Publicly Disclosed
PoC Exploits
🔴 Alway take caution when working with PoC Exploits 🔴
Discovered just now...
PoC for CVE-2023-44487
The HTTP/2 protocol is susceptible to a denial of service vulnerability that can be exploited via rapid stream resets. This allows attackers to overwhelm servers by rapidly canceling requests, leading to significant resource consumption and potential service disruption. Exploitation of this vulne...
Discovered 17 minutes ago
PoC for CVE-2026-21962
An easily exploitable vulnerability in the Oracle HTTP Server and Oracle Weblogic Server Proxy Plug-in may allow unauthenticated attackers to gain access via HTTP. Attackers can compromise the server and potentially impact data integrity and confidentiality. This vulnerability can lead to unautho...
Discovered 21 minutes ago
PoC for CVE-2026-22187
Bio-Formats versions up to and including 8.3.0 are susceptible to a vulnerability in the loci.formats.Memoizer class, which performs unsafe Java deserialization of .bfmemo files. This occurs during image processing when the application automatically loads and deserializes these memo files without...
Discovered 28 minutes ago
PoC for CVE-2026-20404
In MediaTek's modem, a security flaw exists due to insufficient input validation, which could allow attackers to induce a system crash. This vulnerability particularly arises when a User Equipment (UE) connects to a maliciously controlled rogue base station. Notably, the exploitation of this flaw...
Discovered 5 hours ago
PoC for CVE-2025-6018
A Local Privilege Escalation vulnerability exists in pam-config, part of the Linux Pluggable Authentication Modules (PAM). This flaw permits a local attacker, such as an SSH user, to escalate their privileges to those of a privileged console user. By exploiting this vulnerability, attackers can e...
Discovered 6 hours ago
PoC for CVE-2026-2260
A command injection vulnerability exists in the D-Link DCS-931L camera model up to version 1.13.0, affecting the /goform/setSysAdmin endpoint. By manipulating the AdminID argument, an attacker can execute arbitrary OS commands remotely. This vulnerability is particularly concerning as it affects ...
PoC for CVE-2026-2259
Aardappel Lobster has a vulnerability within the lobster::Parser::ParseStatements function in the library dev/src/lobster/parser.h. This flaw, which affects versions up to 2025.4, allows for memory corruption triggered from a local environment. The public disclosure of this vulnerability raises t...
Discovered 11 hours ago
PoC for CVE-2017-7921
Hikvision network camera devices suffer from an improper authentication vulnerability, which arises when the system fails to adequately authenticate users. This deficiency could enable an attacker to escalate privileges and obtain sensitive information, risking the integrity and confidentiality o...
Discovered 13 hours ago
PoC for CVE-2025-9074
A security issue in Docker Desktop has been discovered, enabling local running Linux containers to communicate with the Docker Engine API through the default Docker subnet. This issue can arise irrespective of whether Enhanced Container Isolation (ECI) is active or if the 'Expose daemon on tcp://...
PoC for CVE-2026-2246
A memory corruption vulnerability has been identified in the function apriltag_detector_detect of the Apriltag library. This issue allows for potential local exploitation, which may lead to unexpected behavior and security risks. Attackers with local access could manipulate the affected function,...
Discovered 14 hours ago
PoC for CVE-2026-2245
A vulnerability exists in CCExtractor affecting versions up to 183, specifically in the parse_PAT and parse_PMT functions within the MPEG-TS File Parser component. This issue arises from improper handling of input, leading to potential out-of-bounds read conditions. The exploit requires a local e...
Discovered 16 hours ago
PoC for CVE-2026-2242
A vulnerability has been identified in Janet, the programming language developed by Janet-lang, where a flaw in the 'janetc_if' function within 'src/core/specials.c' could allow for an out-of-bounds read. This security issue requires local execution for exploitation and has been publicly disclose...
PoC for CVE-2025-6018
A Local Privilege Escalation vulnerability exists in pam-config, part of the Linux Pluggable Authentication Modules (PAM). This flaw permits a local attacker, such as an SSH user, to escalate their privileges to those of a privileged console user. By exploiting this vulnerability, attackers can e...
PoC for CVE-2026-25049
n8n, the open-source workflow automation platform, has a vulnerability that allows authenticated users who can create or modify workflows to manipulate expressions in workflow parameters. This could lead to unintended command execution on the host system running n8n, posing a significant security...
Discovered 17 hours ago
PoC for CVE-2026-2241
A vulnerability has been identified in Janet Language versions prior to 1.40.1, specifically within the os_strftime function of the src/core/os.c file. This flaw allows local attackers to perform manipulations that could result in out-of-bounds reads. Such vulnerabilities can lead to unauthorized...
PoC for CVE-2026-2240
A vulnerability exists in the Janet programming language, specifically in the janetc_pop_funcdef function located in src/core/compile.c. This issue allows for out-of-bounds read operations, potentially exposing sensitive data when exploited. The attack must be executed locally. It is crucial for ...
Discovered 19 hours ago
PoC for CVE-2025-6018
A Local Privilege Escalation vulnerability exists in pam-config, part of the Linux Pluggable Authentication Modules (PAM). This flaw permits a local attacker, such as an SSH user, to escalate their privileges to those of a privileged console user. By exploiting this vulnerability, attackers can e...
Discovered 22 hours ago
PoC for CVE-2026-23723
The WeGIA Web Manager for charitable institutions contains an authenticated SQL Injection vulnerability in the Atendido_ocorrenciaControle endpoint, specifically through the id_memorando parameter. This security flaw can lead to full database exfiltration, exposing sensitive Personally Identifiab...
Discovered 23 hours ago
PoC for CVE-2026-2227
A command injection vulnerability exists in the D-Link DCS-931L camera's firmware, specifically in the 'doSystem' function located in the '/setSystemAdmin' file. This issue arises from improper handling of the 'AdminID' argument, allowing remote attackers to execute arbitrary commands. This vulne...
PoC for CVE-2025-55182
A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...
PoC for CVE-2026-2226
A significant vulnerability exists in DouPHP affecting versions up to 1.9, linked to improper handling of input in the file /admin/file.php, specifically concerning the ZIP File Handler. This flaw allows an attacker to manipulate the sql_filename argument, facilitating unrestricted file uploads. ...
Discovered 1 day ago
PoC for CVE-2026-2225
A significant SQL injection vulnerability exists within the itsourcecode News Portal Project version 1.0. This flaw specifically targets the Administrator Login component, where improper handling of user input in the email argument of the /admin/index.php file allows attackers to manipulate SQL q...
PoC for CVE-2026-2224
A security flaw has been identified in the Online Reviewer System version 1.0 developed by Code-Projects that enables attackers to exploit the application through cross site scripting (XSS). The vulnerability specifically affects the file /system/system/admins/manage/users/btn_functions.php, wher...
PoC for CVE-2026-2223
A security vulnerability has been identified within the Online Reviewer System version 1.0 by Code-Projects. This issue is associated with a particular functionality in the file located at /system/system/students/assessments/pretest/take/index.php. An unvalidated manipulation of the argument ID c...
PoC for CVE-2026-2221
A vulnerability identified in Code-Projects' Online Reviewer System 1.0 can be exploited via the /login/index.php file. By manipulating the Username argument, attackers can execute SQL injection attacks remotely, potentially compromising the system's integrity. This security flaw has been made pu...
PoC for CVE-2026-2220
A vulnerability exists in the Code-Projects Online Reviewer System 1.0, specifically in the /system/system/admins/assessments/pretest/btn_functions.php file. This flaw can be exploited through remote manipulation of the difficulty_id parameter, enabling attackers to execute SQL injection attacks....
PoC for CVE-2026-2218
A command injection vulnerability exists in D-Link DCS-933L firmware versions up to 1.14.11 due to improper handling of parameters in the '/setSystemAdmin' functionality of the alphapd component. This flaw allows an attacker to remotely execute arbitrary commands by manipulating the AdminID argum...
PoC for CVE-2024-46987
Camaleon CMS, a robust content management system built on Ruby on Rails, has a path traversal vulnerability in the MediaController's download_private_file method. This flaw permits authenticated users to potentially download any file stored on the web server, depending on file permissions configu...
PoC for CVE-2026-2217
A security flaw has been identified in version 1.0 of the itsourcecode Event Management System, specifically within the /admin/manage_user.php file. The vulnerability arises due to improper handling of user input in an unknown function, allowing an attacker to manipulate the ID argument. This res...
PoC for CVE-2026-2216
A vulnerability has been identified in the WeRSS we-mp-rss plugin versions up to 1.4.8. The flaw resides in the function download_export_file located in apis/tools.py, where improper validation of the filename argument can enable attackers to perform path traversal. This can lead to unauthorized ...
PoC for CVE-2026-2215
A vulnerability has been identified in the rachelos WeRSS we-mp-rss component, particularly regarding the JWT Handler in the core/auth.py file. An attacker can manipulate the SECRET_KEY argument, leading to the use of a default cryptographic key. This scenario poses significant risks as it allows...
PoC for CVE-2026-2214
A vulnerability has been discovered in the Code-Projects Plugin specifically within the AdminAddAlbum.php file. This weakness allows attackers to manipulate the txtalbum argument, leading to potential cross site scripting attacks. Exploitation of this vulnerability could be executed remotely, pos...
PoC for CVE-2026-2213
A security flaw has been identified in the Code-Projects Online Music Site 1.0, specifically within the functionality of the file located at /Administrator/PHP/AdminAddAlbum.php. The vulnerability allows for an unrestricted file upload due to improper handling of the argument 'txtimage'. This fla...
PoC for CVE-2026-2212
A vulnerability exists in the Online Music Site 1.0 developed by Code-Projects, specifically within the file /Administrator/PHP/AdminEditCategory.php. This flaw enables an SQL injection attack via manipulation of the argument ID, allowing remote attackers to execute unauthorized SQL commands. The...
PoC for CVE-2026-2211
A security vulnerability exists in Code-Projects' Online Music Site version 1.0, specifically within the /Administrator/PHP/AdminDeleteCategory.php file. An attacker can manipulate the ID argument, resulting in a SQL injection. This vulnerability allows for unauthorized access and manipulation of...
PoC for CVE-2026-2210
A vulnerability exists in the D-Link DIR-823X router that allows remote attackers to exploit the 'set_filtering' function. By manipulating specific parameters, an attacker can execute arbitrary operating system commands, potentially leading to unauthorized access and control over the affected dev...
PoC for CVE-2026-2203
A vulnerability exists in the Tenda AC8 router's Embedded Httpd Service, specifically within the /goform/fast_setting_wifi_set function. This flaw arises when manipulating the 'timeZone' argument, leading to a buffer overflow. Such a vulnerability can allow remote attackers to exploit the flaw, p...
PoC for CVE-2026-2202
A buffer overflow vulnerability exists in the Tenda AC8 router, specifically in the 'fromSetWifiGusetBasic' function of the '/goform/WifiGuestSet' component. The flaw is triggered by improper handling of the 'shareSpeed' argument, which allows an attacker to execute arbitrary code remotely. The e...
PoC for CVE-2026-2201
A security vulnerability has been identified in the ZeroWdd StudentManager, specifically within the addLeave function of LeaveController.java. This vulnerability allows for cross-site scripting (XSS) attacks through improper handling of the 'Reason for Leave' input, potentially enabling remote at...
PoC for CVE-2026-2200
A weakness has been discovered in heyewei JFinalCMS 5.0.0, specifically in the API Endpoint's save function located at /admin/admin/save. This vulnerability allows attackers to perform cross-site scripting (XSS) attacks, which can be executed remotely. Publicly available exploit vectors have been...
PoC for CVE-2026-2199
A security flaw exists in the Code-Projects Online Reviewer System 1.0, specifically affecting the user deletion functionality located in the file /reviewer/system/system/admins/manage/users/user-delete.php. An unauthenticated attacker can exploit this flaw by manipulating the 'ID' parameter, lea...
PoC for CVE-2026-2198
A vulnerability exists in the Online Reviewer System 1.0 from Code-Projects, specifically within the file /system/system/admins/assessments/pretest/loaddata.php. This flaw, stemming from the manipulation of the 'difficulty_id' parameter, allows for SQL injection attacks. Attackers can exploit thi...
PoC for CVE-2026-2197
A vulnerability in the Code-Projects Online Reviewer System version 1.0 allows for SQL injection through manipulation of the 'test_id' argument in the '/system/system/admins/assessments/pretest/exam-delete.php' file. This security flaw can be exploited remotely, enabling potential attackers to ma...
PoC for CVE-2026-2196
A SQL injection vulnerability exists in the Code-Projects Online Reviewer System version 1.0 within the 'exam-update.php' file. The issue arises when the 'test_id' parameter is manipulated, allowing remote attackers to execute arbitrary SQL queries. This vulnerability poses a significant risk as ...
PoC for CVE-2026-2195
A security flaw has been identified in the Online Reviewer System 1.0 by Code-Projects, located in the admin assessment interface. This vulnerability enables an attacker to manipulate the argument ID within the questions-view.php file, leading to potential SQL injection attacks. This exploit can ...
PoC for CVE-2026-2194
A security flaw has been identified in the D-Link DI-7100G C1 router, specifically within the start_proxy_client_email function. This vulnerability allows an attacker to execute commands on the device remotely, potentially compromising its security. Exploitation can be carried out without physica...
PoC for CVE-2026-2192
A security vulnerability affecting the Tenda AC9 router has been identified, specifically in its function formGetRebootTimer. By manipulating arguments like sys.schedulereboot.start_time and sys.schedulereboot.end_time, an attacker can induce a stack-based buffer overflow. This vulnerability can ...
PoC for CVE-2026-2191
A vulnerability in the Tenda AC9 router has been identified, specifically in the function formGetDdosDefenceList. This flaw allows for the manipulation of the argument security.ddos.map, leading to a stack-based buffer overflow. This weakness can be exploited remotely, presenting significant secu...
PoC for CVE-2026-2190
A security flaw has been identified in the itsourcecode School Management System version 1.0, which affects the processing of user input in the controller.php file. This vulnerability allows remote attackers to exploit an unvalidated argument ID, leading to SQL injection attacks. By manipulating ...
PoC for CVE-2026-2189
A critical SQL injection vulnerability has been discovered in the itsourcecode School Management System version 1.0. This flaw is located in the file /ramonsys/report/index.php, where improper handling of a user-supplied argument, 'ay', allows an attacker to execute arbitrary SQL queries against ...