Publicly Disclosed
PoC Exploits

đź”´ Alway take caution when working with PoC Exploits đź”´

Discovered 2 hours ago

PoC for CVE-2025-4915

PHPgurukulAuto Taxi Stand Manage...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Auto Taxi Stand Managemen...

The PHPGurukul Auto Taxi Stand Management System 1.0 has been identified as vulnerable to an SQL injection flaw affecting the handling of input parameters in the file /admin/auto-taxi-entry-detail.php. This vulnerability enables remote attackers to manipulate the price argument to execute arbitra...

Discovered 3 hours ago

PoC for CVE-2025-4914

PHPgurukulAuto Taxi Stand Manage...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Auto Taxi Stand Managemen...

The PHPGurukul Auto Taxi Stand Management System 1.0 contains a vulnerability that allows for SQL injection through the 'email' parameter in the /admin/forgot-password.php file. This flaw enables attackers to manipulate SQL queries, potentially leading to unauthorized data access or alteration. A...

PoC for CVE-2025-2560

WordPressNinja Forms
Stored Cross-Site Scripting Vulnerability in Ninja Forms by WordPress

The Ninja Forms WordPress plugin prior to version 3.10.1 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. The plugin fails to properly sanitize and escape certain settings, allowing high privilege users, such as administrators, to execute malicious scripts. This risk persists ...

PoC for CVE-2025-2524

WordPressNinja Forms
Stored Cross-Site Scripting Vulnerability in Ninja Forms WordPress ...

The Ninja Forms plugin for WordPress is vulnerable to stored cross-site scripting due to inadequate sanitization and escaping of specific settings. This vulnerability affects high privilege users, such as administrators, especially within multisite configurations, allowing them to inject maliciou...

PoC for CVE-2025-2561

WordPressNinja Forms
Stored Cross-Site Scripting Vulnerability in Ninja Forms Plugin by ...

The Ninja Forms plugin for WordPress is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability in versions prior to 3.10.1. This flaw arises due to insufficient sanitization and escaping of certain settings, potentially allowing high privilege users, such as administrators, to execute X...

PoC for CVE-2025-1626

WordPressQi Blocks
Stored Cross-Site Scripting Vulnerability in Qi Blocks WordPress Pl...

The Qi Blocks WordPress plugin, prior to version 1.4, is vulnerable to stored cross-site scripting (XSS) due to inadequate validation and escaping of certain Countdown block options. This flaw could be exploited by users with contributor roles and higher, allowing them to inject malicious scripts...

PoC for CVE-2025-1627

WordPressQi Blocks
Stored Cross-Site Scripting in Qi Blocks WordPress Plugin

The Qi Blocks WordPress plugin, prior to version 1.4, fails to validate and escape certain block options before rendering them in pages or posts. This oversight can lead to stored cross-site scripting (XSS) vulnerabilities, allowing users with contributor roles and above to inject malicious scrip...

PoC for CVE-2025-1625

WordPressQi Blocks
Stored Cross-Site Scripting in Qi Blocks WordPress Plugin

The Qi Blocks plugin for WordPress, up to version 1.4, contains a security flaw that fails to properly validate and escape certain Counter block options. This vulnerability allows users with contributor roles and above to manipulate the output, potentially leading to stored cross-site scripting a...

PoC for CVE-2025-4913

PHPgurukulAuto Taxi Stand Manage...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Auto Taxi Stand Managemen...

A SQL injection vulnerability exists in the PHPGurukul Auto Taxi Stand Management System 1.0, specifically in the file /admin/index.php. An attacker can manipulate the 'Username' argument to execute arbitrary SQL code, potentially compromising the database. This vulnerability allows for remote ex...

Discovered 4 hours ago

PoC for CVE-2025-4912

SourcecodesterStudent Result Managem...5.3MEDIUM
Path Traversal Vulnerability in SourceCodester Student Result Manag...

A path traversal vulnerability exists in the SourceCodester Student Result Management System 1.0, specifically in the /admin/core/update_student.php file related to the Image File Handler component. This vulnerability arises from improper validation of input, allowing attackers to manipulate the ...

PoC for CVE-2025-4911

PHPgurukulZoo Management System6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Zoo Management System

A SQL injection vulnerability has been identified in the PHPGurukul Zoo Management System 2.1. This flaw resides in the /admin/view-foreigner-ticket.php file, where the manipulation of the 'viewid' argument allows an attacker to execute arbitrary SQL queries. The vulnerability can be exploited re...

Discovered 5 hours ago

PoC for CVE-2025-4910

PHPgurukulZoo Management System6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Zoo Management System 2.1

A security flaw has been identified in version 2.1 of the PHPGurukul Zoo Management System, specifically within the /admin/edit-animal-details.php file. This vulnerability allows for SQL injection through the manipulation of the 'aname' argument, potentially enabling remote attackers to execute u...

PoC for CVE-2025-4909

SourcecodesterClient Database Manage...6.9MEDIUM
Information Exposure Vulnerability in SourceCodester Client Databas...

A vulnerability was identified within the SourceCodester Client Database Management System 1.0 that allows for unauthorized information exposure via directory listing. This issue can be exploited remotely, potentially allowing attackers to gain access to sensitive data that should be protected. T...

Discovered 6 hours ago

PoC for CVE-2025-4908

PHPgurukulDaily Expense Tracker ...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Daily Expense Tracker System

A SQL Injection vulnerability has been identified in PHPGurukul's Daily Expense Tracker System version 1.1, specifically affecting the /expense-datewise-reports-detailed.php file. This flaw arises from improper handling of input parameters such as 'fromdate' and 'todate', allowing remote attacker...

PoC for CVE-2025-4907

PHPgurukulDaily Expense Tracker ...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Daily Expense Tracker System

A vulnerability exists in the PHPGurukul Daily Expense Tracker System, specifically in the forgot-password.php file. This security flaw allows an attacker to manipulate the email argument, leading to potential SQL injection attacks. Such vulnerabilities can be exploited remotely, enabling unautho...

Discovered 7 hours ago

PoC for CVE-2025-4906

PHPgurukulNotice Board System6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Notice Board System

The PHPGurukul Notice Board System version 1.0 is susceptible to a SQL injection vulnerability via the /login.php file. An attacker can exploit this weakness by manipulating the Username parameter, allowing for remote execution of unauthorized SQL commands. This vulnerability exposes sensitive da...

PoC for CVE-2025-4905

Iop-apl-uwBasestation34.8MEDIUM
Deserialization Vulnerability in iop-apl-uw Basestation3 by IOP-APL-UW

A local deserialization vulnerability exists in the iop-apl-uw basestation3 that affects the function load_qc_pickl within the file basestation3/QC.py. By manipulating the qc_file argument, an attacker can exploit this vulnerability. Although the issue has been reported and publicly disclosed, th...

Discovered 8 hours ago

PoC for CVE-2025-4904

D-linkDi-7003gv26.9MEDIUM
Information Disclosure Vulnerability in D-Link DI-7003GV2 Router

A vulnerability in the D-Link DI-7003GV2 router allows remote attackers to manipulate the function sub_41F0FC in the webgl.data file, leading to unauthorized access to sensitive system information. This flaw could potentially expose confidential data to attackers, emphasizing the need for immedia...

PoC for CVE-2025-4903

D-linkDi-7003gv26.9MEDIUM
Vulnerability in D-Link DI-7003GV2 Remote Management Feature

A significant vulnerability has been identified in the D-Link DI-7003GV2 router's remote management capabilities. The flaw allows unauthorized users to change the router's password without verification, potentially giving them control over the device. This issue arises from improper access contro...

Discovered 10 hours ago

PoC for CVE-2025-4899

CampcodesSales And Inventory Sy...6.9MEDIUM
SQL Injection Vulnerability in Campcodes Sales and Inventory System

A security flaw has been identified in Campcodes Sales and Inventory System version 1.0, where improper handling of the 'ID' argument in the /pages/transaction_update.php file allows for SQL injection. This vulnerability can potentially enable remote attackers to manipulate database queries, posi...

Discovered 11 hours ago

PoC for CVE-2025-4898

SourcecodesterStudent Result Managem...5.3MEDIUM
Path Traversal Vulnerability in SourceCodester Student Result Manag...

A security flaw has been identified in the SourceCodester Student Result Management System version 1.0, specifically within the unlink function of the update_system.php file related to the Logo File Handler. This vulnerability allows an attacker to manipulate the old_logo argument, leading to una...

Discovered 12 hours ago

PoC for CVE-2025-4895

SourcecodesterDoctors Appointment Sy...6.9MEDIUM
SQL Injection Vulnerability in SourceCodester Doctors Appointment S...

A security vulnerability has been identified in the SourceCodester Doctors Appointment System version 1.0, specifically in the handling of the /admin/delete-session.php file. This issue arises from improper validation of the ID argument, allowing an attacker to execute SQL injection attacks remot...

Discovered 13 hours ago

PoC for CVE-2025-4893

Jammy928Coinexchange Cryptoexc...5.3MEDIUM
Path Traversal Vulnerability in CoinExchange CryptoExchange Java by...

A path traversal vulnerability has been identified in the CoinExchange CryptoExchange Java application that affects its file upload functionality. The vulnerability lies within the uploadLocalImage method located in UploadFileUtil.java. An attacker can manipulate the 'filename' argument, allowing...

Discovered 14 hours ago

PoC for CVE-2025-4892

Code-projectsPolice Station Managem...4.8MEDIUM
Buffer Overflow Vulnerability in Police Station Management System b...

A buffer overflow vulnerability has been identified in the function criminal::remove of the Police Station Management System (version 1.0). This flaw, which resides in the source.cpp file, allows manipulation of the No argument, leading to a stack-based overflow. The attack must be conducted loca...

PoC for CVE-2025-32756

FortinetFortivoice9.8CRITICAL
Stack-Based Buffer Overflow in Fortinet FortiVoice and Related Prod...

A stack-based buffer overflow vulnerability exists within Fortinet FortiVoice, FortiRecorder, FortiMail, FortiNDR, and FortiCamera products, allowing remote, unauthenticated attackers to execute arbitrary code or commands. This security flaw is triggered by sending specially crafted HTTP requests...

PoC for CVE-2025-4891

Code-projectsPolice Station Managem...4.8MEDIUM
Buffer Overflow Vulnerability in Police Station Management System b...

A buffer overflow vulnerability exists in the display function of the Police Station Management System's source code. This issue arises from improper handling of user-supplied input, specifically the argument N within the criminal::display function located in source.cpp. An attacker can exploit t...

Discovered 15 hours ago

PoC for CVE-2025-4890

Code-projectsTourism Management System4.8MEDIUM
Stack-Based Buffer Overflow in Tourism Management System Login Func...

A stack-based buffer overflow vulnerability exists in the LoginUser function of the Tourism Management System version 1.0, developed by Code-Projects. The flaw allows an attacker to manipulate the username and password input parameters, potentially leading to unauthorized access. This vulnerabili...

PoC for CVE-2025-4889

Code-projectsTourism Management System4.8MEDIUM
Buffer Overflow Vulnerability in Code-Projects Tourism Management S...

A buffer overflow vulnerability was discovered in the User Registration component of the Tourism Management System version 1.0. This issue arises from improper handling of user inputs, specifically in the AddUser function, where the manipulation of the username and password arguments can lead to ...

Discovered 16 hours ago

PoC for CVE-2025-4888

Code-projectsPharmacy Management Sy...4.8MEDIUM
Buffer Overflow Vulnerability in Pharmacy Management System by Code...

The Pharmacy Management System 1.0 from Code-Projects contains a buffer overflow vulnerability in the take_order function of the Add Order Details component. This issue allows local attackers to manipulate input, potentially leading to unexpected behaviors or system crashes, as the exploit is pub...

PoC for CVE-2025-4887

SourcecodesterOnline Student Clearan...5.3MEDIUM
Cross-Site Request Forgery Vulnerability in SourceCodester Online S...

A cross-site request forgery vulnerability has been identified in the SourceCodester Online Student Clearance System version 1.0. This vulnerability allows attackers to manipulate requests made by users, potentially compromising user data and actions without their consent. Remote exploitation of ...

Discovered 17 hours ago

PoC for CVE-2025-4886

ItsourcecodeSales And Inventory Sy...6.9MEDIUM
SQL Injection Vulnerability in itsourcecode Sales and Inventory System

A vulnerability has been identified in the itsourcecode Sales and Inventory System version 1.0. This vulnerability arises from improper handling of input parameters in the /pages/product_update.php file, specifically targeting the 'serial' argument. By exploiting this flaw, attackers can execute ...

PoC for CVE-2025-4885

ItsourcecodeSales And Inventory Sy...6.9MEDIUM
SQL Injection Vulnerability in itsourcecode Sales and Inventory System

A significant SQL injection vulnerability has been identified in itsourcecode's Sales and Inventory System version 1.0. This vulnerability resides within the '/pages/product_add.php' file, where an attacker can manipulate the 'serial' parameter to execute arbitrary SQL commands. The exploitation ...

Discovered 18 hours ago

PoC for CVE-2025-4884

ItsourcecodeRestaurant Management ...6.9MEDIUM
SQL Injection Vulnerability in itSourceCode Restaurant Management S...

A vulnerability exists within the itSourceCode Restaurant Management System 1.0 that allows for SQL injection through the manipulation of parameters in the /admin/assign_save.php file. This security flaw enables attackers to execute unauthorized SQL code, potentially compromising the database and...

PoC for CVE-2025-4883

D-linkDi-81008.6HIGH
Stack-Based Buffer Overflow in D-Link DI-8100 Router

A stack-based buffer overflow vulnerability exists in the D-Link DI-8100 router within the ctxz_asp function of the /ctxz.asp file. The vulnerability can be exploited through manipulation of certain arguments, such as def, defTcp, defUdp, defIcmp, and defOther. This flaw enables an attacker to ex...

Discovered 19 hours ago

PoC for CVE-2025-4882

ItsourcecodeRestaurant Management ...6.9MEDIUM
SQL Injection Vulnerability in itsourcecode Restaurant Management S...

A SQL injection vulnerability has been identified in the itsourcecode Restaurant Management System version 1.0. The issue arises specifically in the file /admin/team_update.php, where improper handling of the 'team' argument allows an attacker to manipulate SQL queries. This vulnerability can be ...

PoC for CVE-2025-4881

ItsourcecodeRestaurant Management ...6.9MEDIUM
SQL Injection Vulnerability in itsourcecode Restaurant Management S...

A critical SQL injection vulnerability has been identified in the itsourcecode Restaurant Management System 1.0, specifically in the /admin/user_save.php file. By manipulating the username or name parameter, an attacker could execute arbitrary SQL queries, potentially compromising the integrity o...

Discovered 20 hours ago

PoC for CVE-2025-4880

PHPgurukulNews Portal6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul News Portal by PHPGurukul

A security vulnerability exists in PHPGurukul News Portal version 4.1, specifically involving the file /admin/aboutus.php. The vulnerability arises from improper handling of user-supplied input in the 'pagetitle' parameter, allowing an attacker to manipulate SQL queries executed by the applicatio...

PoC for CVE-2025-4875

CampcodesOnline Shopping Portal6.9MEDIUM
SQL Injection Vulnerability in Campcodes Online Shopping Portal 1.0

A security flaw has been identified in the Campcodes Online Shopping Portal 1.0, particularly affecting the /forgot-password.php file. This vulnerability allows an attacker to manipulate the 'email' parameter, enabling SQL injection attacks. Such attacks can be executed remotely, posing a signifi...

Discovered 21 hours ago

PoC for CVE-2025-4874

PHPgurukulNews Portal Project6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul News Portal Project 4.1

A vulnerability exists in the PHPGurukul News Portal Project version 4.1, characterized by SQL injection in the /admin/contactus.php file. By manipulating the pagetitle argument, an attacker can execute unauthorized SQL commands, potentially leading to data exposure or unauthorized access to sens...

PoC for CVE-2025-4873

PHPgurukulNews Portal6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul News Portal 4.1

A vulnerability exists in the PHPGurukul News Portal 4.1 within the login component located at /admin/index.php. This flaw allows an attacker to manipulate the 'Username' argument, leading to a SQL injection attack. The issue can be exploited remotely, posing significant risks to the application'...

Discovered 22 hours ago

PoC for CVE-2025-4872

FreefloatFtp Server6.9MEDIUM
Buffer Overflow Vulnerability in FreeFloat FTP Server by FreeFloat

A remote buffer overflow vulnerability exists in the FreeFloat FTP Server 1.0, specifically within the CCC Command Handler component. This flaw can be exploited by attackers to execute arbitrary code, potentially leading to a complete compromise of the affected system. The exploit has been public...

PoC for CVE-2025-4871

PcmanFtp Server6.9MEDIUM
Buffer Overflow Vulnerability in PCMan FTP Server by PCMan

A buffer overflow vulnerability has been identified in PCMan FTP Server version 2.0.7, specifically within the REST Command Handler component. This flaw permits attackers to manipulate processing details to execute crashes or arbitrary code execution. Remote exploitation of this vulnerability is ...

Discovered 23 hours ago

PoC for CVE-2025-4870

ItsourcecodeRestaurant Management ...6.9MEDIUM
SQL Injection Vulnerability in itsourcecode Restaurant Management S...

A vulnerability in itsourcecode Restaurant Management System 1.0 allows for potential SQL injection through manipulation of the 'menu' argument in the /admin/menu_save.php file. This flaw can be exploited remotely, posing a significant risk to the integrity of the underlying database. Attackers c...

PoC for CVE-2025-4869

ItsourcecodeRestaurant Management ...6.9MEDIUM
SQL Injection Vulnerability in itsourcecode Restaurant Management S...

A SQL injection vulnerability has been identified in the itsourcecode Restaurant Management System version 1.0. This issue arises from improper validation of the menu argument in the '/admin/member_update.php' file, allowing attackers to manipulate SQL queries. As a result, it is feasible for cyb...

Discovered 1 day ago

PoC for CVE-2025-4868

MerikbestEcommerce-spring-reactjs5.3MEDIUM
Path Traversal Vulnerability in Merikbest E-commerce File Upload En...

A vulnerability has been identified in the merikbest ecommerce-spring-reactjs product, specifically within the File Upload Endpoint at /api/v1/admin/. An attacker can exploit this flaw by manipulating the 'filename' parameter, potentially leading to unauthorized access to the file system and expo...

PoC for CVE-2025-4867

TendaA157.1HIGH
Denial of Service Vulnerability in Tenda A15 Router

A denial of service vulnerability has been identified in the Tenda A15 router at the function formArpNerworkSet within the /goform/ArpNerworkSet file. This vulnerability can be exploited remotely, potentially causing disruptions to the router's service. The exploit details are publicly available,...

PoC for CVE-2025-4866

WeibocomRill-flow5.3MEDIUM
Code Injection Vulnerability in weibocom rill-flow Management Console

A significant code injection vulnerability has been identified in the weibocom rill-flow, specifically within its Management Console component. This flaw allows attackers to manipulate the application remotely, potentially leading to unauthorized code execution. Given that the exploit has been di...

PoC for CVE-2025-4865

ItsourcecodeRestaurant Management ...6.9MEDIUM
SQL Injection Risk in itsourcecode Restaurant Management System 1.0

A significant SQL injection vulnerability exists in the itsourcecode Restaurant Management System 1.0, specifically in the /admin/member_save.php file. This flaw allows attackers to manipulate the 'last' parameter, potentially leading to unauthorized access to sensitive data. Exploitation can be ...

PoC for CVE-2025-4864

ItsourcecodeRestaurant Management ...6.9MEDIUM
SQL Injection Vulnerability in itsourcecode Restaurant Management S...

A security flaw exists in the itsourcecode Restaurant Management System version 1.0 that allows remote attackers to exploit an SQL injection vulnerability via manipulated arguments in the /admin/finished.php file, potentially exposing sensitive data and compromising database integrity.

PoC for CVE-2025-4863

Advaya SoftechGems Erp Portal5.3MEDIUM
SQL Injection Vulnerability in Advaya Softech GEMS ERP Portal 2.1

A SQL injection vulnerability exists in Advaya Softech's GEMS ERP Portal 2.1 that affects the /studentLogin/studentLogin.action endpoint. This weakness allows an attacker to manipulate the userId parameter, potentially leading to unauthorized access and data manipulation. The exploit can be execu...