Publicly Disclosed
PoC Exploits
đź”´ Alway take caution when working with PoC Exploits đź”´
Discovered 2 hours ago
PoC for CVE-2026-7085
A vulnerability exists in the HBAI-Ltd Toonflow-app affecting the z.url functionality in the downloadApp endpoint, which can be exploited to achieve path traversal. This flaw allows an attacker to potentially manipulate the URL parameter exploited remotely. The complexity of this attack is high d...
Discovered 3 hours ago
PoC for CVE-2026-7084
A vulnerability was identified in HBAI-Ltd's Toonflow app, specifically in version 1.1.1. The issue resides in the getCodeByLink endpoint, where improper handling of input parameters allows an attacker to perform server-side request forgery (SSRF). This exploit can be executed remotely, posing si...
PoC for CVE-2026-7083
A SQL injection vulnerability exists in the Likeadmin-Likeshop platform, specifically within the queryResult function of the DataTableLists.php file. This flaw allows remote attackers to manipulate SQL queries, potentially compromising the database and access sensitive data. Despite being reporte...
PoC for CVE-2026-7082
A buffer overflow vulnerability exists in the Tenda F456 router, specifically within the 'formWrlExtraSet' function of the httpd component. By manipulating the argument 'Go', an attacker can exploit this flaw to execute arbitrary code remotely, potentially compromising the device's security. The ...
PoC for CVE-2024-51482
ZoneMinder, a popular open-source closed-circuit television software, has a vulnerability that exposes versions v1.37.* up to and including v1.37.64 to a boolean-based SQL injection attack through the web/ajax/event.php endpoint. This flaw can allow an attacker to manipulate SQL queries, potentia...
PoC for CVE-2026-7081
A buffer overflow vulnerability exists within the Tenda F456 router, specifically in the function fromGstDhcpSetSer of the httpd component. An attacker can exploit this weakness by manipulating the dips argument, allowing the execution of arbitrary code remotely. Given that the exploit details ar...
Discovered 4 hours ago
PoC for CVE-2026-7080
A security vulnerability has been identified in Tenda F456 version 1.0.0.5, specifically in the PPTPUserSetting function within the httpd component. An argument manipulation in the delno parameter can lead to a buffer overflow, which exposes the system to potential remote exploitation. This vulne...
PoC for CVE-2026-7079
A buffer overflow vulnerability has been discovered in the Tenda F456 router, specifically within the fromAdvSetWan function of the httpd component. This vulnerability arises from improper handling of the wanmode argument, allowing an attacker to manipulate the input and potentially execute arbit...
PoC for CVE-2026-7078
A security flaw has been identified in the Tenda F456 router, specifically in the function fromSetIpBind located in the /goform/SetIpBind component of the httpd service. This vulnerability stems from improper handling of the argument page, leading to a buffer overflow condition. Attackers can exp...
PoC for CVE-2026-7077
A vulnerability in the itsourcecode Courier Management System 1.0 has been discovered, specifically within an unidentified function in the edit_parcel.php file. This weakness allows for SQL injection through the manipulation of the 'ID' argument. The SQL injection can be executed remotely, thereb...
Discovered 5 hours ago
PoC for CVE-2026-41242
Protobuf.js, a library that compiles protocol buffer definitions into JavaScript functions, is susceptible to a vulnerability that enables attackers to inject arbitrary code via the 'type' fields in protobuf definitions. This injected code can be executed during the decoding of the corresponding ...
PoC for CVE-2026-7076
A vulnerability exists in the itsourcecode Courier Management System version 1.0, specifically within the /edit_branch.php file. This flaw enables attackers to execute SQL injection attacks by manipulating the ID argument. The potential for remote exploitation of this vulnerability raises serious...
PoC for CVE-2026-7075
A vulnerability exists in the itsourcecode Construction Management System version 1.0, specifically in the processing of the /locations.php file. This flaw allows an attacker to manipulate the 'address' argument, the response of which can result in SQL injection. The issue can be exploited remote...
PoC for CVE-2026-7074
A vulnerability exists in itsourcecode Construction Management System version 1.0, specifically in the /execute1.php file. This flaw allows remote attackers to manipulate the argument `code`, leading to SQL injection attacks. Malicious exploitation of this vulnerability could allow unauthorized a...
PoC for CVE-2026-7073
A security vulnerability has been identified in the itsourcecode Construction Management System version 1.0, which can be exploited to execute SQL injection attacks. This flaw resides in the execute.php file, where improper handling of an argument allows remote attackers to manipulate SQL queries...
Discovered 6 hours ago
PoC for CVE-2026-7072
A significant SQL injection vulnerability exists in the CodePanda Source Canteen Management System version 1.0. This flaw resides in the /api/login.php file, where improper handling of the 'Username' parameter allows attackers to manipulate SQL queries. This exploitation can be executed remotely,...
PoC for CVE-2026-7071
A vulnerability has been identified in the CodeAstro Online Job Portal 1.0 that allows unauthorized access to sensitive file and directory information through the manipulation of the /users/user-cvs/ functionality. This issue can be exploited remotely, potentially leading to significant privacy b...
PoC for CVE-2026-7070
A vulnerability has been discovered in the Login component of the Code-Projects Inventory Management System 1.0, where manipulation of the Username argument can enable an SQL injection attack. This flaw can be exploited remotely, allowing attackers to gain unauthorized access to the database. Giv...
Discovered 7 hours ago
PoC for CVE-2026-7068
A buffer overflow vulnerability exists in the D-Link DIR-825 router's NMBD_process function within the nmbd component of the sserver.c file. This issue can be exploited by attackers within the same local network. As the relevant exploit code is publicly available, the risk is heightened for produ...
PoC for CVE-2026-7067
A command injection vulnerability exists in the D-Link DIR-822 router, specifically within the udhcpd DHCP service's handling of the Hostname argument in the dhcpd.c file. An attacker could exploit this vulnerability remotely, allowing execution of arbitrary commands on the affected device. This ...
PoC for CVE-2026-7066
A security vulnerability has been identified in Simple OpenStack MCP, specifically within the exec_openstack function in server.py. This flaw allows for remote OS command injection, enabling malicious actors to execute arbitrary commands on the server. Despite being reported to the maintainers, t...
PoC for CVE-2026-7065
The BidingCC BuildingAI application up to version 26.0.1 contains a security flaw in the Remote Upload API, specifically within the uploadRemoteFile function. A manipulation of the URL argument can lead to server-side request forgery, enabling attackers to remotely initiate malicious requests. Th...
Discovered 8 hours ago
PoC for CVE-2026-7064
A security flaw has been identified in the AgentDeskAI browser-tools-mcp, specifically within the file browser-tools-server/browser-connector.ts. This vulnerability allows for remote attackers to perform OS command injections through crafted manipulations. As the exploit has already been publishe...
PoC for CVE-2026-7063
A SQL injection vulnerability exists in the Employee Management System 1.0 by Code-Projects, specifically in the 'eprocess.php' file located in the /370project/process/ directory. By manipulating the 'pwd' argument, attackers can execute remote SQL injection attacks, allowing unauthorized access ...
PoC for CVE-2026-7062
A security vulnerability exists in the Intina47 context-sync product, specifically within the Git Integration component. This vulnerability is located in the src/git-integration.ts file and allows for os command injection, which can be remotely executed by an attacker. Such manipulation could pot...
PoC for CVE-2026-7061
A significant vulnerability has been detected in the Toowiredd chatgpt-mcp-server, specifically within the MCP/HTTP component and its docker.service.ts file. This issue permits an OS command injection, allowing attackers to execute arbitrary commands on the server. The exploit is publicly accessi...
Discovered 10 hours ago
PoC for CVE-2026-7060
A vulnerability exists in the liyupi yu-picture application that allows for SQL injection attacks via the PageRequest function within the PictureServiceImpl.java file. This issue arises from improper handling of the sortField argument, permitting attackers to manipulate SQL queries remotely. The ...
PoC for CVE-2026-7059
A path traversal vulnerability exists in 666ghj MiroFish versions up to 0.1.2, specifically in the get_simulation_posts function located in backend/app/api/simulation.py. This flaw allows an attacker to manipulate the Platform argument, leading to unauthorized access to restricted directories and...
Discovered 11 hours ago
PoC for CVE-2026-7058
A security vulnerability has been identified in the command handling function of 666ghj MiroFish's Inter-Process Communication module. The flaw resides in the SimulationIPCClient.send_command method within the simulation_ipc.py file. This vulnerability allows attackers to execute arbitrary comman...
Discovered 12 hours ago
PoC for CVE-2026-7057
A vulnerability has been identified in the Tenda F456 router firmware version 1.0.0.5, which resides within a specific function of the httpd component. By manipulating the parameters 'funcname' and 'funcpara1', an attacker can trigger a buffer overflow remotely. This vulnerability poses a signifi...
PoC for CVE-2026-7056
A vulnerable function, fromSafeUrlFilter, within the Tenda F456's httpd component exposes the product to buffer overflow attacks. By manipulating the 'page' argument of the /goform/SafeUrlFilter endpoint, attackers can exploit this vulnerability remotely, leading to potential unauthorized access ...
PoC for CVE-2026-7055
A security vulnerability has been identified in the Tenda F456 router, specifically in the handling of the 'fromVirtualSer' function within the httpd service. This vulnerability arises due to improper manipulation of the 'menufacturer/Go' argument, which can lead to a buffer overflow condition. E...
Discovered 14 hours ago
PoC for CVE-2026-7054
A vulnerability has been discovered in the Tenda F456 1.0.0.5 model, specifically in the PPTPDClient component's fromPptpUserAdd function, located in the /goform/PPTPDClient file. This weakness allows for a buffer overflow due to improper handling of the opttype and username arguments. An attacke...
PoC for CVE-2026-7053
A critical security flaw exists in the Tenda F456 router, specifically in the function frmL7ProtForm of the httpd component located at /goform/L7Prot. This vulnerability allows remote attackers to exploit a buffer overflow by manipulating the 'page' argument. Such exploitation can lead to unautho...
Discovered 17 hours ago
PoC for CVE-2026-7044
A vulnerability exists in versions of GreenCMS up to 2.3 that allows attackers to exploit the 'themeadd' function via the /index.php?m=admin&c=custom&a=themeadd endpoint. This flaw permits unrestricted file uploads, enabling remote attackers to upload malicious files without proper authorization....
PoC for CVE-2018-25297
Wansview Camera Software version 1.0.2 contains a buffer overflow flaw that could be exploited by local attackers. By providing excessively large input strings, such as 2000-byte payloads in the Camera name and DID number fields during the camera setup process, an attacker can trigger application...
PoC for CVE-2018-25296
The P10 Central Management Software version 1.4.13 is vulnerable to a buffer overflow in the login password field. This flaw allows local attackers to execute a Denial of Service (DoS) attack by submitting an excessively large input string, specifically a 2000-byte payload. When the payload is in...
PoC for CVE-2018-25295
The ObserverIP Scan Tool version 1.4.0.1 is prone to a denial of service vulnerability that allows local attackers to crash the application. By inputting an excessively long string into the IP input field—specifically a 2000-byte buffer of repeated characters—attackers can trigger a search operat...
PoC for CVE-2018-25294
A buffer overflow vulnerability exists in CEWE Photoshow version 6.3.4, specifically within the login dialog. This flaw allows an attacker to submit oversized input by injecting 4000 bytes of data into the email address and password fields. The result is a denial of service condition, potentially...
PoC for CVE-2018-25293
Prime95 version 29.4b7 has a critical buffer overflow vulnerability in the PrimeNet connection dialog. This flaw allows local attackers to crash the application by supplying an excessively long string (up to 6000 bytes) in the optional proxy password field. Upon entering such a payload, the appli...
PoC for CVE-2018-25292
Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting an excessively long string into the Name field. By supplying a crafted payload exceeding 4000 bytes, an attacker can trigger an application crash, leading to a denial of...
PoC for CVE-2018-25291
Project64 version 2.3.2 is susceptible to a buffer overflow vulnerability located in the Plugin Directory settings field. Local attackers can exploit this weakness by entering a string as long as 6000 bytes into the Plugin Directory field via the Options > Settings > Directories interface. This c...
PoC for CVE-2018-25290
Easyboot 6.6.0 is susceptible to a buffer overflow vulnerability within its Replace Text function. This issue enables local attackers to induce a denial-of-service condition by submitting an oversized string, specifically a 7000-byte payload, into the text fields after navigating to File > Tools ...
PoC for CVE-2018-25289
Softdisk 3.0.3 has a vulnerability in the registration code dialog that allows local attackers to exploit a buffer overflow by entering an oversized string. By inputting a 6000-byte payload in the Registration Name field via the Help menu's Enter Registration Code dialog, attackers can trigger a ...
PoC for CVE-2018-25288
StyleWriter 1.0 has a vulnerability that allows local attackers to exploit a buffer overflow by supplying an excessively long string. This vulnerability can trigger a denial of service condition, causing the application to crash. Attackers can achieve this by inserting a payload of up to 6000 byt...
PoC for CVE-2018-25287
Drive Power Manager 1.10 has a vulnerability in its handling of input which can be exploited via a buffer overflow. Attackers can input an excessively long string into the Name field—up to 6000 bytes—which could lead to a denial of service by crashing the application when the Register action is t...
PoC for CVE-2018-25286
The Easy PhotoResQ version 1.0 is vulnerable to a buffer overflow that can be exploited by local attackers. By entering a significantly long string—specifically a 6000-byte payload—in the Folder/filename field through the File Options dialog, attackers can trigger a denial of service condition, c...
PoC for CVE-2018-25285
Fathom 2.4 is susceptible to a buffer overflow vulnerability in the Authorization Code field, which can be exploited by local attackers. By submitting an oversized input string of up to 6000 bytes, attackers can initiate a denial of service condition that crashes the application. This vulnerabili...
PoC for CVE-2018-25284
HD Tune Pro 5.70 has a buffer overflow vulnerability that can be exploited by local attackers. By entering an excessively long string (up to 6000 bytes) in the folder/file name input field within the File > Options > Save dialog, an attacker can cause the application to crash, resulting in a deni...
PoC for CVE-2018-25282
Nmap 7.70 presents a vulnerability that enables local attackers to exploit the application by processing crafted XML files. This involves the use of nested entity definitions that, when opened through ZenMap's scan import feature, lead to excessive resource consumption and ultimately crash the pr...