Publicly Disclosed
PoC Exploits

🔴 Alway take caution when working with PoC Exploits 🔴

Discovered 2 hours ago

PoC for CVE-2026-33017

Langflow-aiLangflow🟣 EPSS 98%9.3CRITICAL
Authentication Bypass in Langflow Tool for AI-Powered Workflows

Langflow, a tool for constructing and deploying AI-driven agents and workflows, is susceptible to a vulnerability in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint in versions before 1.9.0. This vulnerability enables an attacker to build public flows without authentication, leveraging ...

Discovered 3 hours ago

PoC for CVE-2021-27877

VeritasBackup Exec🟣 EPSS 65%8.2HIGH
Remote Code Execution Vulnerability in Veritas Backup Exec

A vulnerability in Veritas Backup Exec allows attackers to exploit outdated SHA authentication support, which has not been disabled in versions prior to 21.2. By leveraging this weakness, an attacker can gain unauthorized access to an Agent, enabling them to execute privileged commands remotely. ...

PoC for CVE-2024-58352

Shenzhen Landray ...Landry Office Automati...8.7HIGH
Unauthenticated HQL Injection Vulnerability in Landray OA Software

Landray OA is affected by a serious unauthenticated HQL injection vulnerability, which enables attackers to manipulate the system's database queries by injecting harmful HQL syntax via the uid POST parameter of the wechatLoginHelper.do endpoint. This vulnerability stems from a failure to adequate...

PoC for CVE-2022-50973

Yonyou Network Te...Ksoa9.3CRITICAL
Unauthenticated File Upload Vulnerability in Yonyou KSOA 9.0

Yonyou KSOA 9.0 is vulnerable to an unauthenticated file upload issue in the com.sksoft.bill.ImageUpload servlet. This flaw allows attackers to upload arbitrary files simply by submitting a POST request with manipulated filepath and filename parameters, bypassing crucial authentication, file type...

PoC for CVE-2022-50973

Yonyou Network Te...Ksoa9.3CRITICAL
Unauthenticated File Upload Vulnerability in Yonyou KSOA 9.0

Yonyou KSOA 9.0 is vulnerable to an unauthenticated file upload issue in the com.sksoft.bill.ImageUpload servlet. This flaw allows attackers to upload arbitrary files simply by submitting a POST request with manipulated filepath and filename parameters, bypassing crucial authentication, file type...

PoC for CVE-2022-50973

Yonyou Network Te...Ksoa9.3CRITICAL
Unauthenticated File Upload Vulnerability in Yonyou KSOA 9.0

Yonyou KSOA 9.0 is vulnerable to an unauthenticated file upload issue in the com.sksoft.bill.ImageUpload servlet. This flaw allows attackers to upload arbitrary files simply by submitting a POST request with manipulated filepath and filename parameters, bypassing crucial authentication, file type...

PoC for CVE-2021-1931

QualcommSnapdragon Auto, Snapd...6.7MEDIUM
Buffer Overflow Vulnerability in Qualcomm Snapdragon Products

This security vulnerability is caused by improper validation of the buffer length when processing fast boot commands across various Qualcomm Snapdragon products. An attacker could exploit this flaw to execute arbitrary code or cause unintended behavior, potentially compromising the affected devices.

PoC for CVE-2024-14037

Guangzhou Red Sea...Red Sea Cloud Ehr9.3CRITICAL
Arbitrary File Upload Vulnerability in Redsea Cloud eHR

Redsea Cloud eHR is affected by an arbitrary file upload vulnerability that permits unauthenticated attackers to execute remote code. By exploiting the PtFjk.mob servlet endpoint, attackers can submit multipart POST requests containing malicious files disguised as image/jpeg, thereby circumventin...

PoC for CVE-2024-14037

Guangzhou Red Sea...Red Sea Cloud Ehr9.3CRITICAL
Arbitrary File Upload Vulnerability in Redsea Cloud eHR

Redsea Cloud eHR is affected by an arbitrary file upload vulnerability that permits unauthenticated attackers to execute remote code. By exploiting the PtFjk.mob servlet endpoint, attackers can submit multipart POST requests containing malicious files disguised as image/jpeg, thereby circumventin...

Discovered 11 hours ago

PoC for CVE-2026-53753

UnclecodeCrawl4ai9.8CRITICAL
Open-source LLM Friendly Web Crawler Vulnerability in Crawl4AI

Crawl4AI, an open-source LLM-friendly web crawler, prior to version 0.8.7, contains a critical vulnerability in its computed fields feature. The _safe_eval_expression() function employs an AST validator that inadequately restricts attribute access, allowing attributes without an underscore prefix...

Discovered 13 hours ago

PoC for CVE-2025-69212

Devcode-itOpenstamanager9.4CRITICAL
OS Command Injection Vulnerability in OpenSTAManager by DevCode

OpenSTAManager, an open source management tool for technical assistance and invoicing, has a vulnerability in the P7M file decoding functionality. Versions 2.9.8 and earlier allow authenticated attackers to upload a ZIP file containing a maliciously crafted .p7m file. This could lead to the execu...

Discovered 14 hours ago

PoC for CVE-2026-10077

WordPressYootheme6.8MEDIUM
Stored Cross-Site Scripting in Yootheme WordPress Theme

The Yootheme WordPress theme prior to version 5.0.35 is vulnerable to stored Cross-Site Scripting (XSS) attacks. This occurs as the theme fails to adequately sanitize certain HTML attributes, allowing users with the Author role to inject malicious scripts. When a post containing such scripts is v...

PoC for CVE-2026-11578

WordPressFluent Forms2.7LOW
Improper Access Control in Fluent Forms Plugin by WordPress

The Fluent Forms WordPress plugin, prior to version 6.2.5, has a serious vulnerability related to improper access control. Specifically, it fails to restrict a Manager's ability to delete form submission entries associated with forms they are not authorized to manage. This could result in unautho...

PoC for CVE-2026-11781

WordPressAdminify2.7LOW
User Privilege Escalation in Adminify WordPress Plugin

The Adminify WordPress plugin prior to version 4.2.10 fails to enforce appropriate read-capability checks for its administration search functionality. This oversight enables users with lower privileges, such as Contributors, to access and reveal sensitive information that should remain protected....

PoC for CVE-2026-11965

WordPressUser Registration & Me...6.5MEDIUM
User Registration & Membership Plugin Flaw in WordPress Enables Una...

The User Registration & Membership plugin for WordPress prior to version 5.2.0 allows unauthenticated individuals to activate paid membership subscriptions without completing payment. This flaw occurs due to the lack of enforcement on payment verification during the account registration process, ...

Discovered 15 hours ago

PoC for CVE-2026-38751

DevCode-itOpenSTAManager7.2HIGH
Arbitrary File Upload Vulnerability in OpenSTAManager by DevCode-it

OpenSTAManager versions up to and including 2.10 contain a vulnerability that allows an attacker to upload arbitrary files via the module update functionality. This flaw exists in the 'upload_modules.php' script, which does not adequately validate file uploads, potentially enabling unauthorized a...

Discovered 16 hours ago

PoC for CVE-2025-69212

Devcode-itOpenstamanager9.4CRITICAL
OS Command Injection Vulnerability in OpenSTAManager by DevCode

OpenSTAManager, an open source management tool for technical assistance and invoicing, has a vulnerability in the P7M file decoding functionality. Versions 2.9.8 and earlier allow authenticated attackers to upload a ZIP file containing a maliciously crafted .p7m file. This could lead to the execu...

Discovered 22 hours ago

PoC for CVE-2026-6307

GoogleChrome8.8HIGH
Type Confusion Vulnerability in Google Chrome

A type confusion vulnerability exists within Turbofan in Google Chrome, affecting versions prior to 147.0.7727.101. This flaw allows a remote attacker to execute arbitrary code within a sandboxed environment by crafting a malicious HTML page. Exploiting this vulnerability can lead to unauthorized...

PoC for CVE-2026-23111

LinuxLinux7.8HIGH
Local Privilege Escalation Vulnerability in Linux Kernel Utilizing ...

A vulnerability exists in the Linux kernel's netfilter module that affects the nft_map_catchall_activate() function. This function encounters an inverted element activity check, leading to a failure in appropriately handling catchall map elements during a failed transaction. The bug arises when t...

Discovered 23 hours ago

PoC for CVE-2026-43735

AppleSafari8.1HIGH
Cross-Origin Data Exfiltration Vulnerability in Safari and iOS Prod...

A vulnerability has been identified in Safari and related Apple products that allows malicious websites to potentially exfiltrate sensitive data across different origins. The issue has been remediated with enhanced verification protocols in the latest versions, ensuring that requests made to exte...

Discovered 1 day ago

PoC for CVE-2026-58593

NodebbNodebb8.7HIGH
ActivityPub Author Spoofing in NodeBB by a Remote Actor

NodeBB's implementation of ActivityPub allows for an author spoofing vulnerability, where a remote actor can impersonate local users by manipulating the 'attributedTo' field in inbound ActivityPub objects. This is due to inadequate validation processes that fail to ensure that the 'attributedTo' ...

PoC for CVE-2026-58592

LadybirdbrowserLadybird8.9HIGH
Dangling Reference Memory-Safety Flaw in Ladybird WebAssembly Modul...

The Ladybird browser contains a memory-safety vulnerability characterized by a dangling reference in its WebAssembly ESM integration module loader. When JavaScript functions are imported into WebAssembly modules, improper handling results in a callback retaining a reference to a destroyed Functio...

PoC for CVE-2026-58457

Shenzhen Aitemi E...M300 Wi-fi Repeater9.3CRITICAL
Unauthenticated OS Command Injection in Shenzhen Aitemi M300 Wi-Fi ...

The Shenzhen Aitemi M300 Wi-Fi Repeater, specifically the hardware model MT02, is susceptible to an unauthenticated OS command injection vulnerability. This flaw allows network-adjacent attackers to execute arbitrary shell commands by exploiting unsanitized input through the smacfilter_conf handl...

PoC for CVE-2026-58451

HordeImp7.1HIGH
Path Traversal Flaw in Horde IMP Affects Configuration Files

The path traversal vulnerability in Horde IMP allows authenticated attackers to exploit improper validation in lib/Compose.php, enabling them to read arbitrary files from the server's filesystem. This occurs by embedding traversal sequences after an expected CKEditor path prefix in img src URLs. ...

PoC for CVE-2026-42945

F5Nginx Plus🟣 EPSS 61%9.2CRITICAL
Heap Buffer Overflow in NGINX Plus and NGINX Open Source Affecting ...

A vulnerability exists in the ngx_http_rewrite_module of NGINX Plus and NGINX Open Source, triggered when a rewrite directive is followed by an if or set directive that includes a Perl-Compatible Regular Expression (PCRE) capture and a replacement string with a question mark. Attackers can exploi...

PoC for CVE-2026-34114

GuardianLanguage-system9.3CRITICAL
OS Command Injection in Guardian Language-System by Vendor

The Guardian Language-System is vulnerable to an OS command injection through the 'id' parameter in the translate_text.php script. The application directly processes user input without proper sanitization, allowing an unauthenticated attacker to append malicious shell commands. This can lead to a...

PoC for CVE-2026-58454

JaiotlinkC492a-w6 Wi-fi Ip Camera7.7HIGH
Remote Code Execution Vulnerability in JAIOTlink Wi-Fi IP Cameras

The JAIOTlink C492A-W6 Wi-Fi IP cameras with firmware version 4.8.30.57701411 are vulnerable to a remote code execution flaw. Authenticated attackers can exploit this vulnerability by saving arbitrary shell scripts in the writable persistent JFFS2 storage. By utilizing the authenticated HTTP endp...

PoC for CVE-2026-58453

JaiotlinkC492a-w6 Wi-fi Ip Camera9.3CRITICAL
Hard-Coded Credentials Vulnerability in JAIOTlink C492A-W6 Wi-Fi IP...

The JAIOTlink C492A-W6 Wi-Fi IP cameras have a serious vulnerability where hard-coded credentials allow network-adjacent attackers to access the device. By exploiting default admin credentials and an empty password for the anyka_ipc HTTP service on port 80, unauthorized individuals can gain contr...

PoC for CVE-2026-58452

JaiotlinkC492a-w6 Wi-fi Ip Camera8.7HIGH
OS Command Injection in JAIOTlink C492A-W6 Wi-Fi IP Cameras by JAIO...

The JAIOTlink C492A-W6 Wi-Fi IP camera firmware version 4.8.30.57701411 is susceptible to an OS command injection flaw. This vulnerability allows authenticated attackers to execute arbitrary code remotely. By manipulating the Wireless parameter in the HTTP PUT NetSDK/Factory SetMAC endpoint, atta...

PoC for CVE-2026-57517

Control Web PanelControl Web Panel9.3CRITICAL
Blind SQL Injection in Control Web Panel Affects Web Management Ser...

The vulnerability in Control Web Panel allows unauthenticated attackers to exploit a blind SQL injection flaw. By submitting unsanitized input through the userRes POST parameter at the user endpoint, attackers can execute arbitrary SQL queries. This exploit can lead to unauthorized access to MySQ...

PoC for CVE-2026-58127

HylandPacsgear Mediawriter9.3CRITICAL
Unauthenticated Remote Code Execution in PACSgear MediaWriter

PACSgear MediaWriter 5.2.1 exposes a critical vulnerability via its .NET Remoting TCP service on port 9000. The service does not require authentication and allows remote attackers to read and write arbitrary files on the host system. By exploiting the unmarshalling technique of the MarshalByRefOb...

PoC for CVE-2026-58126

HylandPacsgear Pacs Scan9.3CRITICAL
Unauthenticated Remote Code Execution in PACSgear PACS Scan

PACSgear PACS Scan 5.2.1 is susceptible to an unauthenticated remote code execution vulnerability due to an exposed .NET Remoting TCP service operating on port 22222. This allows attackers to execute unauthorized commands and manipulate files remotely through PGImageExchQueue.exe without any auth...

PoC for CVE-2026-51947

PivotalPivotal CRM9.8CRITICAL
Insecure Deserialization Vulnerability in Pivotal CRM

A vulnerability in Pivotal CRM allows attackers to execute arbitrary code through the Pivotal.Engine.Client.Services.Conversion.dll component. This issue affects version 6.6.4.08 and is tied to an incomplete fix from a previous vulnerability. It can be exploited by remote attackers through specif...

PoC for CVE-2024-27198

JetbrainsTeamcity🟣 EPSS 100%9.8CRITICAL
Authentication Bypass in JetBrains TeamCity Allows Admin Actions

An authentication bypass vulnerability has been identified in JetBrains TeamCity, allowing unauthorized users to perform administrative actions. This flaw exists in versions of TeamCity prior to 2023.11.4 and poses a significant risk to the security of systems utilizing this software. Exploitatio...

Discovered 2 days ago

PoC for CVE-2026-11794

WordPressAdvanced Form Integrat...8.1HIGH
User Role Assignment Flaw in Advanced Form Integration Plugin by Wo...

The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin, prior to version 2.1.1, contains a security flaw that allows unauthenticated users to create user accounts with roles that may include administrator. This exploit arises when public form submissions configured through sp...

PoC for CVE-2026-11883

WordPressWebauthn Provider For ...7.2HIGH
Two-Factor Authentication Bypass in WebAuthn Provider for WordPress...

The WebAuthn Provider for Two Factor WordPress plugin prior to version 2.5.6 contains a security flaw that fails to adequately validate the second-factor authentication responses. This vulnerability enables an attacker, who already possesses a user's password, to bypass the two-factor authenticat...

PoC for CVE-2026-11887

WordPressSalon Booking System4.3MEDIUM
Authorization Bypass in Salon Booking System for WordPress

The Salon Booking System plugin for WordPress lacks adequate authorization checks on specific AJAX actions, allowing authenticated users—such as subscribers—to make unauthorized modifications. This weakness enables them to alter settings and bypass the necessary manual approval process for new bo...

PoC for CVE-2026-11570

WordPressUser Submitted Posts4.2MEDIUM
Stored Cross-Site Scripting in User Submitted Posts Plugin for Word...

The User Submitted Posts plugin for WordPress prior to version 20260608 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. This occurs due to the failure to properly escape submitted values before they are displayed in an admin-configured template. An attacker can exploit this f...

PoC for CVE-2026-11568

WordPressProduct Configurator F...7.5HIGH
Public AJAX Data Exposure in WooCommerce Product Configurator by Wo...

The Product Configurator for WooCommerce plugin before version 1.7.3 has a serious flaw where it fails to implement necessary authorization checks before exposing WooCommerce product data via a public AJAX action. This oversight allows anyone, even unauthenticated users, to access sensitive produ...

PoC for CVE-2026-11880

WordPressFluent Forms3.1LOW
Subscription Management Flaw in Fluent Forms Plugin for WordPress

The Fluent Forms plugin for WordPress prior to version 6.2.1 contains a vulnerability that allows low-privilege authenticated users to cancel subscriptions of other users. This flaw arises because the plugin fails to adequately verify the ownership of subscriptions before processing cancellation ...

PoC for CVE-2026-10750

WordPressRoyal Mcp8.1HIGH
Token Authentication Bypass in Royal MCP WordPress Plugin

The Royal MCP WordPress plugin prior to version 1.4.26 lacks sufficient capability checks following token authentication. This deficiency permits authenticated users, even those with low-privileged roles such as Subscribers, to access private content, enumerate users and their roles, and manipula...

PoC for CVE-2026-11562

WordPressWs Form Lite4.3MEDIUM
Authorization Flaw in WS Form LITE Plugin for WordPress

The WS Form LITE plugin for WordPress versions prior to 1.11.8 contains an authorization vulnerability that permits authenticated users, with subscriber-level access or higher, to alter the plugin's critical settings without adequate checks. This loophole can lead to unauthorized modifications, p...

PoC for CVE-2025-15666

Open Asset Import...Assimp4.8MEDIUM
Heap-Based Buffer Overflow in Open Asset Import Library Assimp up t...

A security vulnerability exists in Open Asset Import Library (Assimp) prior to version 5.4.3, specifically within the Assimp::SceneCombiner::Copy function located in the Model File Handler component. This issue arises from manipulations involving width and height arguments, leading to a heap-base...

PoC for CVE-2026-58138

Conductor-ossConductor9.3CRITICAL
Unauthenticated Remote Code Execution in Orkes Conductor by Orkes

An unauthenticated remote code execution vulnerability in Orkes Conductor versions prior to 3.30.2 could allow remote attackers to execute arbitrary operating system commands by submitting malicious JavaScript or Python expressions through workflow definitions to the workflow API endpoint without...

PoC for CVE-2026-46490

TnganSamlify8.7HIGH
SAML Injection Vulnerability in samlify Library by TNGan

The samlify library, used for SAML single sign-on in Node.js applications, is susceptible to an injection vulnerability prior to version 2.13.0. This issue arises because the library's template substitution mechanism fails to properly escape values inserted into XML element texts, allowing an att...

PoC for CVE-2025-40271

LinuxLinux
Use-After-Free Vulnerability in Linux Kernel's Networking Interface

A use-after-free vulnerability in the Linux kernel's networking interface may allow an attacker to access freed memory. The issue arises in the `proc_readdir_de()` function when directory entries are concurrently modified while being traversed. During high-stress scenarios, unregistering network ...

PoC for CVE-2026-46300

LinuxLinux7.8HIGH
Shared Fragment Marker Issue in Linux Kernel Network Functionality

A vulnerability in the Linux kernel affects the handling of shared-frag markers during packet coalescing. Specifically, the function skb_try_coalesce() can improperly transfer ownership of page-backed fragments without preserving the shared-frag marker. This loss can disrupt later processing, not...

PoC for CVE-2012-1823

PHPPHP🟣 EPSS 100%9.8CRITICAL
Remote Code Execution Vulnerability in PHP CGI Configuration

This vulnerability in PHP occurs when the software is configured to run as a CGI script. Specifically, when the query string lacks an equals sign, PHP fails to handle it appropriately, which can lead to remote attackers executing arbitrary code. This occurs due to insufficient validation of comma...

PoC for CVE-2026-22557

Ubiquiti IncUnifi Network Application🟣 EPSS 16%10CRITICAL
Path Traversal Vulnerability in UniFi Network Application from Ubiq...

A Path Traversal vulnerability exists in the UniFi Network Application, allowing attackers within the network to exploit the system. This vulnerability can enable malicious actors to access and manipulate files on the underlying operating system. Successful exploitation may lead to unauthorized a...

PoC for CVE-2025-69212

Devcode-itOpenstamanager9.4CRITICAL
OS Command Injection Vulnerability in OpenSTAManager by DevCode

OpenSTAManager, an open source management tool for technical assistance and invoicing, has a vulnerability in the P7M file decoding functionality. Versions 2.9.8 and earlier allow authenticated attackers to upload a ZIP file containing a maliciously crafted .p7m file. This could lead to the execu...