Publicly Disclosed
PoC Exploits

🔴 Alway take caution when working with PoC Exploits 🔴

Discovered just now...

PoC for CVE-2025-49132

PterodactylPanel🟣 EPSS 35%10CRITICAL
Remote Code Execution Vulnerability in Pterodactyl Game Server Mana...

Pterodactyl, a widely used free and open-source game server management panel, has a significant vulnerability that allows unauthorized remote code execution. This occurs through the /locales/locale.json endpoint when specific query parameters are manipulated. Attackers exploiting this flaw can ex...

Discovered 3 hours ago

PoC for CVE-2026-2169

D-linkDwr-m9215.3MEDIUM
Command Injection Vulnerability in D-Link DWR-M921 Router

A command injection vulnerability exists in the D-Link DWR-M921 router version 1.1.50. This flaw affects a specific function within the file /boafrm/formLtefotaUpgradeFibocom, allowing an attacker to manipulate the 'fota_url' argument. Exploiting this vulnerability enables unauthorized users to e...

PoC for CVE-2026-2168

D-linkDwr-m9215.3MEDIUM
Command Injection Vulnerability in D-Link DWR-M921 Router

A command injection flaw exists in the D-Link DWR-M921 router, specifically within the sub_419920 function found in the /boafrm/formLtefotaUpgradeQuectel file. This vulnerability allows attackers to manipulate the fota_url argument, enabling remote execution of arbitrary commands. Given that an e...

PoC for CVE-2026-2167

TotolinkWa3005.3MEDIUM
OS Command Injection Vulnerability in Totolink WA300 Router

An OS command injection vulnerability has been identified in the Totolink WA300 router, specifically within the setAPNetwork function located in /cgi-bin/cstecgi.cgi. This flaw allows an attacker to manipulate the Ipaddr argument, leading to the execution of arbitrary operating system commands. T...

PoC for CVE-2026-2166

Code-projectsOnline Reviewer System6.9MEDIUM
SQL Injection Vulnerability in Online Reviewer System by Code-Projects

A critical security flaw exists in the Online Reviewer System 1.0 developed by Code-Projects, related to SQL injection vulnerabilities within the login functionality found in the /login/index.php file. Malicious actors can manipulate the username and password fields to execute arbitrary SQL comma...

Discovered 4 hours ago

PoC for CVE-2026-2165

DetronetdipE-commerce6.9MEDIUM
Missing Authentication Flaw in Detronetdip E-Commerce Software

A vulnerability has been detected in Detronetdip E-commerce 1.0.0, specifically within the account creation endpoint located at /Admin/assets/backend/seller/add_seller.php. This issue arises when the email argument is improperly handled, resulting in missing authentication protections. This flaw ...

PoC for CVE-2026-2164

DetronetdipE-commerce6.9MEDIUM
Unrestricted File Upload Vulnerability in detronetdip E-commerce So...

A security flaw has been identified in detronetdip E-commerce version 1.0.0, specifically affecting the processing of the /seller/assets/backend/profile/addadhar.php file. This vulnerability enables attackers to exploit argument manipulation in the File parameter, leading to an unrestricted file ...

PoC for CVE-2026-2163

D-linkDir-6005.1MEDIUM
Command Injection Vulnerability in D-Link DIR-600 by D-Link

A command injection vulnerability exists in the D-Link DIR-600 router affecting versions up to 2.15WWb02. This flaw is found in the ssdp.cgi file, where improper handling of arguments such as HTTP_ST, REMOTE_ADDR, REMOTE_PORT, and SERVER_ID can allow an attacker to execute arbitrary commands remo...

PoC for CVE-2026-2162

ItsourcecodeNews Portal Project5.1MEDIUM
SQL Injection Vulnerability in itsourcecode News Portal Project

A vulnerability exists in the itsourcecode News Portal Project 1.0 within the /admin/aboutus.php file. This weakness arises from improper handling of the 'pagetitle' argument, leading to a potential SQL injection attack. Remote attackers can exploit this vulnerability to manipulate queries execut...

PoC for CVE-2026-2161

ItsourcecodeDirectory Management S...6.9MEDIUM
SQL Injection Vulnerability in itsourcecode Directory Management Sy...

A security flaw exists in the itsourcecode Directory Management System version 1.0, specifically in the /admin/forget-password.php file. This vulnerability allows an attacker to exploit the email parameter, leading to SQL injection attacks. Given that the vulnerability can be triggered remotely, ...

Discovered 5 hours ago

PoC for CVE-2026-2160

SourcecodesterSimple Responsive Tour...5.3MEDIUM
Cross-Site Scripting Vulnerability in SourceCodester Simple Respons...

A vulnerability exists in the SourceCodester Simple Responsive Tourism Website version 1.0, specifically affecting the save_package function located in /tourism/classes/Master.php. This vulnerability enables an attacker to exploit the argument 'Title' to execute arbitrary scripts in the context o...

PoC for CVE-2026-2159

SourcecodesterSimple Responsive Tour...5.3MEDIUM
Cross Site Scripting Vulnerability in SourceCodester Simple Respons...

A vulnerability has been identified in the SourceCodester Simple Responsive Tourism Website 1.0 affecting an unknown function in the Master.php file associated with the registration component. By manipulating the arguments such as firstname, lastname, or username, an attacker can execute cross si...

PoC for CVE-2026-2157

D-linkDir-823x8.6HIGH
OS Command Injection Vulnerability in D-Link DIR-823X Router

A security vulnerability has been identified in the D-Link DIR-823X 250416, specifically within the sub_4175CC function in the file /goform/set_static_route_table. This vulnerability allows for OS command injection when manipulating parameters such as interface, destip, netmask, gateway, and metr...

Discovered 6 hours ago

PoC for CVE-2026-2156

Code-projectsOnline Student Managem...4.8MEDIUM
Cross-Site Scripting Vulnerability in Online Student Management Sys...

A vulnerability exists within the Online Student Management System 1.0, specifically in the Announcement Management Module's handling of user input. The affected file, located at /admin/announcement/index.php?view=add, is susceptible to cross-site scripting attacks. Attackers can exploit this vul...

PoC for CVE-2026-2155

D-linkDir-823x8.6HIGH
OS Command Injection Vulnerability in D-Link DIR-823X Router

A security flaw has been identified in the D-Link DIR-823X router, specifically within the sub_4208A0 function of the Configuration Handler component. This vulnerability allows remote attackers to manipulate the 'dmz_host' and 'dmz_enable' parameters, leading to potential OS command injection. Th...

Discovered 7 hours ago

PoC for CVE-2026-2153

MwielgoszewskiDoorman5.3MEDIUM
Open Redirect Vulnerability in mwielgoszewski Doorman Product

A security flaw has been identified in the mwielgoszewski Doorman application, specifically in the is_safe_url function located in doorman/users/views.py. This vulnerability allows attackers to manipulate the Next argument, leading to potential open redirect attacks. Such exploits can be executed...

Discovered 8 hours ago

PoC for CVE-2026-2152

D-linkDir-6158.6HIGH
OS Command Injection Vulnerability in D-Link DIR-615 Web Configurat...

A vulnerability exists in the D-Link DIR-615 router, specifically within the Web Configuration Interface's adv_routing.php file. This flaw allows for OS command injection due to improper handling of inputs related to dest_ip, submask, and gw arguments. Remote attackers can exploit this weakness t...

PoC for CVE-2026-2151

D-linkDir-6158.6HIGH
OS Command Injection Vulnerability in D-Link DIR-615 Router

A vulnerability exists in the D-Link DIR-615 router, specifically in the DMZ Host Feature's adv_firewall.php file, which can be exploited to perform OS command injection. By manipulating the dmz_ipaddr argument, an attacker can execute arbitrary OS commands remotely. This vulnerability primarily ...

Discovered 9 hours ago

PoC for CVE-2026-2150

SourcecodesterPatients Waiting Area ...5.3MEDIUM
Cross Site Scripting Vulnerability in SourceCodester Patients Waiti...

A vulnerability exists in the SourceCodester Patients Waiting Area Queue Management System 1.0 that allows attackers to exploit the file /checkin.php. This flaw enables the manipulation of the 'patient_id' argument, resulting in cross site scripting (XSS). The attack can be executed remotely, pot...

PoC for CVE-2026-2149

SourcecodesterPatients Waiting Area ...5.3MEDIUM
Cross Site Scripting in SourceCodester's Queue Management System

An XSS vulnerability was identified in the Patrick Mvuma Patients Waiting Area Queue Management System version 1.0, specifically within the appointments.php file. The issue stems from insufficient validation of the 'patient_id' parameter, allowing remote attackers to craft malicious inputs that e...

Discovered 10 hours ago

PoC for CVE-2026-2148

TendaAc216.9MEDIUM
Information Disclosure Vulnerability in Tenda AC21 Web Management I...

A security vulnerability has been identified in the Tenda AC21, specifically within the web management interface at the /cgi-bin/DownloadFlash endpoint. This vulnerability allows unauthorized access to sensitive information due to improper handling of requests. An attacker could potentially explo...

PoC for CVE-2026-2147

TendaAc216.9MEDIUM
Information Disclosure Vulnerability in Tenda AC21 Web Management I...

A vulnerability has been detected in the Tenda AC21 Web Management Interface, specifically within the /cgi-bin/DownloadLog function. This weakness allows an attacker to perform remote manipulations that can lead to unauthorized information disclosure. The exploit method has been publicly disclose...

Discovered 11 hours ago

PoC for CVE-2026-2146

GuchengwuyueYshopmall5.3MEDIUM
Unrestricted File Upload Vulnerability in Guchengwuyue Yshopmall

A security vulnerability has been identified in the Guchengwuyue Yshopmall application, specifically affecting versions up to 1.9.1. The flaw is present within the updateAvatar function located in the file /api/users/updateAvatar, related to co.yixiang.utils.FileUtil. This vulnerability allows an...

PoC for CVE-2026-2145

Cym1102Nginxwebui5.1MEDIUM
Cross Site Scripting Vulnerability in cym1102 nginxWebUI Affected b...

A critical flaw was discovered in the cym1102 nginxWebUI prior to version 4.3.7, where an unknown function within the Web Management Interface's configuration file allows attackers to inject malicious scripts. This vulnerability can be exploited remotely by manipulating the 'nginxDir' argument, l...

Discovered 12 hours ago

PoC for CVE-2026-2143

D-linkDir-823x8.6HIGH
OS Command Injection in D-Link DIR-823X Router

A security vulnerability exists in the D-Link DIR-823X 250416 router, specifically in the DDNS Service component. The vulnerability arises from improper handling of user inputs within the /goform/set_ddns file, leading to potential OS command injection. This flaw can be exploited remotely, allowi...

PoC for CVE-2026-0770

LangflowLangflow9.8CRITICAL
Remote Code Execution Vulnerability in Langflow by Root

A vulnerability exists in Langflow that allows remote attackers to execute arbitrary code without authentication. The flaw is rooted in the improper handling of the exec_globals parameter at the validate endpoint, resulting in the dynamic inclusion of resources from untrusted sources. Attackers c...

PoC for CVE-2026-2142

D-linkDir-823x8.6HIGH
OS Command Injection Vulnerability in D-Link DIR-823X

A vulnerability exists in the D-Link DIR-823X, specifically affecting the set_qos function. This flaw enables remote attackers to execute arbitrary OS commands, potentially compromising the device's integrity. The exploit has been publicly disclosed, raising concerns amongst users regarding the s...

Discovered 13 hours ago

PoC for CVE-2026-2141

WukongopensourceWukongcrm5.3MEDIUM
Improper Authorization Vulnerability in WukongCRM by WuKongOpenSource

A security flaw in WukongCRM versions up to 11.3.3 has been identified, specifically within the URL Handler component located at gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java. This vulnerability permits improper authorization, allowing an attacker to exploit t...

PoC for CVE-2026-2140

TendaTx98.7HIGH
Buffer Overflow Vulnerability in Tenda TX9 Routers

A vulnerability exists in the Tenda TX9 routers, specifically in the setMacFilterCfg function located at /goform/setMacFilterCfg. An issue arises when the deviceList argument is manipulated, leading to a buffer overflow. This vulnerability can be exploited remotely, allowing potential attackers t...

Discovered 14 hours ago

PoC for CVE-2026-2139

TendaTx98.7HIGH
Buffer Overflow Vulnerability in Tenda TX9 Wi-Fi Settings Function

A buffer overflow vulnerability exists in the Tenda TX9 device, specifically in the function responsible for configuring Wi-Fi settings. This flaw is triggered when an attacker manipulates the 'ssid' parameter in the '/goform/fast_setting_wifi_set' file. The vulnerability allows for potential rem...

PoC for CVE-2026-2138

TendaTx98.7HIGH
Buffer Overflow in Tenda TX9 Router Affected by Remote Exploits

A buffer overflow vulnerability exists in the Tenda TX9 router, specifically in the sub_42D03C function located in the /goform/SetStaticRouteCfg file. This critical flaw allows attackers to manipulate the argument list to execute arbitrary code remotely. As the exploit has been publicly disclosed...

PoC for CVE-2024-23296

AppleiOS And iPad OS7.8HIGH
Apple Addresses Memory Corruption Issue in iOS 17.4 and iPadOS 17.4

The articles discuss two iOS zero-day vulnerabilities, CVE-2024-23225 and CVE-2024-23296, that affect a range of iPhone and iPad models. Both vulnerabilities allow attackers to bypass kernel memory protections and may lead to arbitrary code execution. Apple released patches in March and backporte...

Discovered 15 hours ago

PoC for CVE-2026-2137

TendaTx38.7HIGH
Buffer Overflow in Tenda TX3 Router

A buffer overflow vulnerability exists in the Tenda TX3 routers, specifically in the SetIpMacBind function. This vulnerability allows for manipulation of input parameters, which could lead to an overflow condition, potentially allowing remote attackers to execute arbitrary code on the device. The...

PoC for CVE-2026-2136

ProjectworldsOnline Food Ordering S...6.9MEDIUM
SQL Injection Vulnerability in projectworlds Online Food Ordering S...

A vulnerability exists in projectworlds Online Food Ordering System 1.0 that allows remote attackers to exploit an identified function in the view-ticket.php file. By manipulating the 'ID' argument, attackers can execute unauthorized SQL queries, potentially compromising the application's databas...

Discovered 16 hours ago

PoC for CVE-2026-2135

UttHiper 8105.3MEDIUM
Command Injection Vulnerability in UTT HiPER 810 Product by UTT

A command injection vulnerability exists in the UTT HiPER 810 device version 1.7.4-141218, specifically within the function sub_43F020 located in the /goform/formPdbUpConfig file. By manipulating the argument policyNames, an attacker can execute arbitrary commands remotely. This vulnerability has...

PoC for CVE-2026-2134

PHPgurukulHospital Management Sy...5.1MEDIUM
SQL Injection Vulnerability in PHPGurukul Hospital Management System

A security vulnerability has been identified in the PHPGurukul Hospital Management System 4.0, specifically in the /hms/admin/manage-doctors.php file. The vulnerability allows for SQL injection via manipulation of the 'ID' argument, making it possible for attackers to execute arbitrary SQL querie...

Discovered 17 hours ago

PoC for CVE-2026-2133

Code-projectsOnline Music Site6.9MEDIUM
Arbitrary File Upload in Code-Projects Online Music Site 1.0 by Cod...

A vulnerability has been identified in the Code-Projects Online Music Site version 1.0, specifically within the AdminUpdateCategory.php file located in the Administrator/PHP directory. This vulnerability allows remote attackers to manipulate the txtimage argument to perform unrestricted file uplo...

PoC for CVE-2026-2132

Code-projectsOnline Music Site6.9MEDIUM
SQL Injection Vulnerability in Online Music Site by Code-Projects

A SQL injection vulnerability has been identified in the Online Music Site 1.0 developed by Code-Projects. This flaw resides in the /Administrator/PHP/AdminUpdateCategory.php file, allowing attackers to manipulate the txtcat argument, potentially leading to unauthorized database access. The explo...

Discovered 18 hours ago

PoC for CVE-2026-2131

XixianliangHarmonyos-mcp-server5.3MEDIUM
Input Text Command Injection Vulnerability in XixianLiang HarmonyOS...

A security flaw has been detected in the input_text function of XixianLiang's HarmonyOS-mcp-server version 0.1.0. This vulnerability allows attackers to manipulate the text argument, leading to potential OS command injection. The exploit is publicly available, making it essential for users to add...

Discovered 19 hours ago

PoC for CVE-2026-2129

D-linkDir-823x8.6HIGH
OS Command Injection in D-Link DIR-823X Router

A security issue has been identified in the D-Link DIR-823X router, specifically within the functionality of the /goform/set_ac_status file. This vulnerability allows an attacker to perform an OS command injection by manipulating certain arguments, which can be exploited remotely. The potential f...

PoC for CVE-2026-2122

XiaopiPanel5.3MEDIUM
SQL Injection Vulnerability in Xiaopi Panel WAF Firewall

A vulnerability has been identified in Xiaopi Panel's WAF Firewall versions up to 20260126, where improper handling of input parameters in the /demo.php file allows for SQL injection attacks. This security flaw could be exploited remotely, potentially giving an attacker unauthorized access to the...

Discovered 20 hours ago

PoC for CVE-2026-2120

D-linkDir-823x8.6HIGH
OS Command Injection Vulnerability in D-Link DIR-823X Router

A vulnerability exists in the D-Link DIR-823X router that allows remote attackers to exploit the /goform/set_server_settings functionality. By manipulating parameters such as terminal_addr, server_ip, and server_port, an attacker can perform os command injection. This security flaw enables unauth...

Discovered 21 hours ago

PoC for CVE-2026-2117

ItsourcecodeSociety Management System6.9MEDIUM
SQL Injection Vulnerability in itsourcecode Society Management System

A vulnerability exists in the itsourcecode Society Management System 1.0, specifically within an unknown function in the /admin/edit_activity.php file. This vulnerability allows an attacker to perform SQL injection through manipulation of the activity_id argument. Remote exploitation is possible,...

PoC for CVE-2026-2116

ItsourcecodeSociety Management System6.9MEDIUM
SQL Injection Vulnerability in itsourcecode Society Management System

A SQL injection vulnerability exists in the itsourcecode Society Management System 1.0, specifically within the /admin/edit_expenses.php file. By manipulating the expenses_id argument, attackers can execute unauthorized SQL commands. This vulnerability allows for remote exploitation, posing a sig...

Discovered 22 hours ago

PoC for CVE-2026-2115

ItsourcecodeSociety Management System6.9MEDIUM
SQL Injection Vulnerability in itsourcecode Society Management Syst...

A vulnerability has been identified in the itsourcecode Society Management System 1.0, located within the admin/delete_expenses.php file. This issue arises from improper handling of incoming data, specifically the expenses_id parameter, which results in SQL injection. Attackers can exploit this f...

PoC for CVE-2026-2114

ItsourcecodeSociety Management System6.9MEDIUM
SQL Injection Vulnerability in itsourcecode Society Management Syst...

A security flaw has been discovered in the itsourcecode Society Management System version 1.0, specifically within the file /admin/edit_admin.php. This vulnerability allows an attacker to manipulate the admin_id parameter, leading to a SQL injection attack. As a result, unauthorized access to sen...

PoC for CVE-2026-25857

Shenzhen Tenda Te...Tenda G300-f8.6HIGH
OS Command Injection in Tenda G300-F Router Firmware

The Tenda G300-F router's firmware vulnerabilities relate to the WAN diagnostic functionality, specifically in the formSetWanDiag process. This vulnerability allows remote attackers, with access to the management interface, to inject arbitrary shell commands through inadequate input validation in...

Discovered 23 hours ago

PoC for CVE-2025-15564

Mapnik ProjectMapnik4.8MEDIUM
Divide by Zero Vulnerability in Mapnik by Mapnik Project

A local vulnerability has been identified in Mapnik versions up to 4.2.0, specifically in the function mapnik::detail::mod<...>::operator located in src/value.cpp. This issue allows for a divide by zero manipulation, which could potentially be exploited. The vulnerability has been publicly disclo...

PoC for CVE-2024-0070

WordPressWordPress Plugin
Improper Security Controls in WordPress Plugin by Unspecified Vendor

A vulnerability exists in a WordPress plugin that may allow unauthorized access or manipulation of sensitive data due to inadequate security measures. Users of this plugin should be aware of potential risks and review their configurations to ensure proper security protocols are in place.

PoC for CVE-2026-2113

Yuan1994Tpadmin6.9MEDIUM
Deserialization Vulnerability in WebUploader Component of Yuan1994 ...

A security vulnerability has been identified in the WebUploader component of Yuan1994's Tpadmin software. Found in the file /public/static/admin/lib/webuploader/0.1.5/server/preview.php, this flaw enables deserialization of untrusted data. Attackers can exploit this vulnerability remotely, puttin...