Publicly Disclosed
PoC Exploits

🔴 Alway take caution when working with PoC Exploits 🔴

Discovered 3 hours ago

PoC for CVE-2026-23744

McpjamInspector🟣 EPSS 44%9.8CRITICAL
Remote Code Execution Vulnerability in MCPJam Inspector by MCP

MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...

Discovered 5 hours ago

PoC for CVE-2026-46584

ApacheApache Camel Mail3.7LOW
Improper Input Validation Vulnerability in Apache Camel Mail Component

An improper input validation vulnerability in the Apache Camel Mail Component allows for the potential exposure of sensitive information due to untrusted input being processed without proper filtering. Specifically, the MailProducer may construct JavaMail sessions with headers from untrusted sour...

Discovered 6 hours ago

PoC for CVE-2026-0740

WordPressNinja Forms - File Upl...🟣 EPSS 54%9.8CRITICAL
Arbitrary File Upload Vulnerability in Ninja Forms File Uploads Plu...

The Ninja Forms - File Uploads plugin for WordPress contains a vulnerability allowing unauthenticated attackers to upload arbitrary files due to inadequate file type validation in the upload handling function. This oversight affects all versions upto and including 3.3.26, potentially enabling att...

Discovered 7 hours ago

PoC for CVE-2026-43499

LinuxLinux7.8HIGH
Linux Kernel Vulnerability in rtmutex Component Affecting Multiple ...

A vulnerability exists in the Linux kernel's rtmutex component where the remove_waiter() function incorrectly utilizes current instead of waiter::task during a dequeue operation within various mutex handling paths. This mismanagement leads to multiple issues, including potential use-after-free vu...

Discovered 8 hours ago

PoC for CVE-2026-15753

ZhinianbokeXianyu-auto-reply5.3MEDIUM
Remote Manipulation Vulnerability in Zhinianboke Xianyu-Auto-Reply ...

A critical vulnerability has been identified in the Zhinianboke Xianyu-Auto-Reply server that allows an attacker to manipulate server-side HTTP permission methods through the vulnerable 'review' functionality at /api/v1/payment/withdraw/review?action=approve. This manipulation can facilitate unau...

PoC for CVE-2026-15751

Mastergo-designMastergo-magic-mcp4.8MEDIUM
Path Traversal Vulnerability in Mastergo Design's Magic MCP Tool

A security vulnerability has been discovered in the Mastergo Design Magic MCP tool, particularly affecting the function execute in the component mcp__getComponentGenerator located in mastergo/component-workflow.md. This vulnerability allows unauthorized access to file paths due to improper handli...

Discovered 9 hours ago

PoC for CVE-2026-15750

Mastergo-designMastergo-magic-mcp5.3MEDIUM
Server-Side Request Forgery in Mastergo Design's Magic MCP Component

A vulnerability exists in the Mastergo Magic MCP component, specifically in its z.string function located in src/tools/get-component-link.ts. This flaw allows an attacker to manipulate the URL argument, potentially leading to server-side request forgery (SSRF). With SSRF, an attacker can send req...

PoC for CVE-2026-15749

Mastergo-designMastergo-magic-mcp4.8MEDIUM
Path Traversal Vulnerability in Mastergo Design's Magic MCP Tool

A security flaw has been identified in the Magic MCP tool by Mastergo Design, specifically affecting version 0.2.0. The vulnerability arises from improper handling of the argument 'filePath' in the 'execute' function of the 'src/tools/get-c2d.ts' file, allowing for path traversal attacks. This co...

Discovered 11 hours ago

PoC for CVE-2026-46457

ApacheApache Camel7.5HIGH
Improper Input Validation Vulnerability in Apache Camel NATS Component

An improper input validation issue exists in the NATS component of Apache Camel, affecting versions 4.0.0 to 4.14.7, 4.15.0 to 4.18.2, and 4.19.0 to 4.20.9. This flaw allows clients capable of publishing to specific NATS subjects to inject arbitrary Camel control headers, which can manipulate the...

Discovered 12 hours ago

PoC for CVE-2026-15715

SourcecodesterClass And Exam Timetab...5.3MEDIUM
Cross-Site Scripting Vulnerability in SourceCodester Class and Exam...

A cross-site scripting vulnerability exists in the SourceCodester Class and Exam Timetabling System 1.0, specifically within the /exam.php file. By exploiting improper handling of the 'day' argument, attackers can perform remote code execution, leading to unauthorized access to sensitive user dat...

Discovered 13 hours ago

PoC for CVE-2026-15703

SourcecodesterSimple And Nice Shoppi...6.9MEDIUM
SQL Injection Vulnerability in SourceCodester Simple and Nice Shopp...

A SQL injection vulnerability exists in the Simple and Nice Shopping Cart Script version 1.0, specifically within the /admin/userproductdeletequery.php file. This vulnerability arises when an attacker manipulates the user_id argument, enabling the execution of malicious SQL queries. This flaw all...

Discovered 14 hours ago

PoC for CVE-2026-15701

TotolinkNr1800x9.3CRITICAL
Stack-Based Buffer Overflow Vulnerability in Totolink NR1800X by To...

A weakness has been identified in the Totolink NR1800X router, specifically in the lighttpd component's Form_Logout function located in the file /formLogout.htm. This vulnerability allows for a stack-based buffer overflow due to improper handling of the Host argument, which can be exploited by at...

PoC for CVE-1999-0524

MicrosoftWindows🟣 EPSS 32%
Arbitrary Host ICMP Information Exposure in Cisco Products

The vulnerability allows arbitrary hosts to send ICMP requests that reveal sensitive information, including netmask and timestamp data. This exposure can assist attackers in conducting reconnaissance and facilitate further attacks on the network. Proper configuration and monitoring are essential ...

PoC for CVE-2026-15700

Shanghai Zhuozhuo...Dedecms5.1MEDIUM
Path Traversal Vulnerability in DedeCMS 5.7.118 by Shanghai Zhuozhu...

A security flaw has been identified in DedeCMS version 5.7.118, specifically within the ExtractFile function of the include/zip.class.php component related to the Album Publishing feature. This vulnerability permits path traversal, allowing attackers to manipulate the filename argument, which may...

PoC for CVE-2026-15699

SpencermountainCompromise5.3MEDIUM
Prototype Pollution Vulnerability in spencermountain's Public Root API

A vulnerability affecting spencermountain’s Public Root API was identified in versions up to 14.15.1, specifically in the function nlp.extend located in the file src/API/extend.js. This vulnerability allows for unauthorized manipulation of the argument plugin, which could lead to uncontrolled mod...

Discovered 15 hours ago

PoC for CVE-2026-15696

TendaBe12 Pro8.7HIGH
Stack-Based Buffer Overflow in Tenda BE12 Pro by Tenda Electronics

A significant vulnerability exists in the Tenda BE12 Pro, specifically within the fromVirtualSer function of the /goform/VirtualSer component. This vulnerability allows for manipulation of the input parameters, potentially leading to a stack-based buffer overflow. As a result, attackers can execu...

PoC for CVE-2026-58479

Dan-in-caSip9.2CRITICAL
Command Injection Vulnerability in Sustainable Irrigation Platform ...

The Sustainable Irrigation Platform (SIP) versions up to 5.2.16 are vulnerable to command injection through the optional cli_control plugin. This weakness enables unauthenticated attackers to exploit the platform by submitting a malicious payload via the plugin's HTTP endpoint. Once an attack is ...

PoC for CVE-2026-58478

Dan-in-caSip6.3MEDIUM
Server-Side Request Forgery Vulnerability in Sustainable Irrigation...

The Sustainable Irrigation Platform versions up to 5.2.16 expose a Server-Side Request Forgery (SSRF) vulnerability that can be exploited by unauthenticated attackers using a malicious callback URL when the optional Node-RED plugin is enabled. This flaw allows attackers to circumvent destination ...

PoC for CVE-2026-58477

Dan-in-caSip8.8HIGH
Mass Assignment Vulnerability in Sustainable Irrigation Platform by...

The Sustainable Irrigation Platform (SIP) version 5.2.16 and earlier is susceptible to a mass assignment vulnerability. This flaw enables unauthenticated attackers to overwrite sensitive configuration settings by supplying arbitrary parameter names within HTTP requests. Vulnerable configurations ...

Discovered 16 hours ago

PoC for CVE-2026-60114

Dan-in-caSip8.7HIGH
Path Traversal Flaw in Sustainable Irrigation Platform by Unknown V...

The Sustainable Irrigation Platform (SIP) through version 5.2.16 is vulnerable to a path traversal issue that can be exploited by attackers who gain access to the restore functionality. By uploading specially crafted JSON backup files that include unvalidated keys, attackers can write files to ar...

PoC for CVE-2026-15695

TendaBe12 Pro8.7HIGH
Stack-based Buffer Overflow in Tenda BE12 Pro Routers

A critical flaw in Tenda BE12 Pro routers (version 16.03.66.23) allows for a stack-based buffer overflow through the 'fromDhcpListClient' function in the '/goform/DhcpListClient' file. This vulnerability can be exploited remotely, posing a significant risk to device integrity and security. Attack...

PoC for CVE-2026-58476

Dan-in-caSip7HIGH
Cross-Site Request Forgery Vulnerability in Sustainable Irrigation ...

The Sustainable Irrigation Platform (SIP) through version 5.2.16 is susceptible to a cross-site request forgery (CSRF) vulnerability. This flaw allows remote attackers to execute state-changing administrative actions by enticing a logged-in administrator to visit a malicious webpage. The absence ...

PoC for CVE-2026-58475

Dan-in-caSip5.3MEDIUM
Stored Cross-Site Scripting Vulnerability in Sustainable Irrigation...

The Sustainable Irrigation Platform, up to version 5.2.16, is vulnerable to a stored cross-site scripting (XSS) flaw, enabling unauthorized attackers to inject malicious JavaScript payloads. This vulnerability arises from improper output encoding within program names submitted via HTTP requests, ...

PoC for CVE-2026-15694

TendaBe12 Pro8.7HIGH
Stack-Based Buffer Overflow in Tenda BE12 Pro Router

A stack-based buffer overflow vulnerability exists in the Tenda BE12 Pro router due to improper handling in the fromSetIpBind function, specifically in the /goform/SetIpBind file. By manipulating the 'page' argument, an attacker can exploit this weakness to execute arbitrary code remotely. The ex...

PoC for CVE-2021-44228

ApacheApache Log4j2🟣 EPSS 100%10CRITICAL
Apache Log4j2 JNDI features do not protect against attacker control...

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log messag...

PoC for CVE-2023-38646

MetabaseMetabase🟣 EPSS 98%9.8CRITICAL
Remote Code Execution Vulnerability in Metabase by Metabase

Metabase, both the open-source and enterprise versions prior to specified updates, contains a vulnerability that allows malicious actors to execute arbitrary commands at the server's privilege level without requiring authentication. This weakness can lead to significant security breaches, includi...

Discovered 17 hours ago

PoC for CVE-2025-21293

MicrosoftWindows 10 Version 1507🟣 EPSS 18%8.8HIGH
Active Directory Elevation of Privilege Vulnerability in Microsoft ...

This vulnerability in Active Directory Domain Services allows attackers to gain elevated privileges within the system, potentially leading to unauthorized access and control over sensitive resources. By exploiting this flaw, an attacker could perform actions that exceed their intended access righ...

PoC for CVE-2026-15693

TendaBe12 Pro8.7HIGH
Buffer Overflow in Tenda BE12 Pro Router

A critical security vulnerability has been identified in the Tenda BE12 Pro router, specifically in the 'fromSafeMacFilter' function located in the '/goform/SafeMacFilter' file. This vulnerability allows for a stack-based buffer overflow due to improper handling of input arguments, which can be e...

PoC for CVE-2014-7169

GnuBash🟣 EPSS 100%9.8CRITICAL
Environmental Variable Command Injection in GNU Bash by GNU

The vulnerability in GNU Bash through version 4.3 allows attackers to exploit malformed function definitions in environment variables. This can lead to unauthorized writing to files or other impacts, particularly through methods that involve privilege boundaries. Notable examples of exploitation ...

Discovered 18 hours ago

PoC for CVE-2026-15692

TendaBe12 Pro8.7HIGH
Stack-Based Buffer Overflow in Tenda BE12 Pro Product

A vulnerability has been discovered in the Tenda BE12 Pro router version 16.03.66.23, specifically in the fromSafeUrlFilter function located in the /goform/SafeUrlFilter file. This weakness can be exploited by manipulating the 'page' argument leading to a stack-based buffer overflow. The exploit ...

PoC for CVE-2026-15691

TendaBe12 Pro8.7HIGH
Stack-Based Buffer Overflow in Tenda BE12 Pro Router

A security flaw has been identified in the Tenda BE12 Pro router, particularly in the fromSafeClientFilter function located in the /goform/SafeClientFilter file. This vulnerability can be exploited by manipulating the argument page, leading to a stack-based buffer overflow. Given its remote explo...

PoC for CVE-2026-15690

open62541Open625412.3LOW
Remote Null Pointer Dereference in open62541 Client Library

A vulnerability exists in the open62541 Shared Client Library, specifically within the responseReadNamespacesArray function of the file src/client/ua_client_connect.c. This flaw allows for a null pointer dereference, which can be caused by improper handling of the Server_NamespaceArray argument. ...

Discovered 23 hours ago

PoC for CVE-2026-43724

AppleiOS And iPad OS7.8HIGH
Improper Input Sanitization Vulnerability in Apple Products

A vulnerability has been identified in Apple's iOS, iPadOS, and macOS that could potentially allow an application to lead to unexpected system termination or unauthorized access to kernel memory. This vulnerability results from insufficient input sanitization, which may be exploited by malicious ...

Discovered 1 day ago

PoC for CVE-2026-38526

WebkulKrayin CRM9.9CRITICAL
Arbitrary File Upload Vulnerability in Webkul Krayin CRM

An authenticated arbitrary file upload vulnerability exists in the /admin/tinymce/upload endpoint of Webkul Krayin CRM version 2.2.x. This flaw enables attackers to upload crafted PHP files, which can subsequently lead to the execution of arbitrary code on the server. Such vulnerabilities can be ...

PoC for CVE-2026-15678

Code-projectsOnline Job Portal5.1MEDIUM
Cross Site Scripting Vulnerability in Code-Projects Online Job Port...

A security flaw has been identified in the Online Job Portal version 1.0 developed by Code-Projects. This vulnerability affects an unspecified function within the /Admin/DetailJob.php file, enabling attackers to perform cross-site scripting (XSS) attacks remotely. The flaw may allow unauthorized ...

PoC for CVE-2026-15677

Code-projectsOnline Job Portal6.9MEDIUM
Unrestricted File Upload in Online Job Portal by Code-Projects

A vulnerability in the Online Job Portal 1.0 by Code-Projects allows attackers to manipulate the 'txtFile' argument in the /JobSeekerInsert.php file, leading to unrestricted file uploads. This vulnerability can be exploited remotely, enabling malicious actors to upload arbitrary files to the serv...

PoC for CVE-2026-15676

Code-projectsOnline Job Portal6.9MEDIUM
SQL Injection Vulnerability in Code-Projects Online Job Portal

A security flaw has been found in the Code-Projects Online Job Portal, specifically in the DeleteUser.php file. This vulnerability allows attackers to execute SQL injection attacks through manipulation of an unspecified function. The exploit can be executed remotely, posing a significant risk to ...

PoC for CVE-2026-12583

WordPressNewsletters8.1HIGH
Deserialization Vulnerability in Newsletters Plugin by WordPress

The Newsletters plugin for WordPress, prior to version 4.15, is susceptible to a deserialization vulnerability that arises from the handling of untrusted input via public forms. This flaw permits unauthenticated attackers to inject PHP objects, leveraging a property-oriented gadget chain inherent...

PoC for CVE-2026-12988

WordPressWP 2fa6.4MEDIUM
Improper Email Verification in WP 2FA Plugin for WordPress

The WP 2FA plugin for WordPress, prior to version 3.1.1.2, is vulnerable due to a flaw in the email verification process during two-factor authentication setup. Attackers who have acquired user credentials can manipulate the verification process by providing an email address under their control. ...

PoC for CVE-2026-12511

WordPressAi Engine8.1HIGH
Path Traversal Vulnerability in AI Engine WordPress Plugin

The AI Engine WordPress plugin prior to version 3.5.5 is susceptible to a path traversal vulnerability. This issue allows authenticated users with editor-level permissions to provide malicious filenames, which the plugin fails to properly sanitize. Consequently, this could permit an attacker to w...

PoC for CVE-2026-11563

WordPressWord Count And Social ...9.6CRITICAL
File Deletion Vulnerability in Word Count and Social Shares Plugin ...

The Word Count and Social Shares plugin for WordPress versions up to 1.0 has a serious security issue where it fails to validate user-supplied file paths before performing deletions. This vulnerability allows authenticated users, such as those with Subscriber roles, to delete any file on the serv...

PoC for CVE-2026-11567

WordPressSureforms5.9MEDIUM
Payment Validation Flaw in SureForms Plugin for WordPress

The SureForms plugin for WordPress prior to version 2.11.1 features an improper payment amount validation flaw. This vulnerability allows unauthenticated users to exploit dynamically-sourced payment fields, leading to potential underpayment for products or subscriptions. Forms configured with a f...

PoC for CVE-2025-15665

WordPressUltimate Before After ...5.4MEDIUM
Cross-Site Scripting Flaw in Ultimate Before After Image Slider & G...

The Ultimate Before After Image Slider & Gallery plugin for WordPress versions prior to 4.7.1 is susceptible to a cross-site scripting vulnerability. This issue arises because the plugin fails to properly escape the shortcode field when outputting the value of the BEAF Slider widget. As a result,...

PoC for CVE-2026-15675

Code-projectsOnline Job Portal6.9MEDIUM
SQL Injection Vulnerability in Online Job Portal by Code-Projects

A vulnerability exists within the Online Job Portal 1.0 developed by Code-Projects, where an attacker can exploit the EditUser.php file through manipulation of the UserId argument, leading to SQL injection. This flaw allows unauthorized access to the database and potential exposure of sensitive i...

PoC for CVE-2026-15672

ItsourcecodeElectronic Judging System5.3MEDIUM
SQL Injection in itsourcecode Electronic Judging System Affects Rem...

A vulnerability has been identified within the itsourcecode Electronic Judging System, specifically affecting the /intrams/admin/add_judges.php file. The manipulation of the 'fname' argument can lead to SQL injection, enabling an attacker to execute arbitrary SQL commands. This exploitation can o...

PoC for CVE-2026-15669

Louisho5Picobot4.8MEDIUM
OS Command Injection Vulnerability in louisho5 Picobot by louisho5

A significant vulnerability has been identified in the louisho5 Picobot up to version 0.2.0, specifically affecting the ExecTool.Execute function within the exec.go file. This flaw allows for os command injection due to improper input validation, posing a risk for local exploitation. Although the...

PoC for CVE-2026-46456

ApacheApache Camel9.8CRITICAL
Improper Input Validation in Apache Camel AWS2-SQS Component

An improper input validation vulnerability in the Apache Camel AWS2-SQS Component allows unauthorized manipulation of Camel control headers through unfiltered inbound message attributes. This flaw may permit an attacker to influence the behavior of downstream routes by injecting arbitrary headers...

PoC for CVE-2026-15668

Louisho5Picobot5.3MEDIUM
Server-Side Request Forgery in louisho5 picobot Web Tool

A vulnerability exists in the louisho5 picobot web Tool which could allow an attacker to exploit the WebTool.Execute function within the internal/agent/tools/web.go file. By manipulating the URL argument, a remote attacker may execute server-side request forgery (SSRF) attacks. This vulnerability...

PoC for CVE-2026-15629

Louisho5Picobot5.3MEDIUM
Improper Link Resolution in louisho5 picobot Component

A weakness has been discovered in the louisho5 picobot's Workspace Handler, specifically in the CreateSkill/GetSkill functions found in the filesystem.go file. This vulnerability enables an attacker to manipulate link following behavior, potentially allowing unauthorized access and exploitation. ...

PoC for CVE-2026-15628

ZhayujieChatgpt-on-wechat Cowa...5.3MEDIUM
Server-Side Request Forgery Vulnerability in zhayujie ChatGPT-on-We...

A security issue has been found in zhayujie ChatGPT-on-WeChat CowAgent that allows for server-side request forgery (SSRF). This vulnerability affects the Vision Tool component, specifically the Vision._download_to_data_url function within the vision.py file. By manipulating the 'image' argument, ...