability can lead to unauthorized...
PoC for CVE-2026-23111
A vulnerability exists in the Linux kernel's netfilter module that affects the nft_map_catchall_activate() function. This function encounters an inverted element activity check, leading to a failure in appropriately handling catchall map elements during a failed transaction. The bug arises when t...
Discovered 2 days ago
PoC for CVE-2026-43735
A vulnerability has been identified in Safari and related Apple products that allows malicious websites to potentially exfiltrate sensitive data across different origins. The issue has been remediated with enhanced verification protocols in the latest versions, ensuring that requests made to exte...
PoC for CVE-2026-58593
NodeBB's implementation of ActivityPub allows for an author spoofing vulnerability, where a remote actor can impersonate local users by manipulating the 'attributedTo' field in inbound ActivityPub objects. This is due to inadequate validation processes that fail to ensure that the 'attributedTo' ...
PoC for CVE-2026-58592
The Ladybird browser contains a memory-safety vulnerability characterized by a dangling reference in its WebAssembly ESM integration module loader. When JavaScript functions are imported into WebAssembly modules, improper handling results in a callback retaining a reference to a destroyed Functio...
PoC for CVE-2026-58457
The Shenzhen Aitemi M300 Wi-Fi Repeater, specifically the hardware model MT02, is susceptible to an unauthenticated OS command injection vulnerability. This flaw allows network-adjacent attackers to execute arbitrary shell commands by exploiting unsanitized input through the smacfilter_conf handl...
PoC for CVE-2026-58451
The path traversal vulnerability in Horde IMP allows authenticated attackers to exploit improper validation in lib/Compose.php, enabling them to read arbitrary files from the server's filesystem. This occurs by embedding traversal sequences after an expected CKEditor path prefix in img src URLs. ...
PoC for CVE-2026-42945
A vulnerability exists in the ngx_http_rewrite_module of NGINX Plus and NGINX Open Source, triggered when a rewrite directive is followed by an if or set directive that includes a Perl-Compatible Regular Expression (PCRE) capture and a replacement string with a question mark. Attackers can exploi...
PoC for CVE-2026-34114
The Guardian Language-System is vulnerable to an OS command injection through the 'id' parameter in the translate_text.php script. The application directly processes user input without proper sanitization, allowing an unauthenticated attacker to append malicious shell commands. This can lead to a...
PoC for CVE-2026-58454
The JAIOTlink C492A-W6 Wi-Fi IP cameras with firmware version 4.8.30.57701411 are vulnerable to a remote code execution flaw. Authenticated attackers can exploit this vulnerability by saving arbitrary shell scripts in the writable persistent JFFS2 storage. By utilizing the authenticated HTTP endp...
PoC for CVE-2026-58453
The JAIOTlink C492A-W6 Wi-Fi IP cameras have a serious vulnerability where hard-coded credentials allow network-adjacent attackers to access the device. By exploiting default admin credentials and an empty password for the anyka_ipc HTTP service on port 80, unauthorized individuals can gain contr...
PoC for CVE-2026-58452
The JAIOTlink C492A-W6 Wi-Fi IP camera firmware version 4.8.30.57701411 is susceptible to an OS command injection flaw. This vulnerability allows authenticated attackers to execute arbitrary code remotely. By manipulating the Wireless parameter in the HTTP PUT NetSDK/Factory SetMAC endpoint, atta...
PoC for CVE-2026-57517
The vulnerability in Control Web Panel allows unauthenticated attackers to exploit a blind SQL injection flaw. By submitting unsanitized input through the userRes POST parameter at the user endpoint, attackers can execute arbitrary SQL queries. This exploit can lead to unauthorized access to MySQ...
PoC for CVE-2026-58127
PACSgear MediaWriter 5.2.1 exposes a critical vulnerability via its .NET Remoting TCP service on port 9000. The service does not require authentication and allows remote attackers to read and write arbitrary files on the host system. By exploiting the unmarshalling technique of the MarshalByRefOb...
PoC for CVE-2026-58126
PACSgear PACS Scan 5.2.1 is susceptible to an unauthenticated remote code execution vulnerability due to an exposed .NET Remoting TCP service operating on port 22222. This allows attackers to execute unauthorized commands and manipulate files remotely through PGImageExchQueue.exe without any auth...