Publicly Disclosed
PoC Exploits
🔴 Alway take caution when working with PoC Exploits 🔴
Discovered 1 hour ago
PoC for CVE-2026-10104
The Product Video Gallery for Woocommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping in the custom_thumbnail parameter. Authenticated users with shop manager-level access can exploit this vulnerability to inject mali...
PoC for CVE-2026-14776
A security flaw has been identified in the SourceCodester Online Examination & Learning Management System 1.0, specifically within the pathinfo function of the /upload_files.php file associated with the Filename Extension component. This vulnerability enables an attacker to manipulate upload func...
Discovered 2 hours ago
PoC for CVE-2026-14775
A vulnerability exists in the SourceCodester Online Examination & Learning Management System 1.0 that allows attackers to exploit the /process_lesson.php file. By manipulating the user_id parameter, unauthorized users can upload files without restrictions. This can lead to serious security risks,...
PoC for CVE-2026-14774
A SQL injection vulnerability has been identified in the Itsourcecode Hospital Management System version 1.0, specifically within the /paymentdischarge.php file. This vulnerability arises due to improper handling of the patientid parameter, which can be manipulated by an attacker to execute arbit...
PoC for CVE-2026-14773
A SQL injection vulnerability has been discovered in the itsourcecode Hospital Management System 1.0, specifically affecting the /payment.php file. This flaw allows an attacker to manipulate the 'patientid' parameter, enabling unauthorized access to the database. The attack can be executed remote...
PoC for CVE-2026-14772
A vulnerability exists in the SourceCodester Class and Exam Timetabling System 1.0 where an SQL injection can be executed via the manipulation of the ID parameter in the /edit_course1.php file. This flaw allows remote attackers to inject malicious SQL statements, potentially leading to unauthoriz...
PoC for CVE-2020-11023
In jQuery, there is a vulnerability that affects versions starting from 1.0.3 up to, but not including, 3.5.0. This flaw allows malicious actors to execute untrusted code if HTML containing <option> elements is passed to jQuery's DOM manipulation methods, such as .html() and .append(), even after...
Discovered 3 hours ago
PoC for CVE-2026-14771
A security flaw was discovered in the SourceCodester Class and Exam Timetabling System, specifically in the editing functionality of the application. The vulnerability resides in the /edit_exam1.php file, where an unknown function allows manipulation of the argument ID. This breach can enable att...
PoC for CVE-2025-59382
A remote code execution vulnerability has been identified in select QNAP NAS products. This issue could potentially allow attackers to execute arbitrary code on affected systems, posing a significant risk to data integrity and system functionality. QNAP has released patches to address this vulner...
PoC for CVE-2026-14770
A critical SQL injection vulnerability exists within the SourceCodester Class and Exam Timetabling System, specifically in the /edit_room.php file. This flaw allows attackers to manipulate the argument ID, potentially leading to unauthorized access and manipulation of the database. The exploit ca...
Discovered 4 hours ago
PoC for CVE-2026-14769
A security vulnerability has been identified in the Real State Services application version 1.0, specifically in the /pay.php file. Malicious actors can exploit this vulnerability by manipulating the 'Bankname' parameter, potentially leading to SQL injection attacks. This type of attack can be ex...
PoC for CVE-2026-14768
A significant SQL injection vulnerability has been discovered in Code-Projects Real State Services 1.0, which impacts the file /builderHome.php. An attacker can manipulate the 'loc' argument, potentially leading to unauthorized access to the database. This vulnerability allows for remote exploita...
Discovered 5 hours ago
PoC for CVE-2026-14767
A security flaw identified in the CodeAstro Ecommerce Website version 1.0 allows for SQL injection through manipulation of the 'invoice_no' parameter in the /ecommerce-website-php/customer/confirm.php file. This vulnerability enables attackers to execute SQL commands remotely, posing significant ...
Discovered 6 hours ago
PoC for CVE-2026-14766
A vulnerability exists in the CodeAstro Apartment Visitor Management System where improper handling of the 'searchdata' parameter in the '/apartment-visitor/search-result.php' file allows an attacker to perform SQL injection. This could lead to unauthorized access to sensitive data within the app...
Discovered 8 hours ago
PoC for CVE-2026-14764
A vulnerability in the Hotel and Tourism Reservation software, specifically within the /admin/add_event.php component, allows for SQL injection through manipulation of the 'fdetails' argument. This weakness can be exploited remotely, potentially compromising the security of the system. Users shou...
PoC for CVE-2026-14763
A vulnerability exists in the Hotel and Tourism Reservation application version 1.0, specifically within the Tour Reservations Page component. The flaw arises from improper handling of input in the file /admin/tour_reserves.php, which allows an attacker to manipulate arguments, leading to SQL inj...
PoC for CVE-2026-14762
A significant SQL injection vulnerability has been identified in the Hotel and Tourism Reservation application by Code-Projects, specifically within the Room Management Page component. The vulnerability arises from the manipulation of an argument within the /admin/rooms.php file, allowing an atta...
Discovered 9 hours ago
PoC for CVE-2026-14761
A security vulnerability has been identified in the radareorg radare2 software, specifically within the functions r_str_ndup and r_str_append in the code file libr/util/str.c. This issue is characterized by an integer overflow which may be exploited through local attack vectors. Public disclosure...
PoC for CVE-2026-14760
A vulnerability exists in Radare2, specifically within the r_core_seek_arch_bits function of libr/core/disasm.c. This flaw allows for a use after free condition, which can be exploited by an attacker with local access. Once exploited, it could lead to unexpected behavior or potentially open avenu...
PoC for CVE-2026-14759
A significant security flaw has been identified in the Radare2 tool up to version 6.1.6, specifically within the RBinJava Line Number Table Parser. The vulnerability resides in the function responsible for calculating the size of inner classes attributes, which can result in a heap-based buffer o...
PoC for CVE-2026-14758
A vulnerability has been identified in radareorg's radare2 up to version 6.1.6, affecting the cmd_anal_opcode function within the hexpairs Parser component. This issue arises due to integer overflow that can be exploited locally, potentially leading to unauthorized actions or system instability. ...
Discovered 10 hours ago
PoC for CVE-2026-14757
A vulnerability has been identified in radareorg's radare2 software, specifically in the core_anal_bytes function located within the libr/core/cmd_anal.inc file. This issue involves an integer overflow which can potentially be exploited by an attacker with local access to the system. The vulnerab...
PoC for CVE-2026-14756
The Hotel and Tourism Reservation application developed by code-projects contains a vulnerability within the Tour Management Page. Specifically, the handling of the delete_image parameter in the /admin/add_tour.php file is susceptible to SQL injection attacks. This imperfection allows an adversar...
PoC for CVE-2026-14755
An SQL injection vulnerability exists in the Hotel and Tourism Reservation software, specifically within the /admin/reservations.php file of the Reservations Management Page. This flaw arises from improper handling of the 'delete' argument, enabling attackers to manipulate SQL queries and potenti...
Discovered 11 hours ago
PoC for CVE-2026-14753
A vulnerability exists in mjperpinosa's Stumasy within the Note Handler and Assignment Handler components, specifically impacting the /PHP/objects/notes file. This vulnerability allows for an authorization bypass through manipulation of the argument 'assignment_item_id'. The exploit can be execut...
PoC for CVE-2026-14752
A security flaw has been identified in the Stumasy application provided by mjperpinosa, specifically in the add_definition function located in add_into_dictionary.php. This vulnerability allows attackers to exploit the argument reference, potentially facilitating remote cross site scripting attac...
PoC for CVE-2026-14751
A vulnerability exists in the mjperpinosa Stumasy application, specifically in the Notes_controller::search_scratch_data function within search_scratch_data.php. This flaw occurs due to improper handling of the 'field_name' argument, allowing for SQL injection attacks that can be executed remotel...
PoC for CVE-2026-14750
A security flaw in mjperpinosa Stumasy allows for SQL injection attacks through the accessing_dictionary_authorization function. The vulnerability arises from improper handling of the Password argument in the application/PHP/objects/notes/accessing_dictionary_authorization.php file. Attackers can...
Discovered 12 hours ago
PoC for CVE-2026-14749
A code injection vulnerability has been detected in the mjperpinosa Stumasy application, specifically in the eval function located in application/pages/imba_calculator/calculate.php. This flaw allows an attacker to manipulate the 'mathematical_sentence' argument, potentially leading to unauthoriz...
PoC for CVE-2026-39047
A Buffer Overflow vulnerability exists in the EPSON L14150 FL27PB printer that can be exploited by a remote attacker. By leveraging weaknesses in the RAW Printing Service (JetDirect) operating over TCP port 9100, an attacker can execute arbitrary code on the affected device. This unaddressed vuln...
PoC for CVE-2026-14748
A vulnerability has been identified in the AIAnytime Awesome-MCP-Server affecting the mcp-wiki/wiki-summary component. This flaw allows for the manipulation of the 'url' argument in the server.py file, potentially leading to server-side request forgery (SSRF) attacks. These attacks can be initiat...
PoC for CVE-2026-59509
An improper input validation vulnerability exists in the POST /fetch_cve_data endpoint of cve-search. This flaw can be exploited by remote attackers to manipulate request parameters, allowing them to control the MongoDB collection and projected fields, as well as leverage regular-expression filte...
Discovered 13 hours ago
PoC for CVE-2026-14746
A security vulnerability has been identified in version 1.0 of the Real State Services application by Code-Projects. This issue arises within an undisclosed function in the '/addprojectrent.php' file, where insufficient validation of user-supplied data allows attackers to manipulate the 'amen' ar...
PoC for CVE-2026-14745
A vulnerability exists in the code-projects Real State Services version 1.0, specifically in the /single-list_rent.php file. This weakness can be exploited by manipulating the argument ID of an unknown function, leading to a SQL injection. Remote attackers can exploit this flaw without requiring ...
PoC for CVE-2026-14744
A security flaw in code-projects Real State Services version 1.0 allows for SQL injection via the /normalHomeRent.php file. Specifically, an attacker can manipulate the 'loc' argument, enabling remote exploitation. This makes the application susceptible to unauthorized database access and potenti...
PoC for CVE-2026-14743
An SQL injection vulnerability exists in code-projects Real State Services version 1.0, located in the /normalHomeSale.php file. This issue arises from improper handling of user-supplied input, specifically within the argument 'loc.' An attacker can exploit this vulnerability remotely to manipula...
Discovered 14 hours ago
PoC for CVE-2026-14742
A vulnerability exists within langchain-ai's langgraph up to version 1.2.4 in the Task Result Cache component, specifically in the _freeze function located in _cache.py. This flaw arises from improper manipulation of the default_cache_key argument, leading to the implementation of a weak hash. Al...
PoC for CVE-2026-14738
A security flaw has been identified in Exo's Vision Feature Cache component, specifically within the _image_cache_key function located in the vision.py file of the Exo Explore up to version 1.0.71. This vulnerability arises from the use of a weak hashing mechanism, rendering it susceptible to exp...
PoC for CVE-2026-14737
A SQL injection vulnerability has been identified in the Hanwang e-Face General Management Platform version 6.3.5.4. This issue arises from improper handling of input parameters in the file /sysAuthStr/querySysAuthStr.do, allowing remote attackers to manipulate the argument order. As a result, un...
Discovered 15 hours ago
PoC for CVE-2026-14736
A vulnerability exists in Ruijie RG-UAC versions up to 1.0-R1.8.2.p5, specifically within the 'user_auth_commit.php' file. This flaw allows attackers to manipulate the 'upload_image' argument, enabling unrestricted file uploads. Since the issue can be exploited remotely, it poses a significant se...
PoC for CVE-2026-14734
A security flaw has been identified in the SourceCodester Class and Exam Timetabling System 1.0, specifically within the /edit_product.php file. This vulnerability allows for SQL injection attacks through the manipulation of the argument ID, potentially enabling remote exploitation by attackers. ...
PoC for CVE-2026-14733
A SQL injection vulnerability has been identified in the SourceCodester Class and Exam Timetabling System version 1.0. This flaw is found in the file /edit_coursea.php, where improper handling of the input parameter 'ID' allows attackers to manipulate database queries. As a result, this vulnerabi...
Discovered 16 hours ago
PoC for CVE-2026-14732
A security vulnerability has been identified in the SourceCodester Class and Exam Timetabling System version 1.0. This issue is located in the file /edit_exam.php, where manipulation of the ID argument can lead to SQL injection attacks. Such vulnerabilities allow attackers to execute malicious SQ...
PoC for CVE-2026-14731
A vulnerability exists in the itsourcecode Hospital Management System 1.0 that affects the /patientreport.php file. An attacker can exploit this weakness by manipulating the 'editid' argument, leading to SQL injection attacks. This security flaw allows remote execution, potentially exposing sensi...
PoC for CVE-2026-9090
Casdoor prior to version 2.362.0 is susceptible to an authentication bypass vulnerability. An attacker can exploit this weakness by supplying an arbitrary signing certificate, bypassing the security checks. The flawed buildSpCertificateStore function retrieves the X.509 certificate directly from ...
PoC for CVE-2026-14730
A security flaw has been identified in the itsourcecode Hospital Management System version 1.0, specifically in the /patientprofile.php file. This vulnerability allows an attacker to manipulate the 'patientname' argument, potentially leading to SQL injection. The issue is of particular concern as...
Discovered 17 hours ago
PoC for CVE-2026-54998
A security flaw in Microsoft Exchange Online permits an attacker with valid credentials to escalate their privileges, potentially leading to unauthorized access and manipulation of sensitive data across the network. This vulnerability underscores the importance of robust access controls and monit...
PoC for CVE-2026-14722
A vulnerability in TidGi-Desktop, specifically within the Git Repository Import component, allows for code injection via an unknown function in the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts. Attackers can exploit this vulnerability remotely, potentially compromising the so...
PoC for CVE-2026-14721
A buffer overflow vulnerability exists in the UTT HiPER 1250GW Web Endpoint, specifically in the file /goform/ConfigWirelessBase_5g. The manipulation of the ssid parameter can lead to a stack-based buffer overflow, which might allow an attacker to execute arbitrary code remotely. Given that this ...
PoC for CVE-2026-14719
An improper privilege management vulnerability has been identified in the SourceCodester Online Examination & Learning Management System 1.0. This flaw resides in an unverified function within the file register.php, specifically under the Registration Endpoint. The vulnerability allows for remote...