Publicly Disclosed
PoC Exploits
🔴 Alway take caution when working with PoC Exploits 🔴
Discovered 3 hours ago
PoC for CVE-2026-12217
A security vulnerability has been identified in DVDFab Virtual Drive version 2.0.0.5, specifically affecting the Signed Kernel Driver component (dvdfabio.sys). This vulnerability allows for improper privilege management, which can be exploited locally by an attacker to gain elevated privileges. T...
PoC for CVE-2026-12216
A vulnerability has been identified in Duktape up to version 2.99.99 that affects its memory management through the file duk_api_bytecode.c. By manipulating the argument count_instr, a local attacker could exploit this weakness to cause memory corruption. This issue is particularly concerning as ...
Discovered 4 hours ago
PoC for CVE-2026-12214
A security flaw has been identified in Qihoo 360 Total Security 6.0 that impacts the Nucleus Engine Monitoring Logic. This issue lies within the RpcStringBindingComposeW function, where a manipulation of the NetworkAddr argument can lead to a failure in the protection mechanisms. This vulnerabili...
PoC for CVE-2026-12211
A security flaw has been identified in the Intelbras iNVU 7016 FT web interface, specifically in the file /RPC2_Loadfile/syslog/. This issue allows for potential path traversal, where an attacker can exploit the vulnerability remotely. It is crucial for users of this device to upgrade to the patc...
Discovered 5 hours ago
PoC for CVE-2026-12210
A vulnerability has been identified in the universal-tool-calling-protocol python-utcp version 1.1.0, specifically within the utcp-gql/utcp-websocket component. This issue allows attackers to perform server-side request forgery (SSRF) by manipulating server requests, which can lead to unauthorize...
PoC for CVE-2026-12209
A vulnerability has been identified in versions of the RubyLouvre Avalon component up to 2.2.10 that allows for improperly controlled modifications of object prototype attributes. This flaw is located in an unspecified function within src/filters/index.js, undermining the integrity of application...
PoC for CVE-2026-12208
A vulnerability exists in jsonata-js versions up to 2.2.0 that allows for prototype pollution via the createFrame function in the Function Binding Frame System. This weakness enables an attacker to manipulate object prototype attributes in an improper manner. The attack can be executed remotely, ...
PoC for CVE-2026-12207
A security flaw has been identified in the medkey HTTP REST API, particularly in the function actionGetPatientById within the PatientController.php file. This vulnerability allows for improper control of resource identifiers by manipulating the argument ID. Such exploitation can be executed remot...
Discovered 6 hours ago
PoC for CVE-2026-12206
A vulnerability has been identified in Grit42 Grit, specifically affecting versions up to 0.11.0. The issue lies in the Grit::Assays::DataTableEntity function found in the file modules/assays/backend/app/models/grit/assays/data_table_entity.rb. This vulnerability enables attackers to perform a SQ...
PoC for CVE-2026-12204
A vulnerability in ShopXO versions up to 6.7.1 is linked to the Scheduled Task Endpoint functionality, specifically the OrderClose, OrderSuccess, PayLogOrderClose, and GoodsGiveIntegral functions. This flaw allows attackers to bypass authorization checks, enabling potential unauthorized access an...
PoC for CVE-2026-12202
A significant vulnerability has been discovered in Intelliants Subrion CMS versions up to 4.0.3, specifically within the Blocks Endpoint component. This security flaw enables attackers to manipulate the CSS class name argument, leading to potential cross-site scripting occurrences. Such exploits ...
Discovered 7 hours ago
PoC for CVE-2026-12201
A security flaw exists in IObit Malware Fighter versions up to 13.2.0, specifically related to its DLL Handler component. This vulnerability introduces permission issues that can be exploited by attackers with local access to the system. The exploit has already been made public, which raises conc...
PoC for CVE-2025-14847
The vulnerability arises from mismatched length fields in Zlib compressed protocol headers within MongoDB Server, potentially allowing an unauthenticated client to access uninitialized heap memory. This could lead to unauthorized information exposure, affecting versions of MongoDB Server across m...
PoC for CVE-2026-12200
A vulnerability has been identified in Ritlabs TinyWeb Server, specifically in the libeay32.dll.html component related to the Header Handler. This issue allows attackers to exploit an unknown function by manipulating the Authorization argument, leading to a stack-based buffer overflow. The potent...
Discovered 8 hours ago
PoC for CVE-2026-12193
A vulnerability exists within the VS Revo RevoUninstaller versions 2.5.x and 2.6.x. The issue is tied to the IOCtl_Handler function in the RevoDetector.sys driver, which is susceptible to heap-based buffer overflow. This manipulation requires local access, making the threat vector limited to user...
Discovered 9 hours ago
PoC for CVE-2026-12189
A vulnerability exists in the Moovit Bus & Public Transit App version 1.18 for Android, related to improper authorization within the component com.tranzmate. This flaw enables local attackers to exploit the URL scheme handler, which can lead to unauthorized actions within the application. The exp...
PoC for CVE-2026-12188
A SQL injection vulnerability exists in the GritEntityController component of Grit42 Grit, affecting versions up to 0.11.0. This issue can be exploited remotely by manipulating incoming data sent to the affected controller, leading to unauthorized access and potential data breaches. This exploit ...
PoC for CVE-2026-12187
A vulnerability exists in the GL.iNet GL-MT3000 router due to an issue in the Online Firmware Upgrade Handler component. This vulnerability allows for command injection through the 'one_click_upgrade' functionality, which can be exploited remotely. As a result of this flaw, an attacker could exec...
Discovered 10 hours ago
PoC for CVE-2026-12186
A command injection vulnerability exists in the GL.iNet GL-MT3000 due to improper handling in the Tor Proxy Service Configuration Handler, specifically in the replace_country function. This weakness allows remote attackers to execute arbitrary commands on the affected device. The issue is prevale...
Discovered 12 hours ago
PoC for CVE-2026-20245
A vulnerability present in the CLI of multiple Cisco Catalyst SD-WAN products allows an authenticated local attacker with netadmin privileges to execute arbitrary commands as the root user. This flaw arises from inadequate validation of user-supplied input, enabling an attacker to upload a specia...
Discovered 18 hours ago
PoC for CVE-2026-20253
In certain versions of Splunk Enterprise and Splunk Cloud Platform, an unauthenticated user may exploit a flaw in the PostgreSQL sidecar service endpoint, enabling them to create or truncate arbitrary files. This vulnerability arises from the absence of proper authentication mechanisms on the end...
Discovered 1 day ago
PoC for CVE-2025-15546
The Iptanus File Upload WordPress plugin prior to version 5.1.7 is susceptible to a vulnerability that arises from improper file handling. Specifically, when the duplicatepolicy setting is configured to 'maintain both', a Time-of-Check to Time-of-Use (TOCTOU) race condition occurs between the fil...
PoC for CVE-2025-55182
A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...
PoC for CVE-2026-12175
A vulnerability in the CodeAstro Student Attendance Management System 1.0 has been identified, specifically within the function located at /attendance-php/Admin/createStudents.php. This flaw allows for SQL injection through manipulated input of the admissionNumber argument. As a result, attackers...
PoC for CVE-2026-12174
A security issue has been identified in the D-Link DCS-935L HD Wi-Fi Camera where the snprintf function within the HTTP Handler component is vulnerable to format string manipulation. Specifically, this vulnerability allows attackers to exploit arguments incorrectly, potentially leading to remote ...
Discovered 2 days ago
PoC for CVE-2024-26170
The Windows Composite Image File System (CimFS) is impacted by a vulnerability that allows an attacker to potentially elevate their privileges on affected Microsoft products. This elevation of privilege vulnerability can enable unauthorized access to system resources, posing a risk for exploitati...
PoC for CVE-2026-12183
The Nefteprodukttekhnika BUK TS-G Gas Station Automation System versions 2.9.1 through 2.10.2 on Linux presents an Improper Authentication flaw within its system configuration module. The /php/ajax-login.php endpoint reveals the administrator's user ID in response to any HTTP POST request contain...
PoC for CVE-2026-40864
A Cross-Site Request Forgery vulnerability exists in JupyterHub versions 4.1.0 to 5.4.4, where the implementation of XSRF protection fails to properly validate requests flagged with Sec-Fetch-Mode: no-cors. This allows attackers to bypass XSRF safeguards on HTTP form endpoints, notably /hub/spawn...
PoC for CVE-2026-41490
Dagster, an orchestration platform for managing data assets, has a vulnerability in its handling of dynamic partition keys. In versions prior to 1.13.1 for Dagster Core and 0.29.1 for its libraries, the system allowed the construction of SQL WHERE clauses that lacked proper escaping. This flaw en...
PoC for CVE-2026-49975
A memory allocation issue exists in Apache HTTP Server's mod_http module, which can lead to denial of service when an attacker sends crafted HTTP requests with excessive size values. This vulnerability affects a wide range of Apache HTTP Server versions, making it critical for users to implement ...
PoC for CVE-2023-23969
Certain versions of the Django web framework, specifically 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, exhibit a vulnerability due to the caching of parsed Accept-Language headers. This caching mechanism is intended to enhance performance by avoiding repetitive parsing. However, wh...
PoC for CVE-2026-9062
The Store Locator plugin for WordPress prior to version 1.6.9 is susceptible to a path traversal vulnerability. This issue arises from improper validation of parameters used in file paths, permitting high-privilege users, such as administrators, to access sensitive files on the server. Malicious ...
PoC for CVE-2026-9061
The Store Locator plugin for WordPress prior to version 1.6.9 fails to adequately sanitize and escape the metadata for store logos before saving and displaying it. This gap allows users with administrative privileges to execute Stored Cross-Site Scripting (XSS) attacks, even in scenarios where th...
PoC for CVE-2026-20230
A security flaw in Cisco Unified Communications Manager and its Session Management Edition allows unauthenticated remote attackers to exploit server-side request forgery (SSRF). By sending a specially crafted HTTP request, attackers may manipulate the affected device, leading to unauthorized file...
PoC for CVE-2026-45585
A security feature bypass vulnerability exists in Microsoft Windows, referred to as 'YellowKey.' This flaw could allow unauthorized access to restricted features, compromising system integrity. A proof of concept has been publicly released, contrary to established security practices. Users are ad...
PoC for CVE-2026-53435
A deserialization vulnerability exists in Jenkins versions 2.567 and earlier, including LTS version 2.555.2 or earlier. This flaw can allow attackers to control the deserialization of arbitrary types through a maliciously crafted `config.xml` submission. Once exploited, this vulnerability opens a...
PoC for CVE-2026-24136
The Saleor e-commerce platform exhibits an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated users to retrieve sensitive information in plain text. Specifically, orders created prior to Saleor version 3.2.0 can have personally identifiable information (PII) exfiltrat...
PoC for CVE-2026-12131
A vulnerability has been detected in the CodeAstro Human Resource Management System version 1.0 that allows an SQL injection attack in the Invoice function of the Payroll.php controller. Manipulation of the ID argument permits attackers to execute arbitrary SQL commands. This flaw presents a sign...
PoC for CVE-2026-12130
A security flaw has been identified in the CodeAstro Human Resource Management System 1.0 that allows for cross-site scripting (XSS) attacks through the manipulation of the 'protitle' argument in the Projects Management Page. This vulnerability can be exploited remotely, potentially compromising ...
PoC for CVE-2026-12129
A cross site scripting vulnerability exists in CodeAstro's Human Resource Management System version 1.0, specifically within the Dashboard Interface component in the file /dashboard/add_tod. The issue arises due to inadequate input validation of the todo_data argument. This flaw permits remote at...
Discovered 3 days ago
PoC for CVE-2026-0273
A command injection vulnerability exists in PAN-OS software that allows authenticated administrators to bypass system restrictions, enabling the execution of arbitrary commands with root user privileges. To exploit this vulnerability, access to the PAN-OS Command Line Interface (CLI) or Web UI is...
PoC for CVE-2026-8809
The Advanced Custom Fields: Extended plugin for WordPress is susceptible to a privilege escalation vulnerability due to a validation bypass in the after_validate_save_post() function. This function improperly trusts the attacker-controlled _acf_post_id POST parameter, which allows unauthorized us...
PoC for CVE-2026-48558
Versions 5.5.15 and earlier of SimpleHelp, along with pre-release 6.0 versions, are susceptible to an authentication bypass vulnerability in the OIDC authentication process. When configured to use OIDC authentication, the system fails to validate the cryptographic signatures of identity tokens du...
PoC for CVE-2026-12066
A vulnerability has been identified in PbootCMS versions up to 3.2.12, specifically in the Password Handler function 'retrieve' within the MemberController.php file. This flaw allows for the manipulation of input parameters such as username, password, email, and checkcode, leading to a compromise...
PoC for CVE-2026-12065
A vulnerability exists in the Groww Stock, Mutual Fund, Gold App for Android, specifically within the WebView URL Handler component. This flaw allows for improper authorization related to handling custom URL schemes, enabling potential exploitation of user data on affected devices. Attackers may ...
PoC for CVE-2026-35273
A vulnerability exists in Oracle's PeopleSoft Enterprise PeopleTools that potentially allows an unauthenticated attacker to gain unauthorized access via HTTP, compromising the integrity and confidentiality of the system. If exploited, this could enable a malicious actor to take full control over ...
PoC for CVE-2026-9271
A SQL injection vulnerability has been identified in the Vendor XYZ plugin for WordPress, allowing attackers to execute arbitrary SQL queries. This could result in unauthorized access to sensitive information and potential data breaches. It is crucial for users to update their plugins to the late...
PoC for CVE-2026-9269
The Secure Copy Content Protection and Content Locking plugin for WordPress prior to version 5.1.5 is vulnerable due to inadequate sanitization and escaping of certain settings. This oversight allows high privilege users, such as administrators, to execute Stored Cross-Site Scripting (XSS) attack...
PoC for CVE-2026-48907
A flaw in the JCE editor extension for Joomla permits unauthorized users to create new editor profiles. This malicious capability exposes the site to risks, including the ability to upload PHP code and execute it, potentially leading to a full compromise of the website security. Site administrato...
PoC for CVE-2026-10520
An OS Command Injection vulnerability exists in Ivanti Sentry versions before R10.5.2, R10.6.2, and R10.7.1, allowing an unauthenticated remote attacker to execute arbitrary commands with root privileges. This high-risk vulnerability could potentially compromise the integrity and security of the ...