Publicly Disclosed
PoC Exploits
🔴 Alway take caution when working with PoC Exploits 🔴
Discovered just now...
PoC for CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default config...
Discovered 3 hours ago
PoC for CVE-2025-64446
A relative path traversal vulnerability exists in Fortinet FortiWeb products versions 8.0.0 to 8.0.1, 7.6.0 to 7.6.4, 7.4.0 to 7.4.9, 7.2.0 to 7.2.11, and 7.0.0 to 7.0.11. This vulnerability allows an attacker to potentially execute unauthorized administrative commands on the system by sending sp...
PoC for CVE-2026-4558
A significant vulnerability has been identified in the Linksys MR9600 firmware version 2.0.6.206937. A flaw in the 'smartConnectConfigure' function located in the SmartConnect.lua file allows for OS command injection through manipulation of specific arguments such as configApSsid, configApPassphr...
PoC for CVE-2026-4557
A cross site scripting vulnerability has been identified in the Exam Form Submission product by Code-Projects, specifically within the updating function located in /admin/update_s1.php. By manipulating the 'sname' argument, an attacker can inject malicious scripts into web pages viewed by other u...
Discovered 4 hours ago
PoC for CVE-2026-4555
A vulnerability has been identified in the D-Link DIR-513 router, specifically within the formEasySetTimezone function in the boa component. This issue can lead to a stack-based buffer overflow when the curTime argument is manipulated. Attackers can exploit this vulnerability remotely, potentiall...
PoC for CVE-2026-4554
A security flaw has been identified in the Tenda F453 router, specifically in the FormWriteFacMac function located within the /goform/WriteFacMac file. This vulnerability allows for command injection through manipulation of the mac argument, enabling an attacker to execute unauthorized commands r...
PoC for CVE-2014-0160
The vulnerability in the TLS and DTLS implementations of OpenSSL versions prior to 1.0.1g allows remote attackers to exploit crafted Heartbeat Extension packets. This exploitation results in a buffer over-read, potentially revealing sensitive information from the memory of the affected process. A...
Discovered 5 hours ago
PoC for CVE-2026-4553
A stack-based buffer overflow vulnerability has been identified in the Tenda F453 device, specifically in the Parameters Handler within the function fromNatlimit. The vulnerability arises due to improper handling of argument manipulation for the 'page' parameter in the /goform/Natlimit file. An a...
Discovered 6 hours ago
PoC for CVE-2026-4552
A stack-based buffer overflow vulnerability exists in the Tenda F453 router version 1.0.0.3, specifically within the fromVirtualSer function in the Parameters Handler. By manipulating the 'page' argument of the /goform/VirtualSer file, an attacker can exploit this vulnerability remotely, potentia...
PoC for CVE-2026-4551
A vulnerability in the Tenda F453 device allows for a stack-based buffer overflow due to improper handling of user-supplied input in the fromSafeClientFilter function of the Parameters Handler component. This issue can be exploited remotely, potentially allowing attackers to manipulate the menufa...
Discovered 7 hours ago
PoC for CVE-2026-4550
An SQL injection vulnerability exists in the Simple Gym Management System's func.php file, specifically through unsanitized data passed via the Trainer_id or fname parameters. This flaw allows attackers to execute arbitrary SQL queries, potentially leading to unauthorized data access or modificat...
PoC for CVE-2019-25619
FTP Shell Server version 6.83 is vulnerable to a buffer overflow attack in the 'Account name to ban' field. This flaw enables local attackers to execute arbitrary code on the system by supplying a crafted string within the Manage FTP Accounts dialog. By manipulating the account name parameter, at...
PoC for CVE-2019-25618
AdminExpress 1.2.5 is susceptible to a denial of service vulnerability that enables local attackers to crash the application. By submitting oversized input in the Folder Path field within the System Compare feature, attackers can trigger unresponsiveness or a full crash of the application, render...
PoC for CVE-2019-25617
The Ease Audio Converter version 5.30 is vulnerable to a denial of service attack through its Audio Cutter function. This vulnerability allows local attackers to exploit the application by processing specially crafted MP4 files that contain oversized buffers. When these malformed files are loaded...
PoC for CVE-2019-25616
AnMing MP3 CD Burner version 2.0 is susceptible to a buffer overflow vulnerability that can be exploited by local attackers. By inputting a specially crafted oversized string (up to 6000 bytes) into the registration name field, an attacker can trigger a denial of service condition, effectively cr...
PoC for CVE-2019-25615
Lavavo CD Ripper 4.20 has a structured exception handling (SEH) buffer overflow vulnerability that can be exploited by local attackers to execute arbitrary code. By providing a specially crafted string in the License Activation Name field, an attacker can manipulate the application's memory and c...
PoC for CVE-2019-25614
Free Float FTP 1.0 has a critical buffer overflow vulnerability in its STOR command handler. This flaw allows an unauthenticated attacker to execute arbitrary code on the FTP server. By sending a specially crafted STOR request with an oversized payload, attackers can manipulate the server into ex...
PoC for CVE-2019-25613
The Easy Chat Server version 3.1 is susceptible to a denial of service attack, which allows remote attackers to crash the server. By sending an excessively large message through the message parameter in a POST request to the chat.ghp endpoint, attackers can disrupt the normal functioning of the a...
PoC for CVE-2019-25612
The version 1.2.5.485 of Admin Express, developed by Softonic, is susceptible to a local structured exception handling buffer overflow vulnerability. This flaw allows an attacker with local access to craft a payload that, when injected into the Folder Path field through the System Compare feature...
PoC for CVE-2019-25611
MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function, which allows local attackers to execute arbitrary code. This occurs when oversized configuration values are provided, specifically exceeding 128 bytes. Attackers can craft a malicious miniftpd.conf file to ov...
PoC for CVE-2019-25610
The NetNumber Titan Master 7.9.1 is vulnerable to a path traversal issue in the drp endpoint. This flaw permits authenticated users to exploit directory traversal sequences, enabling them to download arbitrary files from the server. By manipulating the path parameter using base64-encoded payloads...
PoC for CVE-2019-25609
The JetAudio JetCast Server 2.0 contains a vulnerability in the Log Directory configuration field that leads to a stack-based buffer overflow. Local attackers can exploit this weakness by injecting specially crafted alphanumeric encoded shellcode into the Log Directory field. This manipulation al...
PoC for CVE-2019-25608
Iperius Backup 6.1.0 is susceptible to a vulnerability that permits low-privilege users to execute arbitrary applications with elevated permissions. This is achieved by crafting backup jobs that can trigger the execution of malicious scripts or programs, either before or after backup processes. T...
PoC for CVE-2019-25607
Axessh version 4.2 suffers from a stack-based buffer overflow vulnerability in the log file name field. Local attackers can exploit this vulnerability by providing an excessively long filename, which leads to buffer overflow at an offset of 214 bytes. This allows them to overwrite the instruction...
PoC for CVE-2019-25607
Axessh version 4.2 suffers from a stack-based buffer overflow vulnerability in the log file name field. Local attackers can exploit this vulnerability by providing an excessively long filename, which leads to buffer overflow at an offset of 214 bytes. This allows them to overwrite the instruction...
PoC for CVE-2019-25606
Fast AVI MPEG Joiner version 1.2.0812 is susceptible to a buffer overflow vulnerability that permits local attackers to crash the application. By injecting an oversized payload, specifically a text file with 6000 bytes of data into the License Name field, an attacker can trigger a denial of servi...
PoC for CVE-2019-25607
Axessh version 4.2 suffers from a stack-based buffer overflow vulnerability in the log file name field. Local attackers can exploit this vulnerability by providing an excessively long filename, which leads to buffer overflow at an offset of 214 bytes. This allows them to overwrite the instruction...
PoC for CVE-2019-25605
EquityPandit version 1.0 is susceptible to an insecure logging vulnerability that permits malicious actors to retrieve sensitive user credentials. By exploiting the Android Debug Bridge (ADB), attackers can gain access to developer console logs where plaintext passwords are recorded during the pa...
PoC for CVE-2019-25603
TuneClone 2.20 is susceptible to a structured exception handler (SEH) buffer overflow vulnerability. Local attackers can exploit this weakness by providing a specially crafted license code string, which allows for arbitrary code execution. By manipulating the buffer and redirecting execution flow...
PoC for CVE-2019-25604
DVDXPlayer Pro 5.5 is susceptible to a local buffer overflow vulnerability that can be exploited by attackers to execute arbitrary code. By crafting malicious playlist files, specifically .plf files containing carefully designed shellcode and NOP sleds, attackers can overflow a buffer and manipul...
PoC for CVE-2019-25602
The GSearch application version 1.0.1.0 suffers from a denial of service vulnerability that can be exploited by local attackers. By entering an excessively long string (up to 2000 characters) in the search bar, the attacker can trigger a crash of the application. This vulnerability arises from im...
PoC for CVE-2019-25601
UltraVNC Launcher version 1.2.2.4 has a buffer overflow vulnerability in the Path vncviewer.exe property field. This flaw can be exploited by local attackers who provide an excessively long string, leading to a denial of service condition. Specifically, a 300-byte payload of repeated characters c...
PoC for CVE-2019-25600
UltraVNC Viewer version 1.2.2.4 is vulnerable to a denial of service attack, which occurs when an attacker inputs an oversized string of characters into the VNC Server input field. Specifically, by pasting a malicious string composed of 256 identical characters and then clicking 'Connect', the ap...
PoC for CVE-2019-25598
HeidiSQL Portable version 10.1.0.5464 contains a vulnerability that allows a local attacker to cause a denial of service by entering an excessively long string in the password field during login attempts to Microsoft SQL Server. When a buffer overflow payload is inserted, it results in an applica...
PoC for CVE-2019-25599
The Backup Key Recovery 2.2.4 application contains a denial of service vulnerability that can be exploited by local attackers. By entering an excessively long string (300 characters or more) in the Name field during the registration process, attackers can trigger a crash of the application upon f...
PoC for CVE-2019-25597
NSauditor version 3.1.2.0 is affected by a buffer overflow vulnerability in the SNMP Auditor Community field, which allows attackers to crash the application. By inputting an excessively long string into the Community field and invoking the Walk function, local attackers can initiate a denial of ...
PoC for CVE-2019-25596
SpotAuditor 5.2.6 is vulnerable to a denial of service attack due to improper handling of input in the registration dialog. By inputting a excessively long string in the Name field, such as a buffer containing 300 repeated characters, a local attacker can cause the application to crash, disruptin...
PoC for CVE-2019-25595
The jetAudio Basic application is susceptible to a denial of service condition triggered by the URL input handler. An attacker can exploit this vulnerability by entering an excessively long string—specifically, a buffer of 5000 characters—into the Open URL dialog. This action causes the applicati...
PoC for CVE-2019-25594
ASPRunner.NET 10.1 contains a vulnerability that allows local attackers to cause a denial of service by submitting excessively long strings in the table name field during database creation. By sending a buffer of 10,000 characters, attackers can reliably crash the application, leading to potentia...
PoC for CVE-2019-25593
jetCast Server 2.0 is susceptible to a denial of service vulnerability that permits local attackers to crash the application. By inputting an excessively long string of 5000 characters into the Log directory configuration field, an attacker can initiate a server crash by clicking the Start button...
PoC for CVE-2019-25592
PHPRunner 10.1 is susceptible to a denial of service vulnerability that enables local attackers to crash the application by entering an excessively long string in the dashboard name field. Specifically, attackers can exploit this weakness by inputting a buffer of up to 10,000 characters during da...
PoC for CVE-2019-25591
The DNSS Domain Name Search Software version 2.1.8 is susceptible to a buffer overflow flaw in its registration code input field. This vulnerability enables local attackers to exploit the application by submitting an excessively long string, leading to a denial of service. By inserting a registra...
Discovered 8 hours ago
PoC for CVE-2026-4115
A significant vulnerability has been identified in PuTTY 0.83, specifically within the eddsa_verify function of the Ed25519 Signature Handler. This flaw leads to improper verification of cryptographic signatures, allowing potential remote manipulation. Although the exploit has a high complexity l...
Discovered 11 hours ago
PoC for CVE-2026-4544
A vulnerability exists in the Wavlink WL-WN578W2 device, specifically within the POST Request Handler component located at /cgi-bin/login.cgi. This issue arises from improper handling of user input in the homepage/hostname/login_page arguments. An attacker can exploit this flaw to execute cross s...
PoC for CVE-2026-4543
A command injection vulnerability exists in the Wavlink WL-WN578W2 router affecting the POST Request Handler located in the /cgi-bin/firewall.cgi file. This vulnerability allows unauthorized remote attackers to manipulate the dmz_flag/del_flag arguments, potentially compromising the device's inte...
Discovered 12 hours ago
PoC for CVE-2026-4542
A path traversal vulnerability has been identified in SSCMS version 4.7.0. This issue occurs in the file LayerImageController.Submit.cs, where improper handling of the 'filePaths' argument allows potential attackers to exploit the layerImage Endpoint from a remote location. If successfully exploi...
PoC for CVE-2026-4541
A vulnerability has been identified in the Ed25519 Signature Handler of tinyssh, which allows for improper verification of cryptographic signatures. This flaw impacts local execution and could enable an attacker to manipulate signatures, posing security risks. Difficulty in exploitation adds comp...
Discovered 13 hours ago
PoC for CVE-2026-4540
A SQL injection vulnerability exists in the projectworlds Online Notes Sharing System 1.0, specifically within the processing of the /login.php file in the Parameters Handler component. Attackers can manipulate the 'Benutzer' argument to execute arbitrary SQL commands remotely. This critical issu...
PoC for CVE-2026-23744
MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...
Discovered 15 hours ago
PoC for CVE-2026-4539
A security flaw exists in the Pygments library, specifically within the AdlLexer function found in pygments/lexers/archetype.py. This vulnerability leads to inefficient regular expression processing, potentially allowing a local attacker to execute denial of service attacks. Although the issue wa...