Publicly Disclosed
PoC Exploits
🔴 Alway take caution when working with PoC Exploits 🔴
Discovered 6 hours ago
PoC for CVE-2024-32462
The vulnerability CVE-2024-32462 in the Flatpak software system for Linux allows a malicious or compromised Flatpak app to execute arbitrary code outside its sandbox in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8. The vulnerability can be exploited by passing `bwrap` arguments to the `--co...
Discovered 8 hours ago
PoC for CVE-2025-5299
The SourceCodester Client Database Management System 1.0 is susceptible to a vulnerability that allows attackers to upload files without any restrictions. This issue is due to improper handling of the 'uploaded_file_cancelled' argument in the '/user_order_customer_update.php' file. Malicious acto...
PoC for CVE-2025-5298
A significant SQL injection vulnerability exists in the Campcodes Online Hospital Management System version 1.0. This issue is triggered by improper handling of the 'fromdate' and 'todate' parameters in the admin interface located in the 'betweendates-detailsreports.php' file. An attacker can exp...
PoC for CVE-2025-5297
A stack-based buffer overflow vulnerability has been identified in the SourceCodester Computer Store System version 1.0, specifically within the Add function of the main.c file. This vulnerability occurs due to improper handling of user inputs for the laptopcompany, RAM, and Processor parameters....
Discovered 9 hours ago
PoC for CVE-2025-5295
A buffer overflow vulnerability exists in the PORT Command Handler of FreeFloat FTP Server 1.0.0, which can be exploited remotely. The flaw allows attackers to manipulate the server's handling of commands leading to potential unauthorized access or service disruptions. Given the public disclosure...
Discovered 10 hours ago
PoC for CVE-2025-24071
The vulnerability in Microsoft Windows File Explorer poses a security risk by allowing unauthorized access to sensitive information. In an environment where it is present, attackers can exploit this flaw to spoof identities over a network, potentially compromising data integrity and confidentiali...
Discovered 21 hours ago
PoC for CVE-2025-24071
The vulnerability in Microsoft Windows File Explorer poses a security risk by allowing unauthorized access to sensitive information. In an environment where it is present, attackers can exploit this flaw to spoof identities over a network, potentially compromising data integrity and confidentiali...
Discovered 1 day ago
PoC for CVE-2023-40130
A logic error in the CallRedirectionProcessor.java file within Google's Android Telecommunication Services allows a possible permission bypass. This vulnerability can facilitate local escalation of privilege, enabling unauthorized background activities without additional execution privileges. Not...
PoC for CVE-2025-5252
A SQL injection vulnerability exists in the PHPGurukul News Portal Project version 4.1, specifically in the /admin/edit-subadmin.php file. This flaw allows an attacker to manipulate the 'emailid' parameter, resulting in unauthorized database queries that could be executed remotely. Due to its pub...
PoC for CVE-2025-5251
A vulnerability has been identified in PHPGurukul News Portal Project 4.1, specifically related to the manipulation of the 'Category' argument in the /admin/edit-subcategory.php file. This weakness allows attackers to execute SQL injection attacks remotely, potentially compromising the security o...
PoC for CVE-2025-5250
A vulnerability exists in the PHPGurukul News Portal Project version 4.1, specifically in the file /admin/edit-category.php, where improper handling of the 'Category' argument can allow for SQL injection attacks. This flaw can be exploited remotely, leading to unauthorized access to sensitive dat...
PoC for CVE-2025-5249
A vulnerability exists in the PHPGurukul News Portal Project 4.1 that allows an attacker to manipulate the 'Category' argument in the /admin/add-category.php file, leading to SQL injection. This flaw can be exploited remotely, allowing unauthorized access to database information. Given that the e...
PoC for CVE-2025-5248
A remote SQL injection vulnerability exists in the PHPGurukul Company Visitor Management System version 1.0, specifically within the '/bwdates-reports-details.php' file. This weakness allows an attacker to manipulate the 'fromdate' and 'todate' parameters, potentially leading to unauthorized acce...
PoC for CVE-2025-5247
A vulnerability has been identified in Gowabby HFish version 0.1, specifically within the LoadUrl function located in the file view/url.go. This flaw arises from improper handling of the 'r' argument, enabling potential unauthorized access. The vulnerability can be exploited remotely, allowing at...
PoC for CVE-2025-5246
A vulnerability has been identified in Campcodes Online Hospital Management System version 1.0, specifically in the file /hms/admin/query-details.php. This type of vulnerability allows for SQL injection, stemming from improper validation of input parameters, particularly in the 'adminremark' argu...
PoC for CVE-2025-5245
A vulnerability has been discovered in the GNU Binutils objdump component which allows for memory corruption in the debug_type_samep function. This issue affects versions of GNU Binutils up to 2.44 and requires local access for exploitation. The exploit has been made public, highlighting the nece...
PoC for CVE-2025-5244
A serious vulnerability exists in the GNU Binutils up to version 2.44, specifically within the elf_gc_sweep function of the ld component in elflink.c. This flaw can lead to memory corruption, allowing an attacker to manipulate memory in a way that might compromise the system. The exploit requires...
PoC for CVE-2025-3248
Langflow versions earlier than 1.3.0 are vulnerable to a code injection flaw located in the /api/v1/validate/code endpoint. This issue can be exploited by remote attackers without authentication, allowing them to send specially crafted HTTP requests, which may lead to the execution of arbitrary c...
Discovered 2 days ago
PoC for CVE-2024-38014
A vulnerability exists within the Windows Installer component that allows attackers to gain elevated privileges on affected systems. This weakness can be exploited to perform unauthorized actions on the system, compromising security and data integrity. Users are encouraged to review the associate...
PoC for CVE-2025-5232
A SQL injection vulnerability has been discovered in the PHPGurukul Student Study Center Management System, specifically in the processing of the file /admin/report.php. This vulnerability arises due to improper handling of user-supplied parameters, namely 'fromdate' and 'todate', allowing an att...
PoC for CVE-2025-4389
The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is susceptible to arbitrary file uploads due to insufficient file type validation within the crawlomatic_generate_featured_image() function. This vulnerability enables unauthenticated attackers to upload unauthorized files to t...
PoC for CVE-2025-5231
A SQL injection vulnerability exists in the PHPGurukul Company Visitor Management System 1.0, specifically in the /forgot-password.php file. This vulnerability allows attackers to manipulate the 'email' parameter, enabling unauthorized access and potential data breaches. The manipulation can be e...
PoC for CVE-2025-5230
A SQL injection vulnerability has been identified in the PHPGurukul Online Nurse Hiring System version 1.0, specifically affecting the file /admin/bwdates-report-details.php. By manipulating the parameters 'fromdate' and 'todate', attackers can execute arbitrary SQL commands, potentially compromi...
PoC for CVE-2025-5229
A vulnerability exists in the Campcodes Online Hospital Management System, specifically within the /admin/view-patient.php file. An attacker can exploit this issue by manipulating the 'viewid' parameter, leading to SQL injection challenges. This may allow unauthorized access to the database, pote...
PoC for CVE-2025-5228
The D-Link DI-8100 router, up to version 20250523, contains a stack-based buffer overflow vulnerability in its jhttpd component. The issue arises when the 'notify' argument in the /login.cgi function is manipulated, potentially allowing unauthorized access to the device. While the exploit must or...
PoC for CVE-2025-5227
A vulnerability has been identified in PHPGurukul Small CRM version 3.0, where improper processing in the /admin/manage-tickets.php file leads to SQL injection. Attackers could manipulate the 'aremark' argument, potentially allowing for unauthorized database access and manipulation. The vulnerabi...
PoC for CVE-2025-5226
A security vulnerability in PHPGurukul Small CRM version 3.0 allows attackers to execute SQL injection through the manipulation of the 'oldpass' argument in the /admin/change-password.php file. This flaw potentially enables unauthorized access to sensitive data, due to improper validation of user...
PoC for CVE-2025-5225
A SQL injection vulnerability exists in the Campcodes Advanced Online Voting System v1.0, specifically affecting the /index.php file. This vulnerability allows remote attackers to manipulate the 'voter' argument, potentially leading to unauthorized data access or compromise of the system. The exp...
PoC for CVE-2025-5224
A significant security vulnerability has been identified in the Campcodes Online Hospital Management System version 1.0, specifically in the /admin/add-doctor.php file. This flaw arises from improper validation of the 'Doctorspecialization' argument, which makes it susceptible to SQL injection at...
PoC for CVE-2025-5221
A buffer overflow vulnerability exists in FreeFloat FTP Server 1.0.0, specifically within the QUOTE Command Handler component. This flaw allows an attacker to manipulate the buffer, potentially leading to remote code execution. The issue has been publicly disclosed, raising concerns about the sec...
PoC for CVE-2025-5220
A vulnerability exists in FreeFloat FTP Server version 1.0.0 related to the GET Command Handler. This issue stems from improper handling of input that may lead to a buffer overflow, allowing remote attackers to execute arbitrary code. The exploit has been publicly disclosed, increasing the urgenc...
PoC for CVE-2025-5219
A buffer overflow vulnerability exists in the ASCII Command Handler of FreeFloat FTP Server 1.0.0, potentially allowing remote attackers to exploit this flaw. The vulnerability arises from improper handling of input, which can lead to unauthorized access or execution of arbitrary code. Publicly d...
PoC for CVE-2025-5218
A critical vulnerability has been discovered in the FreeFloat FTP Server 1.0.0, specifically in the LITERAL Command Handler component. This flaw allows for a buffer overflow, which can be exploited remotely, potentially enabling an attacker to execute arbitrary code. The exploit has been made pub...
PoC for CVE-2025-5217
A significant buffer overflow vulnerability has been identified within the RMDIR Command Handler of FreeFloat FTP Server 1.0.0. This flaw allows remote attackers to manipulate the processing of commands, potentially leading to unauthorized access or system crashes. As this exploit has been public...
PoC for CVE-2025-5216
A SQL injection vulnerability exists in the PHPGurukul Student Record System 3.20, affecting the /login.php file. This flaw allows an attacker to manipulate the ID parameter, potentially executing arbitrary SQL queries against the database. The vulnerability can be exploited remotely, posing sign...
PoC for CVE-2025-5213
A SQL injection vulnerability exists in the Projectworlds Responsive E-Learning System, specifically targeting the /admin/delete_file.php script. By manipulating the ID parameter, an attacker can execute malicious SQL queries, potentially compromising the database. This vulnerability can be explo...
PoC for CVE-2025-5214
A security flaw has been identified in the Kashipara Responsive Online Learning Platform version 1.0, specifically in the handling of the argument ID within the file /courses/course_detail_user_new.php. This vulnerability allows for SQL injection attacks, which can be exploited remotely by attack...
PoC for CVE-2025-5212
A vulnerability exists in the PHPGurukul Employee Record Management System 1.3 that allows malicious users to exploit an unvalidated input in the /admin/editempexp.php file. By manipulating the 'emp1name' parameter, attackers can execute SQL injection attacks, leading to unauthorized data access ...
PoC for CVE-2025-5211
A SQL injection vulnerability exists in the PHPGurukul Employee Record Management System version 1.3, specifically affecting the processing of the file myprofile.php. The issue arises when the EmpCode argument is manipulated, allowing remote attackers to execute arbitrary SQL commands. This vulne...
PoC for CVE-2025-5210
A significant SQL injection vulnerability exists within the PHPGurukul Employee Record Management System version 1.3. This flaw resides in the '/loginerms.php' file, where improper handling of the Email argument allows attackers to execute arbitrary SQL queries against the database. The vulnerabi...
PoC for CVE-2025-5208
A vulnerability in the SourceCodester Online Hospital Management System version 1.0 exists in the /admin/check_availability.php file. This issue is triggered by improper handling of the 'emailid' argument, allowing an attacker to execute SQL injection attacks. Such exploitation can be carried out...
PoC for CVE-2025-5207
A SQL injection vulnerability has been identified in the SourceCodester Client Database Management System 1.0, specifically in the /superadmin_update_profile.php file. This security flaw allows attackers to manipulate the 'nickname' or 'email' arguments leading to unauthorized access and potentia...
PoC for CVE-2025-5206
A vulnerability in the Installation component of Pixelimity allows for SQL injection via the site_description argument of the /install/index.php file. This flaw can be exploited remotely, potentially leading to unauthorized access to the database. The exploit has been made public, increasing the ...
PoC for CVE-2025-5205
A SQL injection vulnerability has been identified in the 1000 Projects Daily College Class Work Report Book 1.0, specifically in the /dcwr_entry.php file. This flaw arises from improper handling of input data related to the 'Date' argument, allowing attackers to manipulate SQL queries. Remote exp...
PoC for CVE-2025-5204
A vulnerability has been identified in version 5.4.3 of the Open Asset Import Library, specifically within the MDLImporter::ParseSkinLump_3DGS_MDL7 function located in MDLMaterialLoader.cpp. This flaw allows for an out-of-bounds read, which can be exploited locally. The issue has been disclosed p...
PoC for CVE-2025-5203
A vulnerability has been identified in Open Asset Import Library Assimp version 5.4.3, specifically within the SkipSpaces function located in the ParsingUtils.h file. This flaw allows for an out-of-bounds read condition when certain input scenarios are exploited. Local access is necessary to expl...
PoC for CVE-2025-5202
A vulnerability exists within the Open Asset Import Library (Assimp) version 5.4.3, specifically in the HL1MDLLoader::validate_header function located in the assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp file. This vulnerability allows for an out-of-bounds read, posing potential risks when m...
PoC for CVE-2025-5201
A local vulnerability has been identified in the Open Asset Import Library Assimp version 5.4.3, specifically in the LWOImporter::CountVertsAndFacesLWO2 function found in the LWOLoader.cpp file. This issue allows for potential out-of-bounds reads, which may expose sensitive information during pro...
PoC for CVE-2025-5200
A flaw exists in the Open Asset Import Library (Assimp) version 5.4.3 affecting the MDLImporter::InternReadFile_Quake1 function located in the MDLLoader.cpp file. This vulnerability allows an attacker to perform out-of-bounds reads, potentially leading to information disclosure or other unforesee...
PoC for CVE-2025-46173
The Online Exam Mastering System version 1.0 faces a Cross Site Scripting (XSS) vulnerability. This flaw allows attackers to inject malicious scripts through the name field in the feedback form, potentially compromising user data and session information. Proper input validation and sanitization m...