Publicly Disclosed
PoC Exploits

đź”´ Alway take caution when working with PoC Exploits đź”´

Discovered 6 hours ago

PoC for CVE-2026-14802

ReactCreate-react-app6.9MEDIUM
OS Command Injection in React Create-React-App on macOS

A security vulnerability has been identified in the React Create-React-App framework on macOS, specifically within the startBrowserProcess function located in openBrowser.js of the react-dev-utils component. This flaw permits OS command injection, allowing attackers to potentially execute arbitra...

PoC for CVE-2021-3493

UbuntuLinux🟣 EPSS 44%8.8HIGH
Local Privilege Escalation in Linux Kernel OverlayFS Implementation...

The OverlayFS implementation in the Linux kernel failed to adequately validate user namespaces when setting file capabilities on underlying file systems. This weakness, combined with specific patches in the Ubuntu kernel that permit unprivileged overlay mounts, enables attackers to exploit the si...

PoC for CVE-2026-14800

ImhamzaazamEcommerceflask5.3MEDIUM
Cross-Site Request Forgery Vulnerability in imhamzaazam Ecommerce P...

A vulnerability has been discovered in the imhamzaazam ecommerceFlask platform, affecting versions prior to cb7d9e24c30a99379651b7493b32048126ef402b. This weakness can lead to unauthorized commands being transmitted from an authenticated user to the application without their consent. Since this i...

PoC for CVE-2026-6382

WordPressFileorganizer
OS Command Injection Vulnerability in FileOrganizer and Other WordP...

Certain WordPress plugins, including FileOrganizer, Advanced File Manager, File Manager Pro, and File Manager, have a vulnerability due to insufficient input escaping before executing shell commands during image operations. This flaw allows authenticated users to potentially execute arbitrary com...

PoC for CVE-2026-12083

WordPressAdmin And Site Enhance...
Unauthorized Role Restoration in Admin Site Enhancements Plugin for...

The Admin and Site Enhancements plugin for WordPress, both the standard and pro versions prior to 8.8.4, contains a significant vulnerability that permits unauthenticated attackers to exploit the role-restoration request handler. This flaw enables malicious users to reinstate administratively dem...

PoC for CVE-2026-10830

WordPressAllcoach
Email Verification Flaw in AllCoach WordPress Plugin by the Vendor

The AllCoach WordPress plugin prior to version 1.0.2 contains a critical flaw that fails to confirm whether an email address submitted for account registration is already linked to an existing user. This oversight enables unauthorized individuals to overwrite the passwords of existing users, incl...

PoC for CVE-2024-6228

WordPressNotifications For Form...
Server-Side File Inclusion Vulnerability in Notifications for Forms...

The Notifications for Forms & WordPress Actions Plugin for WordPress, prior to version 2.6, is prone to a server-side file inclusion vulnerability. This flaw occurs due to the lack of validation on user-supplied input when constructing file paths. As a consequence, authenticated users with subscr...

PoC for CVE-2026-11962

WordPressFileorganizer
File Upload Vulnerability in FileOrganizer WordPress Plugin

The FileOrganizer plugin for WordPress, prior to version 1.2.0, is susceptible to a file upload vulnerability. This flaw allows authenticated users with file-manager access—potentially extended to sub-admins via a premium add-on—to bypass file type validation during various file management operat...

PoC for CVE-2026-11766

WordPressUltimate Member
Improper Sanitization in Ultimate Member WordPress Plugin Affects U...

The Ultimate Member plugin for WordPress, prior to version 2.12.0, contains a flaw in how it handles the sanitization of custom textarea profile fields. This oversight permits authenticated users with Subscriber-level access and higher to inject malicious JavaScript code into their profiles. When...

PoC for CVE-2026-11855

WordPressSimple Membership
Web Script Injection Vulnerability in Simple Membership Plugin by W...

The Simple Membership WordPress plugin prior to version 4.7.5 is susceptible to a web script injection vulnerability due to insufficient verification of Stripe webhook requests when no signing secret is configured. Additionally, the plugin fails to properly escape values retrieved from these requ...

Discovered 7 hours ago

PoC for CVE-2026-49975

ApacheApache Http Server🟣 EPSS 11%7.5HIGH
Memory Allocation Vulnerability in Apache HTTP Server by Apache

A memory allocation issue exists in Apache HTTP Server's mod_http module, which can lead to denial of service when an attacker sends crafted HTTP requests with excessive size values. This vulnerability affects a wide range of Apache HTTP Server versions, making it critical for users to implement ...

PoC for CVE-2026-14799

CodeastroEcommerce Website5.3MEDIUM
SQL Injection Vulnerability in CodeAstro Ecommerce Website 1.0

A security flaw has been identified in the CodeAstro Ecommerce Website version 1.0, specifically affecting the wishlist management functionality located in the file /customer/my_account.php?my_wishlist. The vulnerability allows an attacker to manipulate the 'delete_wishlist' parameter, leading to...

PoC for CVE-2026-14798

CodeastroApartment Visitor Mana...5.3MEDIUM
SQL Injection Vulnerability in CodeAstro Apartment Visitor Manageme...

A vulnerability exists in the CodeAstro Apartment Visitor Management System (version 1.0) that allows for SQL injection through inadequate sanitation of user input, specifically in the 'visname' argument of the '/apartment-visitor/visitor-entry.php' file. This flaw can enable an attacker to execu...

Discovered 8 hours ago

PoC for CVE-2018-10933

[unknown]Libssh🟣 EPSS 92%9.1CRITICAL
Unauthorized Channel Creation in libssh Server-Side State Machine b...

A vulnerability in the server-side state machine of libssh permits a malicious client to create communication channels without prior authentication. This flaw can lead to unauthorized access, posing risks to the confidentiality and integrity of data transmitted through the affected software. User...

PoC for CVE-2026-14797

CodeastroApartment Visitor Mana...5.3MEDIUM
SQL Injection Vulnerability in CodeAstro Apartment Visitor Manageme...

A SQL injection vulnerability in the CodeAstro Apartment Visitor Management System version 1.0 arises from improper handling of input in the edit-apartment.php file. Attackers can manipulate the 'editid' argument, potentially allowing them to execute arbitrary SQL queries. This flaw is exploitabl...

PoC for CVE-2026-14796

CodeastroApartment Visitor Mana...5.3MEDIUM
SQL Injection Vulnerability in CodeAstro Apartment Visitor Manageme...

A vulnerability in CodeAstro's Apartment Visitor Management System version 1.0 has been identified, allowing for SQL injection attacks via the manipulation of the 'fromdate' argument in the report.php file. This flaw could enable attackers to execute arbitrary SQL queries on the database, potenti...

PoC for CVE-2026-14795

CodeastroApartment Visitor Mana...5.3MEDIUM
SQL Injection Vulnerability in CodeAstro Apartment Visitor Manageme...

A SQL injection vulnerability exists in the CodeAstro Apartment Visitor Management System version 1.0. The issue arises from improper validation of input within the '/apartment-visitor/action-visitor.php' file, specifically in the argument 'remark'. This flaw allows an attacker to manipulate SQL ...

Discovered 10 hours ago

PoC for CVE-2026-14791

Crater-invoice-incCrater5.1MEDIUM
Cross-Site Scripting Vulnerability in Crater Invoice by Crater-Invo...

A security weakness has been discovered in the Crater Invoice application, specifically within the getFormattedString function of the InvoicesRequest.php file. This vulnerability allows an attacker to manipulate the argument used in the invoicing notes, potentially leading to cross-site scripting...

PoC for CVE-2026-14790

GPACGpac4.8MEDIUM
Null Pointer Dereference Vulnerability in GPAC Media File Handler

A flaw exists in GPAC version 26.02.0 within the Media File Handler's function nhmldump_send_frame, specifically in the src/filters/write_nhml.c file. This vulnerability allows an attacker with local access to manipulate the function, potentially leading to a null pointer dereference. The exploit...

PoC for CVE-2026-14789

RadareorgRadare24.8MEDIUM
Stack-based Buffer Overflow in radareorg radare2 Affected by Memory...

A stack-based buffer overflow vulnerability has been identified in the radareorg radare2 tool, specifically within the Memory64ListStream Parser of the libr/bin/format/mdmp/mdmp.c component. This vulnerability arises from improper handling of inputs, allowing an attacker with local access to mani...

Discovered 11 hours ago

PoC for CVE-2026-14788

RadareorgRadare24.8MEDIUM
Use After Free Vulnerability in radareorg's radare2 Tool

A security vulnerability exists in the radare2 tool, specifically in the r_core_bin_load function within the libr/core/cfile.c file. This vulnerability is characterized by a use after free condition that allows an attacker to manipulate memory allocations, potentially leading to arbitrary code ex...

PoC for CVE-2026-14787

RadareorgRadare24.8MEDIUM
Integer Overflow Vulnerability in radareorg radare2 Product

A weakness has been identified in the radare2 product from radareorg, specifically within the cmd_print function in the libr/core/cmd_print.inc component. This vulnerability allows for an integer overflow condition, which can be exploited locally. The public availability of an exploit raises conc...

PoC for CVE-2026-14786

RadareorgRadare24.8MEDIUM
Integer Overflow Vulnerability in radareorg radare2 Versions Up to ...

A security flaw has been identified in the radareorg radare2 software, particularly within the function r_str_word_get0set in the libr/util/str.c file. This vulnerability leads to an integer overflow that can potentially allow an attacker to exploit the system, provided they have local access. Th...

Discovered 13 hours ago

PoC for CVE-2026-14783

NousresearchHermes-agent5.3MEDIUM
Path Traversal Vulnerability in NousResearch Hermes-Agent

A path traversal vulnerability was identified in NousResearch's Hermes-Agent 2026.5.29.2, specifically in the skill_view function within tools/skills_tool.py. Attackers can exploit this vulnerability by manipulating request parameters, potentially allowing unauthorized access to the filesystem. T...

PoC for CVE-2026-14778

SourcecodesterOnlne Examination & Le...6.9MEDIUM
Improper Authorization in SourceCodester Online Examination & Learn...

A security vulnerability has been identified in the SourceCodester Online Examination & Learning Management System 1.0, specifically within the Enrollment Management component. This vulnerability stems from improper handling of the parameters student_id, schedule_id, and action within the /ajax_e...

PoC for CVE-2026-10104

WordPressProduct Video Gallery ...4.4MEDIUM
Stored Cross-Site Scripting Vulnerability in Product Video Gallery ...

The Product Video Gallery for Woocommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping in the custom_thumbnail parameter. Authenticated users with shop manager-level access can exploit this vulnerability to inject mali...

PoC for CVE-2026-14777

SourcecodesterOnlne Examination & Le...5.3MEDIUM
Unrestricted Upload Vulnerability in SourceCodester Online Examinat...

A vulnerability exists in the announcements.php file of the SourceCodester Online Examination & Learning Management System, where improper validation allows for unrestricted file uploads. This flaw can be exploited remotely, enabling attackers to upload malicious files, potentially leading to fur...

PoC for CVE-2026-14776

SourcecodesterOnlne Examination & Le...5.3MEDIUM
Unrestricted File Upload Vulnerability in SourceCodester Online Exa...

A security flaw has been identified in the SourceCodester Online Examination & Learning Management System 1.0, specifically within the pathinfo function of the /upload_files.php file associated with the Filename Extension component. This vulnerability enables an attacker to manipulate upload func...

Discovered 14 hours ago

PoC for CVE-2026-14775

SourcecodesterOnlne Examination & Le...5.3MEDIUM
Unrestricted File Upload in SourceCodester Online Examination & Lea...

A vulnerability exists in the SourceCodester Online Examination & Learning Management System 1.0 that allows attackers to exploit the /process_lesson.php file. By manipulating the user_id parameter, unauthorized users can upload files without restrictions. This can lead to serious security risks,...

PoC for CVE-2026-14774

ItsourcecodeHospital Management Sy...5.3MEDIUM
SQL Injection Vulnerability in Itsourcecode Hospital Management System

A SQL injection vulnerability has been identified in the Itsourcecode Hospital Management System version 1.0, specifically within the /paymentdischarge.php file. This vulnerability arises due to improper handling of the patientid parameter, which can be manipulated by an attacker to execute arbit...

PoC for CVE-2026-14773

ItsourcecodeHospital Management Sy...5.3MEDIUM
SQL Injection Vulnerability in itsourcecode Hospital Management System

A SQL injection vulnerability has been discovered in the itsourcecode Hospital Management System 1.0, specifically affecting the /payment.php file. This flaw allows an attacker to manipulate the 'patientid' parameter, enabling unauthorized access to the database. The attack can be executed remote...

PoC for CVE-2026-14772

SourcecodesterClass And Exam Timetab...6.9MEDIUM
SQL Injection Vulnerability in SourceCodester Class and Exam Timeta...

A vulnerability exists in the SourceCodester Class and Exam Timetabling System 1.0 where an SQL injection can be executed via the manipulation of the ID parameter in the /edit_course1.php file. This flaw allows remote attackers to inject malicious SQL statements, potentially leading to unauthoriz...

PoC for CVE-2020-11023

JqueryJquery🟣 EPSS 84%6.9MEDIUM
Potential XSS vulnerability in jQuery

In jQuery, there is a vulnerability that affects versions starting from 1.0.3 up to, but not including, 3.5.0. This flaw allows malicious actors to execute untrusted code if HTML containing <option> elements is passed to jQuery's DOM manipulation methods, such as .html() and .append(), even after...

Discovered 15 hours ago

PoC for CVE-2026-14771

SourcecodesterClass And Exam Timetab...6.9MEDIUM
SQL Injection Vulnerability in SourceCodester Class and Exam Timeta...

A security flaw was discovered in the SourceCodester Class and Exam Timetabling System, specifically in the editing functionality of the application. The vulnerability resides in the /edit_exam1.php file, where an unknown function allows manipulation of the argument ID. This breach can enable att...

PoC for CVE-2025-59382

QNAPQts1.2LOW
Remote Code Execution Vulnerability in QNAP NAS Products

A remote code execution vulnerability has been identified in select QNAP NAS products. This issue could potentially allow attackers to execute arbitrary code on affected systems, posing a significant risk to data integrity and system functionality. QNAP has released patches to address this vulner...

PoC for CVE-2026-14770

SourcecodesterClass And Exam Timetab...6.9MEDIUM
SQL Injection Flaw in SourceCodester Class and Exam Timetabling System

A critical SQL injection vulnerability exists within the SourceCodester Class and Exam Timetabling System, specifically in the /edit_room.php file. This flaw allows attackers to manipulate the argument ID, potentially leading to unauthorized access and manipulation of the database. The exploit ca...

Discovered 16 hours ago

PoC for CVE-2026-14769

Code-projectsReal State Services6.9MEDIUM
SQL Injection Vulnerability in Code-Projects Real State Services by...

A security vulnerability has been identified in the Real State Services application version 1.0, specifically in the /pay.php file. Malicious actors can exploit this vulnerability by manipulating the 'Bankname' parameter, potentially leading to SQL injection attacks. This type of attack can be ex...

PoC for CVE-2026-14768

Code-projectsReal State Services6.9MEDIUM
SQL Injection Vulnerability in Code-Projects Real State Services

A significant SQL injection vulnerability has been discovered in Code-Projects Real State Services 1.0, which impacts the file /builderHome.php. An attacker can manipulate the 'loc' argument, potentially leading to unauthorized access to the database. This vulnerability allows for remote exploita...

Discovered 17 hours ago

PoC for CVE-2026-14767

CodeastroEcommerce Website5.3MEDIUM
SQL Injection Vulnerability in CodeAstro Ecommerce Website by CodeA...

A security flaw identified in the CodeAstro Ecommerce Website version 1.0 allows for SQL injection through manipulation of the 'invoice_no' parameter in the /ecommerce-website-php/customer/confirm.php file. This vulnerability enables attackers to execute SQL commands remotely, posing significant ...

Discovered 18 hours ago

PoC for CVE-2026-14766

CodeastroApartment Visitor Mana...5.3MEDIUM
SQL Injection Vulnerability in CodeAstro Apartment Visitor Manageme...

A vulnerability exists in the CodeAstro Apartment Visitor Management System where improper handling of the 'searchdata' parameter in the '/apartment-visitor/search-result.php' file allows an attacker to perform SQL injection. This could lead to unauthorized access to sensitive data within the app...

Discovered 20 hours ago

PoC for CVE-2026-14764

Code-projectsHotel And Tourism Rese...6.9MEDIUM
SQL Injection Vulnerability in Hotel and Tourism Reservation by Cod...

A vulnerability in the Hotel and Tourism Reservation software, specifically within the /admin/add_event.php component, allows for SQL injection through manipulation of the 'fdetails' argument. This weakness can be exploited remotely, potentially compromising the security of the system. Users shou...

PoC for CVE-2026-14763

Code-projectsHotel And Tourism Rese...6.9MEDIUM
SQL Injection Vulnerability in Hotel and Tourism Reservation by Cod...

A vulnerability exists in the Hotel and Tourism Reservation application version 1.0, specifically within the Tour Reservations Page component. The flaw arises from improper handling of input in the file /admin/tour_reserves.php, which allows an attacker to manipulate arguments, leading to SQL inj...

PoC for CVE-2026-14762

Code-projectsHotel And Tourism Rese...6.9MEDIUM
SQL Injection Vulnerability in Hotel and Tourism Reservation by Cod...

A significant SQL injection vulnerability has been identified in the Hotel and Tourism Reservation application by Code-Projects, specifically within the Room Management Page component. The vulnerability arises from the manipulation of an argument within the /admin/rooms.php file, allowing an atta...

Discovered 21 hours ago

PoC for CVE-2026-14761

RadareorgRadare24.8MEDIUM
Integer Overflow Vulnerability in radareorg radare2 Software

A security vulnerability has been identified in the radareorg radare2 software, specifically within the functions r_str_ndup and r_str_append in the code file libr/util/str.c. This issue is characterized by an integer overflow which may be exploited through local attack vectors. Public disclosure...

PoC for CVE-2026-14760

RadareorgRadare24.8MEDIUM
Use After Free Vulnerability in Radare2 by Radareorg

A vulnerability exists in Radare2, specifically within the r_core_seek_arch_bits function of libr/core/disasm.c. This flaw allows for a use after free condition, which can be exploited by an attacker with local access. Once exploited, it could lead to unexpected behavior or potentially open avenu...

PoC for CVE-2026-14759

RadareorgRadare24.8MEDIUM
Heap-Based Buffer Overflow in radareorg Radare2 Up to Version 6.1.6

A significant security flaw has been identified in the Radare2 tool up to version 6.1.6, specifically within the RBinJava Line Number Table Parser. The vulnerability resides in the function responsible for calculating the size of inner classes attributes, which can result in a heap-based buffer o...

PoC for CVE-2026-14758

RadareorgRadare24.8MEDIUM
Integer Overflow Vulnerability in radareorg radare2 Product

A vulnerability has been identified in radareorg's radare2 up to version 6.1.6, affecting the cmd_anal_opcode function within the hexpairs Parser component. This issue arises due to integer overflow that can be exploited locally, potentially leading to unauthorized actions or system instability. ...

Discovered 22 hours ago

PoC for CVE-2026-14757

RadareorgRadare24.8MEDIUM
Integer Overflow Vulnerability in radareorg radare2 Product Suite

A vulnerability has been identified in radareorg's radare2 software, specifically in the core_anal_bytes function located within the libr/core/cmd_anal.inc file. This issue involves an integer overflow which can potentially be exploited by an attacker with local access to the system. The vulnerab...

PoC for CVE-2026-14756

Code-projectsHotel And Tourism Rese...6.9MEDIUM
SQL Injection Vulnerability in Hotel and Tourism Reservation by cod...

The Hotel and Tourism Reservation application developed by code-projects contains a vulnerability within the Tour Management Page. Specifically, the handling of the delete_image parameter in the /admin/add_tour.php file is susceptible to SQL injection attacks. This imperfection allows an adversar...

PoC for CVE-2026-14755

Code-projectsHotel And Tourism Rese...6.9MEDIUM
SQL Injection Vulnerability in Hotel Management Software by Code-Pr...

An SQL injection vulnerability exists in the Hotel and Tourism Reservation software, specifically within the /admin/reservations.php file of the Reservations Management Page. This flaw arises from improper handling of the 'delete' argument, enabling attackers to manipulate SQL queries and potenti...