Publicly Disclosed
PoC Exploits

🔴 Alway take caution when working with PoC Exploits 🔴

Discovered just now...

PoC for CVE-2025-59382

QNAPQts1.2LOW
Remote Code Execution Vulnerability in QNAP NAS Products

A remote code execution vulnerability has been identified in select QNAP NAS products. This issue could potentially allow attackers to execute arbitrary code on affected systems, posing a significant risk to data integrity and system functionality. QNAP has released patches to address this vulner...

Discovered 3 hours ago

PoC for CVE-2026-14764

Code-projectsHotel And Tourism Rese...6.9MEDIUM
SQL Injection Vulnerability in Hotel and Tourism Reservation by Cod...

A vulnerability in the Hotel and Tourism Reservation software, specifically within the /admin/add_event.php component, allows for SQL injection through manipulation of the 'fdetails' argument. This weakness can be exploited remotely, potentially compromising the security of the system. Users shou...

PoC for CVE-2026-14763

Code-projectsHotel And Tourism Rese...6.9MEDIUM
SQL Injection Vulnerability in Hotel and Tourism Reservation by Cod...

A vulnerability exists in the Hotel and Tourism Reservation application version 1.0, specifically within the Tour Reservations Page component. The flaw arises from improper handling of input in the file /admin/tour_reserves.php, which allows an attacker to manipulate arguments, leading to SQL inj...

PoC for CVE-2026-14762

Code-projectsHotel And Tourism Rese...6.9MEDIUM
SQL Injection Vulnerability in Hotel and Tourism Reservation by Cod...

A significant SQL injection vulnerability has been identified in the Hotel and Tourism Reservation application by Code-Projects, specifically within the Room Management Page component. The vulnerability arises from the manipulation of an argument within the /admin/rooms.php file, allowing an atta...

PoC for CVE-2026-14761

RadareorgRadare24.8MEDIUM
Integer Overflow Vulnerability in radareorg radare2 Software

A security vulnerability has been identified in the radareorg radare2 software, specifically within the functions r_str_ndup and r_str_append in the code file libr/util/str.c. This issue is characterized by an integer overflow which may be exploited through local attack vectors. Public disclosure...

Discovered 4 hours ago

PoC for CVE-2026-14760

RadareorgRadare24.8MEDIUM
Use After Free Vulnerability in Radare2 by Radareorg

A vulnerability exists in Radare2, specifically within the r_core_seek_arch_bits function of libr/core/disasm.c. This flaw allows for a use after free condition, which can be exploited by an attacker with local access. Once exploited, it could lead to unexpected behavior or potentially open avenu...

PoC for CVE-2026-14759

RadareorgRadare24.8MEDIUM
Heap-Based Buffer Overflow in radareorg Radare2 Up to Version 6.1.6

A significant security flaw has been identified in the Radare2 tool up to version 6.1.6, specifically within the RBinJava Line Number Table Parser. The vulnerability resides in the function responsible for calculating the size of inner classes attributes, which can result in a heap-based buffer o...

PoC for CVE-2026-14758

RadareorgRadare24.8MEDIUM
Integer Overflow Vulnerability in radareorg radare2 Product

A vulnerability has been identified in radareorg's radare2 up to version 6.1.6, affecting the cmd_anal_opcode function within the hexpairs Parser component. This issue arises due to integer overflow that can be exploited locally, potentially leading to unauthorized actions or system instability. ...

PoC for CVE-2026-14757

RadareorgRadare24.8MEDIUM
Integer Overflow Vulnerability in radareorg radare2 Product Suite

A vulnerability has been identified in radareorg's radare2 software, specifically in the core_anal_bytes function located within the libr/core/cmd_anal.inc file. This issue involves an integer overflow which can potentially be exploited by an attacker with local access to the system. The vulnerab...

Discovered 5 hours ago

PoC for CVE-2026-14756

Code-projectsHotel And Tourism Rese...6.9MEDIUM
SQL Injection Vulnerability in Hotel and Tourism Reservation by cod...

The Hotel and Tourism Reservation application developed by code-projects contains a vulnerability within the Tour Management Page. Specifically, the handling of the delete_image parameter in the /admin/add_tour.php file is susceptible to SQL injection attacks. This imperfection allows an adversar...

PoC for CVE-2026-14755

Code-projectsHotel And Tourism Rese...6.9MEDIUM
SQL Injection Vulnerability in Hotel Management Software by Code-Pr...

An SQL injection vulnerability exists in the Hotel and Tourism Reservation software, specifically within the /admin/reservations.php file of the Reservations Management Page. This flaw arises from improper handling of the 'delete' argument, enabling attackers to manipulate SQL queries and potenti...

PoC for CVE-2026-14753

MjperpinosaStumasy6.9MEDIUM
Authorization Bypass in mjperpinosa Stumasy Note Handler/Assignment...

A vulnerability exists in mjperpinosa's Stumasy within the Note Handler and Assignment Handler components, specifically impacting the /PHP/objects/notes file. This vulnerability allows for an authorization bypass through manipulation of the argument 'assignment_item_id'. The exploit can be execut...

Discovered 6 hours ago

PoC for CVE-2026-14752

MjperpinosaStumasy5.1MEDIUM
Cross Site Scripting Vulnerability in mjperpinosa Stumasy Application

A security flaw has been identified in the Stumasy application provided by mjperpinosa, specifically in the add_definition function located in add_into_dictionary.php. This vulnerability allows attackers to exploit the argument reference, potentially facilitating remote cross site scripting attac...

PoC for CVE-2026-14751

MjperpinosaStumasy5.3MEDIUM
SQL Injection Vulnerability in mjperpinosa Stumasy Application

A vulnerability exists in the mjperpinosa Stumasy application, specifically in the Notes_controller::search_scratch_data function within search_scratch_data.php. This flaw occurs due to improper handling of the 'field_name' argument, allowing for SQL injection attacks that can be executed remotel...

PoC for CVE-2026-14750

MjperpinosaStumasy6.9MEDIUM
SQL Injection Vulnerability in mjperpinosa Stumasy Software

A security flaw in mjperpinosa Stumasy allows for SQL injection attacks through the accessing_dictionary_authorization function. The vulnerability arises from improper handling of the Password argument in the application/PHP/objects/notes/accessing_dictionary_authorization.php file. Attackers can...

PoC for CVE-2026-14749

MjperpinosaStumasy6.9MEDIUM
Code Injection Vulnerability in mjperpinosa Stumasy Application

A code injection vulnerability has been detected in the mjperpinosa Stumasy application, specifically in the eval function located in application/pages/imba_calculator/calculate.php. This flaw allows an attacker to manipulate the 'mathematical_sentence' argument, potentially leading to unauthoriz...

Discovered 7 hours ago

PoC for CVE-2026-14748

AianytimeAwesome-mcp-server5.3MEDIUM
Server-Side Request Forgery Vulnerability in AIAnytime Awesome-MCP-...

A vulnerability has been identified in the AIAnytime Awesome-MCP-Server affecting the mcp-wiki/wiki-summary component. This flaw allows for the manipulation of the 'url' argument in the server.py file, potentially leading to server-side request forgery (SSRF) attacks. These attacks can be initiat...

PoC for CVE-2026-59509

Cve-searchCve-search9.2CRITICAL
Unauthenticated Input Validation Issue in cve-search

An improper input validation vulnerability exists in the POST /fetch_cve_data endpoint of cve-search. This flaw can be exploited by remote attackers to manipulate request parameters, allowing them to control the MongoDB collection and projected fields, as well as leverage regular-expression filte...

PoC for CVE-2026-14746

Code-projectsReal State Services6.9MEDIUM
SQL Injection Vulnerability in Code-Projects Real State Services by...

A security vulnerability has been identified in version 1.0 of the Real State Services application by Code-Projects. This issue arises within an undisclosed function in the '/addprojectrent.php' file, where insufficient validation of user-supplied data allows attackers to manipulate the 'amen' ar...

Discovered 8 hours ago

PoC for CVE-2026-14745

Code-projectsReal State Services6.9MEDIUM
SQL Injection Vulnerability in code-projects Real State Services by...

A vulnerability exists in the code-projects Real State Services version 1.0, specifically in the /single-list_rent.php file. This weakness can be exploited by manipulating the argument ID of an unknown function, leading to a SQL injection. Remote attackers can exploit this flaw without requiring ...

PoC for CVE-2026-14744

Code-projectsReal State Services6.9MEDIUM
SQL Injection Vulnerability in code-projects Real State Services by...

A security flaw in code-projects Real State Services version 1.0 allows for SQL injection via the /normalHomeRent.php file. Specifically, an attacker can manipulate the 'loc' argument, enabling remote exploitation. This makes the application susceptible to unauthorized database access and potenti...

PoC for CVE-2026-14743

Code-projectsReal State Services6.9MEDIUM
SQL Injection Vulnerability in code-projects Real State Services

An SQL injection vulnerability exists in code-projects Real State Services version 1.0, located in the /normalHomeSale.php file. This issue arises from improper handling of user-supplied input, specifically within the argument 'loc.' An attacker can exploit this vulnerability remotely to manipula...

PoC for CVE-2026-14742

Langchain-aiLanggraph2.3LOW
Weak Hash Vulnerability in langchain-ai langgraph Product

A vulnerability exists within langchain-ai's langgraph up to version 1.2.4 in the Task Result Cache component, specifically in the _freeze function located in _cache.py. This flaw arises from improper manipulation of the default_cache_key argument, leading to the implementation of a weak hash. Al...

Discovered 9 hours ago

PoC for CVE-2026-14738

Exo-exploreExo6.3MEDIUM
Weak Hash Vulnerability in Exo's Vision Feature Cache Component

A security flaw has been identified in Exo's Vision Feature Cache component, specifically within the _image_cache_key function located in the vision.py file of the Exo Explore up to version 1.0.71. This vulnerability arises from the use of a weak hashing mechanism, rendering it susceptible to exp...

PoC for CVE-2026-14737

HanwangE-face General Managem...6.9MEDIUM
SQL Injection Vulnerability in Hanwang e-Face General Management Pl...

A SQL injection vulnerability has been identified in the Hanwang e-Face General Management Platform version 6.3.5.4. This issue arises from improper handling of input parameters in the file /sysAuthStr/querySysAuthStr.do, allowing remote attackers to manipulate the argument order. As a result, un...

PoC for CVE-2026-14736

RuijieRg-uac6.9MEDIUM
Unrestricted File Upload Vulnerability in Ruijie RG-UAC

A vulnerability exists in Ruijie RG-UAC versions up to 1.0-R1.8.2.p5, specifically within the 'user_auth_commit.php' file. This flaw allows attackers to manipulate the 'upload_image' argument, enabling unrestricted file uploads. Since the issue can be exploited remotely, it poses a significant se...

Discovered 10 hours ago

PoC for CVE-2026-14734

SourcecodesterClass And Exam Timetab...6.9MEDIUM
SQL Injection Vulnerability in SourceCodester Class and Exam Timeta...

A security flaw has been identified in the SourceCodester Class and Exam Timetabling System 1.0, specifically within the /edit_product.php file. This vulnerability allows for SQL injection attacks through the manipulation of the argument ID, potentially enabling remote exploitation by attackers. ...

PoC for CVE-2026-14733

SourcecodesterClass And Exam Timetab...6.9MEDIUM
SQL Injection Vulnerability in SourceCodester Class and Exam Timeta...

A SQL injection vulnerability has been identified in the SourceCodester Class and Exam Timetabling System version 1.0. This flaw is found in the file /edit_coursea.php, where improper handling of the input parameter 'ID' allows attackers to manipulate database queries. As a result, this vulnerabi...

PoC for CVE-2026-14732

SourcecodesterClass And Exam Timetab...6.9MEDIUM
SQL Injection Vulnerability in SourceCodester Class and Exam Timeta...

A security vulnerability has been identified in the SourceCodester Class and Exam Timetabling System version 1.0. This issue is located in the file /edit_exam.php, where manipulation of the ID argument can lead to SQL injection attacks. Such vulnerabilities allow attackers to execute malicious SQ...

Discovered 11 hours ago

PoC for CVE-2026-14731

ItsourcecodeHospital Management Sy...5.3MEDIUM
SQL Injection Vulnerability in itsourcecode Hospital Management System

A vulnerability exists in the itsourcecode Hospital Management System 1.0 that affects the /patientreport.php file. An attacker can exploit this weakness by manipulating the 'editid' argument, leading to SQL injection attacks. This security flaw allows remote execution, potentially exposing sensi...

PoC for CVE-2026-9090

CasdoorCasdoor9.1CRITICAL
Authentication Bypass Vulnerability in Casdoor by Authing

Casdoor prior to version 2.362.0 is susceptible to an authentication bypass vulnerability. An attacker can exploit this weakness by supplying an arbitrary signing certificate, bypassing the security checks. The flawed buildSpCertificateStore function retrieves the X.509 certificate directly from ...

PoC for CVE-2026-14730

ItsourcecodeHospital Management Sy...5.3MEDIUM
SQL Injection Vulnerability in itsourcecode Hospital Management Sys...

A security flaw has been identified in the itsourcecode Hospital Management System version 1.0, specifically in the /patientprofile.php file. This vulnerability allows an attacker to manipulate the 'patientname' argument, potentially leading to SQL injection. The issue is of particular concern as...

Discovered 12 hours ago

PoC for CVE-2026-14722

Tiddly-gittlyTidgi-desktop6.9MEDIUM
Code Injection Vulnerability in TidGi-Desktop by tiddly-gittly

A vulnerability in TidGi-Desktop, specifically within the Git Repository Import component, allows for code injection via an unknown function in the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts. Attackers can exploit this vulnerability remotely, potentially compromising the so...

PoC for CVE-2026-14721

UttHiper 1250gw8.7HIGH
Stack-Based Buffer Overflow in UTT HiPER 1250GW Web Endpoint

A buffer overflow vulnerability exists in the UTT HiPER 1250GW Web Endpoint, specifically in the file /goform/ConfigWirelessBase_5g. The manipulation of the ssid parameter can lead to a stack-based buffer overflow, which might allow an attacker to execute arbitrary code remotely. Given that this ...

PoC for CVE-2026-14719

SourcecodesterOnlne Examination & Le...6.9MEDIUM
Improper Privilege Management in SourceCodester Online Examination ...

An improper privilege management vulnerability has been identified in the SourceCodester Online Examination & Learning Management System 1.0. This flaw resides in an unverified function within the file register.php, specifically under the Registration Endpoint. The vulnerability allows for remote...

PoC for CVE-2026-33017

Langflow-aiLangflow🟣 EPSS 98%9.3CRITICAL
Authentication Bypass in Langflow Tool for AI-Powered Workflows

Langflow, a tool for constructing and deploying AI-driven agents and workflows, is susceptible to a vulnerability in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint in versions before 1.9.0. This vulnerability enables an attacker to build public flows without authentication, leveraging ...

Discovered 13 hours ago

PoC for CVE-2026-14717

ItsourcecodeHospital Management Sy...5.3MEDIUM
SQL Injection Vulnerability in itsourcecode Hospital Management System

The itsourcecode Hospital Management System 1.0 contains a SQL injection vulnerability in the /patientlogin.php file, specifically within an unknown function. By manipulating the 'loginid' argument, an attacker may exploit this flaw remotely to execute arbitrary SQL queries against the database. ...

PoC for CVE-2026-23744

McpjamInspector🟣 EPSS 38%9.8CRITICAL
Remote Code Execution Vulnerability in MCPJam Inspector by MCP

MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...

PoC for CVE-2026-14716

NextlevelbuilderGoclaw5.3MEDIUM
Authorization Flaw in nextlevelbuilder GoClaw WebSocket RPC

A significant security flaw has been identified in the WebSocket RPC Handler of nextlevelbuilder's GoClaw, specifically in the MethodRouter.Handle function of router.go. This vulnerability allows for incorrect authorization, potentially enabling an attacker to manipulate access controls remotely....

Discovered 14 hours ago

PoC for CVE-2026-14714

ZhayujieChatgpt-on-wechat Cowa...6.9MEDIUM
Missing Authentication Vulnerability in zhayujie chatgpt-on-wechat ...

A vulnerability affecting zhayujie chatgpt-on-wechat CowAgent version 2.1.0 has been identified due to a missing authentication mechanism in the verify_server function of the wx Endpoint component. Manipulating the wechatmp_token argument allows unauthorized access, as the system fails to adequat...

PoC for CVE-2026-14713

SourcecodesterPizzafy E-commerce System6.9MEDIUM
SQL Injection Vulnerability in SourceCodester Pizzafy E-Commerce Sy...

A security flaw has been identified in the SourceCodester Pizzafy E-Commerce System version 1.0, specifically in the file /admin/ajax.php when processing the confirm_order action. This vulnerability enables remote attackers to manipulate the ID parameter, potentially leading to unauthorized SQL c...

PoC for CVE-2026-14706

Code-projectsOnline Examination5.3MEDIUM
SQL Injection Vulnerability in Online Examination System by Code-Pr...

A vulnerability exists in the Online Examination system developed by Code-Projects, specifically within the Quiz Creation feature located in the file /update.php?q=addquiz. Manipulation of the parameters such as name, total, right, wrong, time, tag, and desc can lead to unauthorized SQL injection...

PoC for CVE-2026-14705

Code-projectsOnline Examination6.9MEDIUM
SQL Injection Vulnerability in Code-Projects Online Examination System

A vulnerability has been identified in the Online Examination System developed by Code-Projects. This issue arises within the file head.php, where improper handling of user input through the uname/password parameters enables attackers to perform SQL injection attacks. This vulnerability can be ex...

Discovered 15 hours ago

PoC for CVE-2026-14704

Stephen-krugerBluebox5.3MEDIUM
Cross Site Scripting Vulnerability in Bluebox by Stephen Kruger

A vulnerability has been identified in the Bluebox application by Stephen Kruger, specifically affecting versions up to 4.5.12. This issue arises from an unrecognized functionality that allows attackers to manipulate argument code, leading to potential cross site scripting attacks. The exploit is...

PoC for CVE-2026-14703

ItsourcecodeHospital Management Sy...5.3MEDIUM
SQL Injection Vulnerability in itsourcecode Hospital Management System

A SQL injection vulnerability exists in the itsourcecode Hospital Management System, specifically within an unspecified function in the file '/patientorder.php'. By manipulating the 'editid' argument, an attacker can execute malicious SQL queries via a remote connection, which can potentially lea...

PoC for CVE-2026-14702

ZcaceresMarkdownify-mcp2LOW
Local Execution Vulnerability in zcaceres markdownify-mcp Product

A vulnerability exists in the zcaceres markdownify-mcp product, specifically within the saveToTempFile function found in the src/Markdownify.ts component. This flaw leads to insufficiently random values, enhancing the risk of local execution attacks. The complexity of exploiting this weakness is ...

PoC for CVE-2026-14701

Code-projectsInternship Management ...5.3MEDIUM
SQL Injection Vulnerability in Code-Projects Internship Management ...

A security vulnerability found in the Code-Projects Internship Management System allows for SQL injection through the password change functionality. Specifically, the issue lies in the 'employer/details/change_password.php' file, where improper handling of the 'Current' parameter can lead to unau...

Discovered 16 hours ago

PoC for CVE-2026-14700

Code-projectsInternship Management ...6.9MEDIUM
SQL Injection Vulnerability in Internship Management System by Code...

A security vulnerability has been found in the Internship Management System version 1.0, specifically within the employer login endpoint located in the file employer/login.php. This vulnerability arises from improper handling of user input for the email and password arguments, allowing for SQL in...

PoC for CVE-2026-14698

SourcecodesterSyllabus-aligned Learn...5.3MEDIUM
Unrestricted File Upload Vulnerability in SourceCodester Syllabus-A...

A recently discovered security flaw in SourceCodester's Syllabus-Aligned Learning Management and Examination System 1.0 allows for unrestricted file uploads via the upload_files.php script. This vulnerability can be exploited remotely, potentially enabling attackers to upload malicious files to t...

PoC for CVE-2026-14695

SourcecodesterMulti-vendor Online Gr...6.9MEDIUM
SQL Injection Vulnerability in SourceCodester Multi-Vendor Online G...

A SQL injection vulnerability exists in the SourceCodester Multi-Vendor Online Grocery Management System 1.0, specifically in the save_client function of the classes/Users.php file. This vulnerability allows an attacker to manipulate the 'Name' argument, enabling remote execution of SQL commands....