Publicly Disclosed
PoC Exploits

đź”´ Alway take caution when working with PoC Exploits đź”´

Discovered 57 minutes ago

PoC for CVE-2014-6271

GnuBash🟣 EPSS 94%9.8CRITICAL
Code Injection Vulnerability in GNU Bash by The GNU Project

GNU Bash versions up to 4.3 are vulnerable to a code injection flaw due to the mishandling of trailing strings after function definitions in environment variables. This vulnerability enables remote attackers to execute arbitrary code by crafting specific environment variables under various condit...

Discovered 1 hour ago

PoC for CVE-2025-53652

JenkinsJenkins Git Parameter ...8.2HIGH
Input Validation Flaw in Jenkins Git Parameter Plugin

The Jenkins Git Parameter Plugin has an input validation flaw that permits users with Item/Build permission to misuse Git parameters. When submitting a build, the plugin does not ensure that the Git parameter value provided matches one of the predefined options, enabling attackers to potentially ...

Discovered 2 hours ago

PoC for CVE-2025-8171

Code-projectsDocument Management Sy...5.3MEDIUM
Unrestricted File Upload Vulnerability in Code-Projects Document Ma...

A significant vulnerability has been identified in the Code-Projects Document Management System 1.0, specifically in the processing of the file `/insert.php`. This vulnerability allows attackers to manipulate the 'uploaded_file' argument, enabling unrestricted file uploads. The consequences of su...

PoC for CVE-2025-8170

TotolinkT68.7HIGH
Buffer Overflow Vulnerability in TOTOLINK T6 Routers

A vulnerability exists in the TOTOLINK T6 router, specifically in the MQTT Packet Handler's tcpcheck_net function. This issue arises due to improper handling of the serverIp argument, which can lead to a buffer overflow condition. An attacker can exploit this vulnerability remotely, potentially c...

Discovered 3 hours ago

PoC for CVE-2025-8169

D-linkDir-5138.7HIGH
Buffer Overflow Vulnerability in D-Link DIR-513 Router

A buffer overflow vulnerability exists in the D-Link DIR-513 router, specifically in the formSetWanPPTPcallback function within the HTTP POST Request Handler. This vulnerability can be exploited remotely by manipulating the curTime argument, potentially allowing attackers to execute arbitrary cod...

PoC for CVE-2025-8168

D-linkDir-5138.7HIGH
Buffer Overflow Vulnerability in D-Link DIR-513 Router Software

A vulnerability exists in the D-Link DIR-513 router's software due to improper handling of the argument 'curTime' within the 'websAspInit' function located in the '/goform/formSetWanPPPoE' file. This flaw allows attackers to exploit a buffer overflow condition, potentially leading to unauthorized...

Discovered 4 hours ago

PoC for CVE-2025-8167

Code-projectsChurch Donation System5.1MEDIUM
Cross-Site Scripting Vulnerability in Church Donation System by Cod...

A vulnerability has been identified in the Church Donation System 1.0 by Code-Projects, specifically within the /admin/edit_members.php file. This issue arises from inadequate input validation, allowing attackers to manipulate the 'fname' parameter, which can lead to Cross-Site Scripting (XSS) at...

PoC for CVE-2025-8166

Code-projectsChurch Donation System6.9MEDIUM
SQL Injection Vulnerability in Church Donation System by Code-Projects

A SQL injection vulnerability has been identified in the Church Donation System (version 1.0) developed by Code-Projects. The flaw resides within an unspecified function in the /admin/index.php file that handles HTTP POST requests. Through manipulating the 'Username' parameter, an attacker could ...

Discovered 5 hours ago

PoC for CVE-2025-8165

Code-projectsFood Review System5.3MEDIUM
SQL Injection Vulnerability in Food Review System by code-projects

A significant SQL injection vulnerability has been identified in the Food Review System, specifically within the handling of the file /admin/approve_reservation.php. This flaw arises from improper processing of the 'occasion' parameter, allowing attackers to manipulate SQL queries. The exploitati...

PoC for CVE-2025-8164

Code-projectsPublic Chat Room5.3MEDIUM
SQL Injection Vulnerability in Code-Projects Public Chat Room 1.0

A security vulnerability exists in the send_message.php file of the Code-Projects Public Chat Room 1.0 that allows for SQL injection through the manipulation of the ID argument. This issue can be exploited remotely, potentially compromising sensitive data. The vulnerability has been publicly disc...

Discovered 6 hours ago

PoC for CVE-2025-8163

DeerwmsDeer-wms-25.3MEDIUM
SQL Injection Vulnerability in DeerWMS Affects Multiple Versions

A significant SQL injection vulnerability has been identified in DeerWMS, specifically in the parameter handling of the /system/role/list file. By manipulating the 'params[dataScope]' argument, an attacker can execute remote SQL commands, potentially compromising the confidentiality and integrity...

PoC for CVE-2025-8162

DeerwmsDeer-wms-25.3MEDIUM
SQL Injection Vulnerability in Deer WMS by Deerwms

A critical SQL injection vulnerability exists in Deer WMS versions up to 3.3, specifically in the functionality associated with the file /system/dept/list. This security flaw allows an attacker to manipulate the argument params[dataScope], potentially leading to unauthorized access to sensitive d...

Discovered 7 hours ago

PoC for CVE-2025-8161

DeerwmsDeer-wms-25.3MEDIUM
SQL Injection Vulnerability in DeerWMS by DeerWMS

A security flaw exists in the DeerWMS product, specifically affecting versions up to 3.3. The vulnerability involves the improper handling of the parameters in the file /system/role/export, particularly the params[dataScope] argument. Malicious actors can exploit this vulnerability to perform SQL...

PoC for CVE-2014-125119

RarlabWinrar8.4HIGH
Filename Spoofing Vulnerability in WinRAR by RARLab

A filename spoofing vulnerability exists in WinRAR, where inconsistencies between the Central Directory and Local File Header in ZIP archives can be exploited. When users open specially crafted ZIP files, the file names displayed can differ from the actual files being extracted. This discrepancy ...

PoC for CVE-2014-125119

RarlabWinrar8.4HIGH
Filename Spoofing Vulnerability in WinRAR by RARLab

A filename spoofing vulnerability exists in WinRAR, where inconsistencies between the Central Directory and Local File Header in ZIP archives can be exploited. When users open specially crafted ZIP files, the file names displayed can differ from the actual files being extracted. This discrepancy ...

Discovered 8 hours ago

PoC for CVE-2016-15046

SamsungSecurity Manager8.6HIGH
Client-Side Remote Code Execution Vulnerability in Samsung Security...

A client-side remote code execution vulnerability can be exploited in Samsung Security Manager versions 1.32 and 1.4 due to improper restrictions on the PUT method provided by the included Apache ActiveMQ instance on port 8161. By leveraging a Cross-Origin Resource Sharing (CORS) bypass along wit...

PoC for CVE-2014-125115

Artica StPandora Fms10CRITICAL
SQL Injection Vulnerability in Pandora FMS by Pandora FMS

An unauthenticated SQL injection vulnerability exists in Pandora FMS versions prior to 5.0 SP3, specifically within the mobile/index.php endpoint. Attackers can exploit this flaw by manipulating the loginhash_data parameter, which is inadequately sanitized, leading to unauthorized extraction of a...

PoC for CVE-2014-125115

Artica StPandora Fms10CRITICAL
SQL Injection Vulnerability in Pandora FMS by Pandora FMS

An unauthenticated SQL injection vulnerability exists in Pandora FMS versions prior to 5.0 SP3, specifically within the mobile/index.php endpoint. Attackers can exploit this flaw by manipulating the loginhash_data parameter, which is inadequately sanitized, leading to unauthorized extraction of a...

PoC for CVE-2025-34114

Laser Romae s.r.l.Openblow8.4HIGH
Client-Side Security Misconfiguration in OpenBlow Whistleblowing Pl...

A security misconfiguration vulnerability in the OpenBlow whistleblowing platform arises from the lack of vital HTTP response headers, such as Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, and Cross-Origin-Resource-Policy. This oversight diminishes br...

PoC for CVE-2014-125114

I-ftpI-ftp8.4HIGH
Stack-based Buffer Overflow in i-Ftp 2.20 Vulnerability

A stack-based buffer overflow vulnerability impacts i-Ftp version 2.20, caused by inadequate handling of the Time attribute in the Schedule.xml file. An attacker can exploit this vulnerability by placing a malicious Schedule.xml file in the application directory, leading to a potential buffer ove...

PoC for CVE-2014-125114

I-ftpI-ftp8.4HIGH
Stack-based Buffer Overflow in i-Ftp 2.20 Vulnerability

A stack-based buffer overflow vulnerability impacts i-Ftp version 2.20, caused by inadequate handling of the Time attribute in the Schedule.xml file. An attacker can exploit this vulnerability by placing a malicious Schedule.xml file in the application directory, leading to a potential buffer ove...

PoC for CVE-2014-125114

I-ftpI-ftp8.4HIGH
Stack-based Buffer Overflow in i-Ftp 2.20 Vulnerability

A stack-based buffer overflow vulnerability impacts i-Ftp version 2.20, caused by inadequate handling of the Time attribute in the Schedule.xml file. An attacker can exploit this vulnerability by placing a malicious Schedule.xml file in the application directory, leading to a potential buffer ove...

PoC for CVE-2014-125116

HybridauthHybridauth9.3CRITICAL
Remote Code Execution Vulnerability in HybridAuth by HybridAuth Team

A remote code execution vulnerability has been identified in HybridAuth versions 2.0.9 to 2.2.2 stemming from insecure handling of the install.php script. Post-deployment, this script remains accessible and fails to adequately sanitize input before writing to the application’s configuration file ...

PoC for CVE-2014-125116

HybridauthHybridauth9.3CRITICAL
Remote Code Execution Vulnerability in HybridAuth by HybridAuth Team

A remote code execution vulnerability has been identified in HybridAuth versions 2.0.9 to 2.2.2 stemming from insecure handling of the install.php script. Post-deployment, this script remains accessible and fails to adequately sanitize input before writing to the application’s configuration file ...

PoC for CVE-2014-125116

HybridauthHybridauth9.3CRITICAL
Remote Code Execution Vulnerability in HybridAuth by HybridAuth Team

A remote code execution vulnerability has been identified in HybridAuth versions 2.0.9 to 2.2.2 stemming from insecure handling of the install.php script. Post-deployment, this script remains accessible and fails to adequately sanitize input before writing to the application’s configuration file ...

PoC for CVE-2013-10032

Getsimple Cms Pro...Getsimple Cms8.7HIGH
Remote Code Execution Vulnerability in GetSimpleCMS Product by GetS...

An authenticated remote code execution vulnerability is present in GetSimpleCMS version 3.2.1, allowing authenticated users to upload files without sufficient validation of their MIME types or extensions. By exploiting this weakness, attackers can upload a .pht file that disguises malicious PHP c...

PoC for CVE-2013-10032

Getsimple Cms Pro...Getsimple Cms8.7HIGH
Remote Code Execution Vulnerability in GetSimpleCMS Product by GetS...

An authenticated remote code execution vulnerability is present in GetSimpleCMS version 3.2.1, allowing authenticated users to upload files without sufficient validation of their MIME types or extensions. By exploiting this weakness, attackers can upload a .pht file that disguises malicious PHP c...

PoC for CVE-2014-125118

MicroworldEscan Web Management C...9.4CRITICAL
Command Injection Vulnerability in eScan Web Management Console by ...

A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The vulnerability arises due to inadequate sanitation of the 'pass' parameter during login requests to login.php. This flaw permits an authenticated attacker, possessing a valid username, to inject arbitra...

PoC for CVE-2014-125118

MicroworldEscan Web Management C...9.4CRITICAL
Command Injection Vulnerability in eScan Web Management Console by ...

A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The vulnerability arises due to inadequate sanitation of the 'pass' parameter during login requests to login.php. This flaw permits an authenticated attacker, possessing a valid username, to inject arbitra...

PoC for CVE-2014-125117

D-linkDsp-w2159.3CRITICAL
Stack-based Buffer Overflow in D-Link Devices Due to my_cgi.cgi

A stack-based buffer overflow has been identified in the my_cgi.cgi component of select D-Link devices, including the DSP-W215 version 1.02. This vulnerability can be exploited through a crafted HTTP POST request directed at the /common/info.cgi endpoint. An attacker without authentication can le...

PoC for CVE-2014-125117

D-linkDsp-w2159.3CRITICAL
Stack-based Buffer Overflow in D-Link Devices Due to my_cgi.cgi

A stack-based buffer overflow has been identified in the my_cgi.cgi component of select D-Link devices, including the DSP-W215 version 1.02. This vulnerability can be exploited through a crafted HTTP POST request directed at the /common/info.cgi endpoint. An attacker without authentication can le...

PoC for CVE-2014-125117

D-linkDsp-w2159.3CRITICAL
Stack-based Buffer Overflow in D-Link Devices Due to my_cgi.cgi

A stack-based buffer overflow has been identified in the my_cgi.cgi component of select D-Link devices, including the DSP-W215 version 1.02. This vulnerability can be exploited through a crafted HTTP POST request directed at the /common/info.cgi endpoint. An attacker without authentication can le...

PoC for CVE-2025-8160

TendaAc208.7HIGH
Buffer Overflow Vulnerability in Tenda AC20 Router

A buffer overflow vulnerability has been identified in the Tenda AC20 router, specifically within the SetSysTimeCfg function of the httpd component. This flaw allows an attacker to manipulate the timeZone argument, leading to a potential remote exploit. The vulnerability affects Tenda AC20 device...

Discovered 9 hours ago

PoC for CVE-2025-8159

D-linkDir-5138.7HIGH
Stack-Based Buffer Overflow in D-Link DIR-513 Router

A significant vulnerability exists in the D-Link DIR-513 router related to the formLanguageChange function in the HTTP POST Request Handler. The issue arises from improper handling of the curTime argument, leading to a stack-based buffer overflow. This vulnerability enables attackers to execute a...

Discovered 10 hours ago

PoC for CVE-2025-8158

PHPgurukulLogin And User Managem...5.3MEDIUM
SQL Injection Vulnerability in PHPGurukul Login and User Management...

A SQL injection vulnerability exists in the PHPGurukul Login and User Management System 3.3, specifically within the 'yesterday-reg-users.php' file. By manipulating the argument ID, remote attackers can execute unauthorized SQL queries against the database. This flaw can expose sensitive data and...

PoC for CVE-2025-8157

PHPgurukulUser Registration & Lo...5.3MEDIUM
SQL Injection Vulnerability in PHPGurukul User Registration & Login

A vulnerability exists in PHPGurukul User Registration & Login and User Management version 3.3, where an SQL injection vulnerability can be exploited through manipulated input in the /admin/lastthirtyays-reg-users.php file. This flaw enables attackers to execute arbitrary SQL queries remotely, po...

Discovered 11 hours ago

PoC for CVE-2025-8156

PHPgurukulUser Registration & Lo...5.3MEDIUM
SQL Injection Vulnerability in PHPGurukul User Registration & Login...

A SQL injection vulnerability exists in the PHPGurukul User Registration & Login and User Management version 3.3, specifically in the /admin/lastsevendays-reg-users.php file. This vulnerability allows attackers to manipulate the ID parameter, potentially enabling unauthorized access to sensitive ...

PoC for CVE-2025-51411

Institute-of-Curr...Institute-of-Current-S...6.1MEDIUM
Reflected Cross-Site Scripting in Institute-of-Current-Students App...

A reflected cross-site scripting (XSS) vulnerability has been identified in the Institute-of-Current-Students application, specifically affecting version 1.0. This vulnerability arises from improper sanitization of user input in the email parameter of the /postquerypublic endpoint. An attacker ca...

Discovered 14 hours ago

PoC for CVE-2025-8140

TotolinkA702r8.7HIGH
Buffer Overflow Vulnerability in TOTOLINK A702R HTTP POST Request H...

A buffer overflow vulnerability has been identified in the TOTOLINK A702R router, specifically within the HTTP POST Request Handler located in the /boafrm/formWlanMultipleAP file. This flaw allows an attacker to manipulate the submit-url argument, potentially enabling remote exploitation. The vul...

Discovered 15 hours ago

PoC for CVE-2025-8139

TotolinkA702r8.7HIGH
Buffer Overflow Vulnerability in TOTOLINK A702R HTTP Request Handler

A buffer overflow vulnerability exists in the HTTP POST Request Handler of the TOTOLINK A702R, specifically related to the manipulation of the 'service_type' parameter in the /boafrm/formPortFw file. This flaw allows an attacker to exploit the system remotely, potentially compromising its integri...

PoC for CVE-2025-8138

TotolinkA702r8.7HIGH
Buffer Overflow in TOTOLINK A702R HTTP POST Request Handler

The TOTOLINK A702R contains a vulnerability in the HTTP POST request handler, specifically within the formOneKeyAccessButton component. By manipulating the 'submit-url' argument, an attacker may trigger a buffer overflow condition. This can be exploited remotely, posing a significant risk to devi...

Discovered 16 hours ago

PoC for CVE-2025-8137

TotolinkA702r8.7HIGH
Buffer Overflow Vulnerability in TOTOLINK A702R HTTP POST Request H...

A buffer overflow vulnerability exists in the HTTP POST Request Handler of the TOTOLINK A702R device. This vulnerability could be exploited remotely through the manipulation of the 'mac' argument in the '/boafrm/formIpQoS' file. If successfully exploited, this issue allows attackers to execute ar...

PoC for CVE-2025-8136

TotolinkA702r8.7HIGH
Buffer Overflow in TOTOLINK A702R Affects Remote HTTP POST Handler

A buffer overflow vulnerability exists in the TOTOLINK A702R router, specifically within the HTTP POST Request Handler component. This issue arises from improper handling of the 'ip6addr' argument, allowing remote attackers to exploit the vulnerability and potentially execute arbitrary code. The ...

Discovered 17 hours ago

PoC for CVE-2025-8135

ItsourcecodeInsurance Management S...5.3MEDIUM
SQL Injection Vulnerability in itsourcecode Insurance Management Sy...

The itsourcecode Insurance Management System 1.0 is susceptible to a SQL injection vulnerability via the /updateAgent.php file. This flaw allows unauthorized manipulation of the 'agent_id' parameter, potentially enabling remote attackers to execute arbitrary SQL commands on the underlying databas...

PoC for CVE-2025-8134

PHPgurukulBp Monitoring Manageme...5.3MEDIUM
SQL Injection Vulnerability in PHPGurukul BP Monitoring Management ...

The PHPGurukul BP Monitoring Management System version 1.0 is susceptible to an SQL injection vulnerability through the manipulation of the 'fromdate' and 'todate' parameters in the /bwdates-report-result.php file. This flaw allows attackers to execute unauthorized SQL commands remotely, potentia...

PoC for CVE-2025-7022

WordPressMy Reservation System6.1MEDIUM
Reflected Cross-Site Scripting Vulnerability in My Reservation Syst...

The My Reservation System WordPress plugin, up to version 2.3, is susceptible to a reflected cross-site scripting (XSS) vulnerability. This issue arises due to insufficient sanitization and escaping of parameters before rendering them on the page, potentially allowing attackers to exploit this fl...

Discovered 18 hours ago

PoC for CVE-2025-8133

Yanyutao0402Chancms5.3MEDIUM
Server-Side Request Forgery in yanyutao0402 ChanCMS Affects Multipl...

A server-side request forgery vulnerability exists in yanyutao0402 ChanCMS versions up to 3.1.2, specifically affecting the getArticle function in app/modules/api/service/gather.js. An unauthenticated attacker can manipulate the targetUrl argument to initiate requests to internal services, potent...

PoC for CVE-2025-8132

Yanyutao0402Chancms5.3MEDIUM
Path Traversal Vulnerability in ChanCMS by yanyutao0402

A security flaw exists in ChanCMS versions up to 3.1.2 that allows for path traversal through the delfile function in app/extend/utils.js. This vulnerability can be exploited remotely, potentially enabling unauthorized file deletion. The issue has been publicly disclosed, heightening the risk of ...

Discovered 19 hours ago

PoC for CVE-2025-8131

TendaAc208.7HIGH
Stack-based Buffer Overflow in Tenda AC20 Router

A stack-based buffer overflow vulnerability exists in the Tenda AC20 router version 16.03.08.05, specifically within the functionality of the /goform/SetStaticRouteCfg file. This flaw arises from improper handling of argument lists, permitting remote attackers to potentially execute arbitrary cod...

PoC for CVE-2025-8129

KoajsKoa5.1MEDIUM
Open Redirect Vulnerability in KoaJS Koa Library

An open redirect vulnerability has been identified in the KoaJS Koa library, specifically within the HTTP Header Handler in 'lib/response.js'. This flaw allows for the manipulation of the 'Referrer' argument, which can be exploited to redirect users to unintended external sites. The vulnerability...