Publicly Disclosed
PoC Exploits

🔴 Alway take caution when working with PoC Exploits 🔴

Discovered just now...

PoC for CVE-2026-34197

ApacheApache ActiveMQ Broker🟣 EPSS 97%8.8HIGH
Code Injection Vulnerability in Apache ActiveMQ Broker Up to Versio...

Apache ActiveMQ Broker is prone to a code injection vulnerability due to improper input validation in the Jolokia JMX-HTTP bridge. By default, this bridge exposes a web console that allows the execution of operations on all ActiveMQ MBeans. An authenticated attacker can exploit this vulnerability...

PoC for CVE-2026-48907

Joomlacontentedit...Joomla Content Editor ...🟣 EPSS 80%10CRITICAL
JCE Editor Extension for Joomla Vulnerability Allows Unauthenticate...

A flaw in the JCE editor extension for Joomla permits unauthorized users to create new editor profiles. This malicious capability exposes the site to risks, including the ability to upload PHP code and execute it, potentially leading to a full compromise of the website security. Site administrato...

Discovered 2 hours ago

PoC for CVE-2026-14622

JairiidrissRestaurant-website-PHP...6.9MEDIUM
AJAX Endpoint Vulnerability in jairiidriss Restaurant Website PHP M...

A missing authentication vulnerability has been identified in the jairiidriss Restaurant Website PHP MySQL, specifically within the AJAX Endpoint component. An attacker could exploit this flaw to bypass authentication mechanisms, allowing unauthorized remote access to critical functionality withi...

PoC for CVE-2026-14621

FederatedaiFate2.3LOW
Remote Data Leakage in FederatedAI FATE's OSX Broker Component

A vulnerability exists in the OSX Broker of FederatedAI FATE versions up to 2.2.0, specifically in the function QueuePushReqStreamObserver.initEggroll. This issue arises from improper handling of the rollSiteSessionId, dstRole, and dstPartyId arguments, which could allow an attacker to compromise...

Discovered 4 hours ago

PoC for CVE-2026-12194

PHPipamPHPipam2.3LOW
Authenticated Local File Inclusion in PHPIPAM by PHPIPAM

PHPIPAM is subjected to an authenticated local file inclusion vulnerability that enables users with API access to execute or include arbitrary PHP files from the web server's file system. Although the API feature is not enabled by default, if activated, the flaw could potentially allow attackers ...

PoC for CVE-2026-14619

ItsourcecodeHospital Management Sy...5.3MEDIUM
SQL Injection Vulnerability in itsourcecode Hospital Management System

A vulnerability has been identified in the itsourcecode Hospital Management System version 1.0 that allows for SQL injection through crafted input passed to the 'editid' parameter in the /medicine.php file. This flaw may enable remote attackers to manipulate database queries, leading to unauthori...

PoC for CVE-2026-14618

Open5GSOpen5gs5.3MEDIUM
Denial of Service Vulnerability in Open5GS Network Functions

A vulnerability has been identified in Open5GS's AMF component that could lead to a denial of service condition. Specifically, the issue resides in the `amf_nnrf_handle_nf_discover` function within the source file `src/amf/nnrf-handler.c`. This vulnerability can be exploited remotely, allowing an...

Discovered 5 hours ago

PoC for CVE-2017-12615

ApacheApache Tomcat🟣 EPSS 100%8.1HIGH
Remote Code Execution Vulnerability in Apache Tomcat on Windows

A security vulnerability exists in Apache Tomcat versions 7.0.0 through 7.0.79 on Windows when HTTP PUT requests are enabled. This flaw allows an attacker to upload a malicious JSP file to the server through crafted requests. If successfully executed, the uploaded JSP file can be accessed and run...

Discovered 6 hours ago

PoC for CVE-2024-1561

Gradio-appGradio-app/gradio7.5HIGH
Gradio App Vulnerability Allows Unauthorized File Read Access

A significant vulnerability exists within the Gradio product where the `/component_server` endpoint inadequately manages method invocations on the `Component` class while allowing input directed by attackers. By leveraging the `move_resource_to_block_cache()` method from the `Block` class, an att...

Discovered 8 hours ago

PoC for CVE-2026-14459

Tubitak Bilgem So...Pardus-software8.8HIGH
Argument Injection Vulnerability in TUBITAK BILGEM Software

The TUBITAK BILGEM Software Technologies Research Institute's pardus-software is vulnerable to argument injection due to improper neutralization of argument delimiters. This flaw allows malformed input to be interpreted in unintended ways, potentially compromising the software's integrity. Affect...

Discovered 13 hours ago

PoC for CVE-2026-14617

NousresearchHermes-agent2.3LOW
Improper Case Sensitivity in NousResearch hermes-agent Streaming Re...

A security flaw has been identified in the NousResearch hermes-agent, specifically in the Streaming Reasoning Tag Filter functionality. The vulnerability occurs within the GatewayStreamConsumer._filter_and_accumulate method in the file gateway/stream_consumer.py. The issue relates to improper han...

Discovered 14 hours ago

PoC for CVE-2026-14610

Open Asset Import...Assimp4.8MEDIUM
Buffer Overflow Vulnerability in Open Asset Import Library Assimp C...

A vulnerability exists in the Open Asset Import Library Assimp within the CSM File Handler, specifically in the function Assimp::CSMImporter::InternReadFile. This flaw results in a heap-based buffer overflow, which can be exploited through local execution of crafted inputs. An exploit for this vu...

Discovered 15 hours ago

PoC for CVE-2026-14607

RT-ThreadRt-thread6.8MEDIUM
Memory Corruption Vulnerability in RT-Thread by RT-Thread

A vulnerability has been identified in RT-Thread versions up to 5.0.2 that affects the function sys_getaddrinfo. This weakness allows an attacker with local access to manipulate the argument ai_addr, which can lead to memory corruption. Current exploits of this vulnerability are publicly availabl...

PoC for CVE-2026-14606

RT-ThreadRt-thread8.5HIGH
Buffer Overflow Vulnerability in SWM341 CAN Handler by RT-Thread

A vulnerability has been identified in the RT-Thread SWM341 CAN Handler up to version 5.0.2, specifically in the CAN_Receive function found in the CMSIS DeviceSupport library. This flaw allows for a stack-based buffer overflow, which can be exploited locally to manipulate the application's execut...

PoC for CVE-2026-14605

RT-ThreadRt-thread8.5HIGH
Stack-Based Buffer Overflow in RT-Thread RTOS Affecting ls1c CAN Ha...

A vulnerability has been discovered in the RT-Thread Real-Time Operating System (RTOS) related to the ls1c CAN Handler. Specifically, the issue lies within the 'recvmsg' function located in bsp/loongson/ls1cdev/libraries/ls1c_can.h. This vulnerability can lead to a stack-based buffer overflow, wh...

Discovered 16 hours ago

PoC for CVE-2026-14604

Open Asset Import...Assimp5.3MEDIUM
Double Free Vulnerability in Open Asset Import Library Assimp's PLY...

A vulnerability in the Open Asset Import Library Assimp affects the PLY Model Handler's ExportToBlob function. This issue allows for a double free, which can be exploited remotely. The vulnerability could lead to destabilization of applications utilizing the affected component. The Assimp project...

Discovered 19 hours ago

PoC for CVE-2026-49468

BerriaiLitellm9.5CRITICAL
Proxy Server Flaw in LiteLLM by BerriAI Affects Multiple Versions

A security vulnerability in LiteLLM, an AI Gateway proxy server designed to facilitate calls to LLM APIs, was identified in all versions prior to 1.84.0. This flaw potentially exposes users to various security risks. It is critical for users to update to version 1.84.0 or newer to mitigate these ...

Discovered 1 day ago

PoC for CVE-2022-36021

RedisRedis🟣 EPSS 60%5.5MEDIUM
Redis string pattern matching can be abused to achieve Denial of Se...

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions ...

PoC for CVE-2022-36021

RedisRedis🟣 EPSS 60%5.5MEDIUM
Redis string pattern matching can be abused to achieve Denial of Se...

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions ...

PoC for CVE-2026-13768

GardynGardyn Home Firmware9.5CRITICAL
IoT Device Vulnerability in Gardyn Products

Gardyn devices are susceptible to a severe security flaw that exposes a privileged iothubowner key. This key grants malicious users the ability to manipulate the IoTHub Registry Manager, potentially revealing critical connection information for all connected Gardyn Home Kit and Studio devices. Fu...

PoC for CVE-2026-38751

DevCode-itOpenSTAManager7.2HIGH
Arbitrary File Upload Vulnerability in OpenSTAManager by DevCode-it

OpenSTAManager versions up to and including 2.10 contain a vulnerability that allows an attacker to upload arbitrary files via the module update functionality. This flaw exists in the 'upload_modules.php' script, which does not adequately validate file uploads, potentially enabling unauthorized a...

PoC for CVE-2025-57819

FreepbxEndpoint🟣 EPSS 93%10CRITICAL
Unauthenticated Access Vulnerability in FreePBX by Sangoma Technolo...

FreePBX, an open-source web-based GUI, suffers from a vulnerability that permits unauthenticated users to gain access to the FreePBX Administrator interface. This is primarily due to insufficient sanitization of user-provided data. The flaw can lead to unauthorized database manipulation and may a...

Discovered 2 days ago

PoC for CVE-2026-58460

Ajith-abReact-native-receive-s...7HIGH
Path Traversal Vulnerability in React Native Receive Sharing Intent...

The react-native-receive-sharing-intent library is susceptible to a path traversal vulnerability. This flaw permits a co-resident malicious application to exploit the system by manipulating the _display_name value to include dot-dot path components. Through this vulnerability, attackers can lever...

PoC for CVE-2026-58467

Cockpit-projectCockpit8.2HIGH
Path Traversal and Local File Inclusion in Cockpit CMS by Cockpit P...

Cockpit CMS prior to version 364 is susceptible to a path traversal and local file inclusion vulnerability, allowing unauthenticated attackers to access arbitrary files or execute PHP scripts by manipulating the REQUEST_URI. This flaw occurs due to improper validation of the PATH_INFO variable du...

PoC for CVE-2026-59102

ForgejoForgejo2.1LOW
Stored Cross-Site Scripting Vulnerability in Forgejo by Codeberg

Forgejo, a platform developed by Codeberg, is vulnerable to a stored cross-site scripting attack that can be exploited by authenticated users. Attackers can embed malicious JavaScript code into the display name field. When the DEFAULT_SHOW_FULL_NAME option is activated, this name gets rendered in...

PoC for CVE-2026-59100

LobehubLobehub2.3LOW
Broken Object Level Authorization in LobeChat Affects User Data Man...

LobeChat version 2.2.9 has a broken object level authorization vulnerability that allows authenticated users to manipulate other users' chat-group agent data. By using arbitrary group identifiers, attackers can perform unauthorized actions such as retrieving agent listings, altering agent roles a...

PoC for CVE-2026-59099

ApereoCas9.3CRITICAL
Cryptographic Vulnerability in Apereo CAS Version 7.3.0

Apereo CAS versions prior to 8.0.0-RC6 are susceptible to a cryptographic vulnerability that enables remote unauthenticated attackers to recover plaintext conversation state. This issue arises from AES-GCM initialization vector reuse, where the use of a constant all-zero IV in conjunction with a ...

PoC for CVE-2026-59098

LobehubLobehub7.1HIGH
Broken Access Control in LobeChat Affects User Data Privacy

LobeChat versions up to 2.2.9 are affected by a broken access control vulnerability in its retrieval-augmented-generation semantic search functionality. This flaw allows authenticated attackers to exploit missing user-identifier checks, granting them unauthorized access to other users' data. By m...

PoC for CVE-2026-59097

TaigaTaiga-back6.9MEDIUM
Missing Authorization Vulnerability in Taiga Project Management Tool

Taiga, a popular project management tool, has a security flaw that allows unauthorized remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints. This vulnerability affects users of version 6.10.1 and earlier, where attackers can bypass permission...

PoC for CVE-2026-59095

LobehubLobehub8.3HIGH
Server-Side Request Forgery in LobeChat by LobeHub

LobeChat versions prior to 2.2.10-canary.18 contain a server-side request forgery vulnerability. This issue allows authenticated attackers to manipulate internal HTTP requests by exploiting user-controlled inputs in services such as skill import and topic cover updates. Through these entry points...

PoC for CVE-2026-59094

PathwaycomPathway8.7HIGH
Denial of Service in Pathway Document Store Affecting Users of Pathway

The Pathway Document Store is susceptible to a denial of service attack due to its handling of caller-supplied glob patterns. From the unauthenticated HTTP endpoints, an attacker can submit malicious patterns that lead to high CPU consumption, as the application evaluates these patterns without s...

PoC for CVE-2026-58579

InfiniflowRagflow5.1MEDIUM
Stored Cross-Site Scripting in RAGFlow by Infiniflow

RAGFlow versions prior to 0.26.3 are exposed to a stored cross-site scripting vulnerability due to insufficient sanitization of agent pipeline node names. The normalize_dsl function validates JSON serialization but does not sanitize the node name itself. This leads to scenarios where an authentic...

PoC for CVE-2026-58578

LobehubLobehub7.1HIGH
Regular Expression Denial of Service in LobeChat by LobeHub

The vulnerability in LobeChat enables authenticated attackers to exploit regular expression denial of service (ReDoS) by injecting catastrophic-backtracking patterns into a GitHub repository URL path during skill import. This flaw allows attackers to obstruct the Node.js event loop, leading to si...

PoC for CVE-2026-33017

Langflow-aiLangflow🟣 EPSS 98%9.3CRITICAL
Authentication Bypass in Langflow Tool for AI-Powered Workflows

Langflow, a tool for constructing and deploying AI-driven agents and workflows, is susceptible to a vulnerability in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint in versions before 1.9.0. This vulnerability enables an attacker to build public flows without authentication, leveraging ...

PoC for CVE-2021-27877

VeritasBackup Exec🟣 EPSS 65%8.2HIGH
Remote Code Execution Vulnerability in Veritas Backup Exec

A vulnerability in Veritas Backup Exec allows attackers to exploit outdated SHA authentication support, which has not been disabled in versions prior to 21.2. By leveraging this weakness, an attacker can gain unauthorized access to an Agent, enabling them to execute privileged commands remotely. ...

PoC for CVE-2024-58352

Shenzhen Landray ...Landry Office Automati...8.7HIGH
Unauthenticated HQL Injection Vulnerability in Landray OA Software

Landray OA is affected by a serious unauthenticated HQL injection vulnerability, which enables attackers to manipulate the system's database queries by injecting harmful HQL syntax via the uid POST parameter of the wechatLoginHelper.do endpoint. This vulnerability stems from a failure to adequate...

PoC for CVE-2022-50973

Yonyou Network Te...Ksoa9.3CRITICAL
Unauthenticated File Upload Vulnerability in Yonyou KSOA 9.0

Yonyou KSOA 9.0 is vulnerable to an unauthenticated file upload issue in the com.sksoft.bill.ImageUpload servlet. This flaw allows attackers to upload arbitrary files simply by submitting a POST request with manipulated filepath and filename parameters, bypassing crucial authentication, file type...

PoC for CVE-2022-50973

Yonyou Network Te...Ksoa9.3CRITICAL
Unauthenticated File Upload Vulnerability in Yonyou KSOA 9.0

Yonyou KSOA 9.0 is vulnerable to an unauthenticated file upload issue in the com.sksoft.bill.ImageUpload servlet. This flaw allows attackers to upload arbitrary files simply by submitting a POST request with manipulated filepath and filename parameters, bypassing crucial authentication, file type...

PoC for CVE-2022-50973

Yonyou Network Te...Ksoa9.3CRITICAL
Unauthenticated File Upload Vulnerability in Yonyou KSOA 9.0

Yonyou KSOA 9.0 is vulnerable to an unauthenticated file upload issue in the com.sksoft.bill.ImageUpload servlet. This flaw allows attackers to upload arbitrary files simply by submitting a POST request with manipulated filepath and filename parameters, bypassing crucial authentication, file type...

PoC for CVE-2021-1931

QualcommSnapdragon Auto, Snapd...6.7MEDIUM
Buffer Overflow Vulnerability in Qualcomm Snapdragon Products

This security vulnerability is caused by improper validation of the buffer length when processing fast boot commands across various Qualcomm Snapdragon products. An attacker could exploit this flaw to execute arbitrary code or cause unintended behavior, potentially compromising the affected devices.

PoC for CVE-2024-14037

Guangzhou Red Sea...Red Sea Cloud Ehr9.3CRITICAL
Arbitrary File Upload Vulnerability in Redsea Cloud eHR

Redsea Cloud eHR is affected by an arbitrary file upload vulnerability that permits unauthenticated attackers to execute remote code. By exploiting the PtFjk.mob servlet endpoint, attackers can submit multipart POST requests containing malicious files disguised as image/jpeg, thereby circumventin...

PoC for CVE-2024-14037

Guangzhou Red Sea...Red Sea Cloud Ehr9.3CRITICAL
Arbitrary File Upload Vulnerability in Redsea Cloud eHR

Redsea Cloud eHR is affected by an arbitrary file upload vulnerability that permits unauthenticated attackers to execute remote code. By exploiting the PtFjk.mob servlet endpoint, attackers can submit multipart POST requests containing malicious files disguised as image/jpeg, thereby circumventin...

PoC for CVE-2026-53753

UnclecodeCrawl4ai9.8CRITICAL
Open-source LLM Friendly Web Crawler Vulnerability in Crawl4AI

Crawl4AI, an open-source LLM-friendly web crawler, prior to version 0.8.7, contains a critical vulnerability in its computed fields feature. The _safe_eval_expression() function employs an AST validator that inadequately restricts attribute access, allowing attributes without an underscore prefix...

PoC for CVE-2025-69212

Devcode-itOpenstamanager9.4CRITICAL
OS Command Injection Vulnerability in OpenSTAManager by DevCode

OpenSTAManager, an open source management tool for technical assistance and invoicing, has a vulnerability in the P7M file decoding functionality. Versions 2.9.8 and earlier allow authenticated attackers to upload a ZIP file containing a maliciously crafted .p7m file. This could lead to the execu...

PoC for CVE-2026-11578

WordPressFluent Forms2.7LOW
Improper Access Control in Fluent Forms Plugin by WordPress

The Fluent Forms WordPress plugin, prior to version 6.2.5, has a serious vulnerability related to improper access control. Specifically, it fails to restrict a Manager's ability to delete form submission entries associated with forms they are not authorized to manage. This could result in unautho...

PoC for CVE-2026-11965

WordPressUser Registration & Me...6.5MEDIUM
User Registration & Membership Plugin Flaw in WordPress Enables Una...

The User Registration & Membership plugin for WordPress prior to version 5.2.0 allows unauthenticated individuals to activate paid membership subscriptions without completing payment. This flaw occurs due to the lack of enforcement on payment verification during the account registration process, ...

PoC for CVE-2026-10077

WordPressYootheme6.8MEDIUM
Stored Cross-Site Scripting in Yootheme WordPress Theme

The Yootheme WordPress theme prior to version 5.0.35 is vulnerable to stored Cross-Site Scripting (XSS) attacks. This occurs as the theme fails to adequately sanitize certain HTML attributes, allowing users with the Author role to inject malicious scripts. When a post containing such scripts is v...

PoC for CVE-2026-11781

WordPressAdminify2.7LOW
User Privilege Escalation in Adminify WordPress Plugin

The Adminify WordPress plugin prior to version 4.2.10 fails to enforce appropriate read-capability checks for its administration search functionality. This oversight enables users with lower privileges, such as Contributors, to access and reveal sensitive information that should remain protected....

PoC for CVE-2026-38751

DevCode-itOpenSTAManager7.2HIGH
Arbitrary File Upload Vulnerability in OpenSTAManager by DevCode-it

OpenSTAManager versions up to and including 2.10 contain a vulnerability that allows an attacker to upload arbitrary files via the module update functionality. This flaw exists in the 'upload_modules.php' script, which does not adequately validate file uploads, potentially enabling unauthorized a...

PoC for CVE-2025-69212

Devcode-itOpenstamanager9.4CRITICAL
OS Command Injection Vulnerability in OpenSTAManager by DevCode

OpenSTAManager, an open source management tool for technical assistance and invoicing, has a vulnerability in the P7M file decoding functionality. Versions 2.9.8 and earlier allow authenticated attackers to upload a ZIP file containing a maliciously crafted .p7m file. This could lead to the execu...