Publicly Disclosed
PoC Exploits

🔴 Alway take caution when working with PoC Exploits 🔴

Discovered just now...

PoC for CVE-2023-43364

ArjunshardaSearchor9.8CRITICAL
Arbitrary Code Execution Vulnerability in Searchor by ArjunSharda

The Searchor application, developed by ArjunSharda, contains a flaw in its command-line interface input processing. Prior to version 2.4.2, the application utilizes the 'eval' function on user-provided input without sufficient validation. This oversight can lead to arbitrary code execution, enabl...

PoC for CVE-2026-46331

LinuxLinux7.8HIGH
Page Cache Corruption Vulnerability in Linux Kernel - Vendor: Linux

An issue exists in the Linux Kernel where improper handling of copy-on-write (COW) operations can lead to page cache corruption. This is due to the tcf_pedit_act() function, which computes the COW range without considering runtime header offsets added by typed keys. As a result, portions of the w...

PoC for CVE-2026-56782

Gorse-ioGorse9.3CRITICAL
Authentication Bypass in Gorse API for Database Management

Gorse versions before 0.5.10 are susceptible to an authentication bypass vulnerability affecting the /api/dump and /api/restore endpoints. This security flaw enables remote attackers to gain unauthorized access to sensitive database functionalities when the admin_api_key is left empty, which is t...

PoC for CVE-2026-48907

Joomlacontentedit...Joomla Content Editor ...🟣 EPSS 80%10CRITICAL
JCE Editor Extension for Joomla Vulnerability Allows Unauthenticate...

A flaw in the JCE editor extension for Joomla permits unauthorized users to create new editor profiles. This malicious capability exposes the site to risks, including the ability to upload PHP code and execute it, potentially leading to a full compromise of the website security. Site administrato...

PoC for CVE-2026-53753

UnclecodeCrawl4ai9.8CRITICAL
Open-source LLM Friendly Web Crawler Vulnerability in Crawl4AI

Crawl4AI, an open-source LLM-friendly web crawler, prior to version 0.8.7, contains a critical vulnerability in its computed fields feature. The _safe_eval_expression() function employs an AST validator that inadequately restricts attribute access, allowing attributes without an underscore prefix...

PoC for CVE-2023-4911

🟣 EPSS 81%7.8HIGH
Buffer Overflow in GNU C Library's Dynamic Loader ld.so Could Allow...

The first article discusses two different critical vulnerabilities in the GNU C Library (glibc) that allow unprivileged attackers to gain root access on multiple major Linux distributions. The vulnerabilities are tracked as CVE-2023-4911 and CVE-2023-6246 and both can lead to local privilege esca...

Discovered 5 hours ago

PoC for CVE-2026-43503

LinuxLinux8.8HIGH
Linux Kernel Shared Fragment Handler Vulnerability in Networking Stack

A vulnerability has been identified in the Linux kernel's handling of shared fragment markers within the networking stack. Specifically, two functions responsible for fragment transfers fail to correctly propagate fragment flags when moving data between source and destination sockets. This oversi...

Discovered 8 hours ago

PoC for CVE-2024-24824

Graylog2Graylog2-server🟣 EPSS 34%8.8HIGH
Arbitrary Class Loading Vulnerability in Graylog's Cluster Config S...

Graylog, a widely used open-source log management platform, is susceptible to a vulnerability that enables the loading and instantiation of arbitrary classes. This issue arises from the handling of HTTP PUT requests to the `/api/system/cluster_config/` endpoint, where the system permits the submi...

Discovered 9 hours ago

PoC for CVE-2026-55200

Libssh2Libssh29.2CRITICAL
Out-of-Bounds Write Vulnerability in libssh2 Affects Remote Code Ex...

libssh2 contains an out-of-bounds write vulnerability in the ssh2_transport_read() function that fails to impose proper limits on the packet_length field. This flaw allows remote attackers to exploit the vulnerability by sending specially crafted SSH packets with excessively large packet_length v...

Discovered 11 hours ago

PoC for CVE-2026-22226

Tp-link Systems Inc.Archer Be230 V1.28.5HIGH
Command Injection Vulnerability in TP-Link Archer BE230 Router

A command injection vulnerability exists in the VPN server configuration module of the TP-Link Archer BE230 v1.2, which can be exploited after administrative authentication. This flaw allows an attacker to execute arbitrary commands, potentially granting full administrative control over the route...

Discovered 13 hours ago

PoC for CVE-2026-13592

Liftoff-srCipster6.9MEDIUM
Out-of-Bounds Write Vulnerability in EtherNet IP Message Handler of...

A security flaw exists in the bufwriter append function of the EtherNet IP Message Handler within liftoff-sr CIPster, allowing for potential out-of-bounds write operations. This vulnerability could be exploited remotely, posing significant risks to application integrity and security. Users are st...

PoC for CVE-2026-13591

DeepmystMysti2.3LOW
Improper Authorization in DeepMyst Mysti 0.4.0 Affects Contact Trac...

A vulnerability has been discovered in DeepMyst Mysti 0.4.0, specifically within the Contact Tracking component's _isTrackedConversation function found in src/managers/ChannelBridge.ts. This flaw occurs due to improper handling of the _channelType argument, allowing unauthorized access. The vulne...

PoC for CVE-2026-13590

SeladbPcapplusplus6.3MEDIUM
Heap-based Buffer Overflow in PcapPlusPlus by Seladb

A security flaw has been identified in PcapPlusPlus version 25.05, specifically in the Modbus Protocol Handler's function pcpp::ModbusLayer::getLength. This vulnerability results from improper handling of the length argument, which can lead to a heap-based buffer overflow. Attackers may exploit t...

PoC for CVE-2026-13589

SeladbPcapplusplus6.3MEDIUM
Heap-based Buffer Overflow in seladb PcapPlusPlus Telnet Subnegotia...

A vulnerability in the seladb PcapPlusPlus library affects the Telnet subnegotiation packet handler. Specifically, the issue lies within the function pcpp::TelnetLayer::getSubCommand in the source file Packet++/src/TelnetLayer.cpp. A remote attacker can exploit this vulnerability through manipula...

Discovered 14 hours ago

PoC for CVE-2026-48907

Joomlacontentedit...Joomla Content Editor ...🟣 EPSS 80%10CRITICAL
JCE Editor Extension for Joomla Vulnerability Allows Unauthenticate...

A flaw in the JCE editor extension for Joomla permits unauthorized users to create new editor profiles. This malicious capability exposes the site to risks, including the ability to upload PHP code and execute it, potentially leading to a full compromise of the website security. Site administrato...

PoC for CVE-2026-13588

SeladbPcapplusplus6.3MEDIUM
Heap-based Buffer Overflow in seladb PcapPlusPlus TLS Hello Handler

A vulnerability has been identified in seladb PcapPlusPlus version 25.05, specifically within the TLS Hello Handler. The issue lies in the function pcpp::SSLClientHelloMessage::getHandshakeVersion located in the file Packet++/src/SSLHandshake.cpp. Manipulating the handshakeVersion argument can re...

PoC for CVE-2026-13587

SeladbPcapplusplus6.3MEDIUM
Heap-Based Buffer Overflow in PcapPlusPlus from Seladb

A vulnerability has been detected in PcapPlusPlus version 25.05 specifically within the LightPcapNg Parser. The issue arises in the 'parse_by_block_type' function located in the file 'light_pcapng.c'. An attacker can exploit this vulnerability by manipulating the 'captured_packet_length' argument...

PoC for CVE-2026-13583

EdimaxEw-7478apc8.7HIGH
Buffer Overflow Vulnerability in Edimax EW-7478APC Product

A remote vulnerability exists in the Edimax EW-7478APC 1.04 related to the processing of the formUSBFolder function within the POST Request Handler. The vulnerability arises from improper handling of the ShareName/SelectName parameters, leading to potential buffer overflow conditions. This issue ...

PoC for CVE-2026-13582

EdimaxEw-7478apc8.7HIGH
Buffer Overflow Vulnerability in Edimax EW-7478APC

A buffer overflow vulnerability exists in Edimax EW-7478APC version 1.04 due to improper handling of arguments in the formUSBAccount function of the POST Request Handler component. By manipulating the UserName and Password fields, an attacker can potentially exploit this flaw remotely, leading to...

Discovered 15 hours ago

PoC for CVE-2026-13581

EdimaxEw-7478apc5.3MEDIUM
OS Command Injection Vulnerability in Edimax EW-7478APC

A vulnerability exists in the Edimax EW-7478APC 1.04 that allows for OS command injection through the formStaDrvSetup function in the POST Request Handler. An attacker can manipulate the rootAPmac argument to execute arbitrary commands on the system remotely. This exploit is publicly accessible, ...

PoC for CVE-2026-13580

EdimaxEw-7478apc8.7HIGH
Buffer Overflow Vulnerability in Edimax EW-7478APC

A security vulnerability has been identified in the Edimax EW-7478APC version 1.04 that allows for a buffer overflow during the execution of the formQoS function within the POST Request Handler. This vulnerability arises from insecure handling of the selSSID argument, which can result in remote e...

PoC for CVE-2026-13579

ItsourcecodeHospital Management Sy...5.3MEDIUM
SQL Injection Vulnerability in itsourcecode Hospital Management System

A vulnerability has been detected in the itsourcecode Hospital Management System version 1.0, specifically in the functionality associated with the file /patientchangepassword.php. This issue arises from improper handling of the input parameter newpassword, making it susceptible to SQL injection ...

PoC for CVE-2026-13578

ItsourcecodeHospital Management Sy...5.3MEDIUM
SQL Injection Vulnerability in itsourcecode Hospital Management System

A security flaw has been identified in the itsourcecode Hospital Management System version 1.0, specifically in the /patientdetail.php file. This vulnerability arises from an exploitable argument manipulation of 'editid', which allows for SQL injection attacks. Attackers can execute this attack r...

Discovered 16 hours ago

PoC for CVE-2026-13574

LlvmLlvm-project4.8MEDIUM
Heap-Based Buffer Overflow in LLVM Project's Bitcode File Handler

A vulnerability exists in the LLVM llvm-project affecting the Bitcode File Handler, specifically within the GCRelocateInst::getBasePtr function. This issue allows for heap-based buffer overflow, potentially enabling local attackers to exploit the flaw. Despite early reports of the issue to the pr...

PoC for CVE-2026-13573

LlvmLlvm-project4.8MEDIUM
Stack-Based Buffer Overflow in LLVM Project's ValueSymbolTable Module

A vulnerability has been identified in the LLVM project's ValueSymbolTable module, specifically within the llvm::StringMap::insert function in /lib/IR/ValueSymbolTable.cpp. This vulnerability allows for a stack-based buffer overflow, which may lead to exploit scenarios if an attacker can execute ...

PoC for CVE-2026-13572

ItsourcecodeHospital Management Sy...5.3MEDIUM
SQL Injection Vulnerability in itsourcecode Hospital Management System

A vulnerability exists in version 1.0 of the itsourcecode Hospital Management System related to an unknown function within the /insertbillingrecord.php file. This flaw allows an attacker to manipulate the patientid parameter, leading to SQL injection attacks. The vulnerability is remotely exploit...

PoC for CVE-2026-43503

LinuxLinux8.8HIGH
Linux Kernel Shared Fragment Handler Vulnerability in Networking Stack

A vulnerability has been identified in the Linux kernel's handling of shared fragment markers within the networking stack. Specifically, two functions responsible for fragment transfers fail to correctly propagate fragment flags when moving data between source and destination sockets. This oversi...

PoC for CVE-2026-13571

SourcecodesterSimple Food Ordering S...6.9MEDIUM
Business Logic Errors in SourceCodester Simple Food Ordering System

A vulnerability exists within the SourceCodester Simple Food Ordering System 1.0, specifically in the /cart.php file. A flaw in an undocumented function allows attackers to manipulate the argument item_price, potentially leading to significant business logic errors. This vulnerability can be expl...

Discovered 17 hours ago

PoC for CVE-2026-13569

Weng-xianhuEyoucms5.1MEDIUM
SQL Injection Vulnerability in weng-xianhu EyouCMS by Weng-Xianhu

A security flaw has been identified in the weng-xianhu EyouCMS, specifically in versions up to 1.7.1. The vulnerability resides in the /index.php file associated with the API component, where improper handling of the 'click_like' argument can lead to SQL injection attacks. This vulnerability allo...

PoC for CVE-2026-40521

FrontaccountingFrontaccounting8.7HIGH
Path Traversal Vulnerability in FrontAccounting by FrontAccounting

FrontAccounting versions before 2.4.20 are susceptible to a path traversal vulnerability present in the attachment upload handler. This vulnerability enables authenticated attackers to manipulate the unique_name parameter, allowing the inclusion of malicious path traversal sequences like '../../....

PoC for CVE-2026-13567

Code-projectsOnline Music Site5.3MEDIUM
Cross Site Scripting Vulnerability in Code-Projects Online Music Si...

A security vulnerability has been identified in code-projects Online Music Site version 1.0, specifically within the POST Request Handler located in the /Frontend/Feedback.php file. This flaw allows for cross-site scripting (XSS) through manipulated arguments such as fname, femail, faddress, and ...

PoC for CVE-2026-40522

FrontaccountingFrontaccounting7.1HIGH
SQL Injection Vulnerability in FrontAccounting Product by FrontAcco...

An SQL injection vulnerability exists in FrontAccounting, specifically in versions prior to 2.4.20, affecting the Bank Statement report handler. This vulnerability allows authenticated attackers to exploit the PARAM_0 POST parameter by injecting malicious SQL commands. By leveraging this flaw, at...

PoC for CVE-2026-40523

FrontaccountingFrontaccounting7.2HIGH
SQL Injection Vulnerability in FrontAccounting by FrontAccounting

A notable SQL injection issue exists in FrontAccounting prior to version 2.4.20, specifically within the Audit Trail report handler. This vulnerability can be exploited by authenticated users holding the SA_GLANALYTIC permission. By injecting malicious SQL queries through the PARAM_2 and PARAM_3 ...

PoC for CVE-2026-40524

FrontaccountingFrontaccounting7.2HIGH
SQL Injection Vulnerability in FrontAccounting Software by EASYPAY

FrontAccounting prior to version 2.4.20 contains an SQL injection vulnerability in the get_gl_transactions() function. This issue arises because the filter_type parameter is concatenated directly into a SQL IN() clause without proper parameterization. Malicious actors with SA_GLANALYTIC permissio...

Discovered 18 hours ago

PoC for CVE-2026-13566

SourcecodesterClass And Exam Timetab...6.9MEDIUM
SQL Injection Vulnerability in SourceCodester Class and Exam Timeta...

A vulnerability in the SourceCodester Class and Exam Timetabling System version 1.0 permits SQL injection through the /preview3.php file. The issue arises when the argument 'course_year_section' is manipulated by attackers, allowing the potential for unauthorized database access. This exploit can...

PoC for CVE-2026-13565

SourcecodesterClass And Exam Timetab...6.9MEDIUM
SQL Injection Vulnerability in SourceCodester Class and Exam Timeta...

A vulnerability exists in the SourceCodester Class and Exam Timetabling System, specifically within the /edit_class1.php file. This vulnerability arises from improper handling of user-supplied input related to the argument ID. Attackers can exploit this weakness to execute arbitrary SQL commands,...

PoC for CVE-2026-13564

EdimaxEw-7478apc8.7HIGH
Stack-Based Buffer Overflow in Edimax EW-7478APC Due to POST Reques...

A stack-based buffer overflow vulnerability exists in the Edimax EW-7478APC version 1.04, specifically within the formPPPoESetup function of the POST Request Handler. This vulnerability can be triggered remotely by manipulating the pppUserName parameter. If exploited, it can lead to unauthorized ...

PoC for CVE-2026-13563

EdimaxEw-7478apc8.7HIGH
Stack-based Buffer Overflow in Edimax EW-7478APC Product

A vulnerability affecting the Edimax EW-7478APC version 1.04 has been identified in the POST Request Handler, specifically within the formL2TPSetup function. This flaw allows for a stack-based buffer overflow when the L2TPUserName parameter is improperly manipulated. Attackers can exploit this vu...

Discovered 19 hours ago

PoC for CVE-2026-13562

EdimaxEw-7478apc8.7HIGH
Buffer Overflow Vulnerability in Edimax EW-7478APC Wireless Range E...

A vulnerability in the Edimax EW-7478APC wireless range extender has been identified, specifically in the function handling POST requests for site surveys. The incident involves improper processing of the 'selSSID' parameter, leading to a buffer overflow situation. This weakness can be exploited ...

PoC for CVE-2026-13561

EdimaxEw-7478apc5.3MEDIUM
OS Command Injection Vulnerability in Edimax EW-7478APC by Edimax

An OS command injection vulnerability exists in Edimax EW-7478APC version 1.04. This flaw is found in the POST Request Handler within the function formiNICbasic, specifically when manipulating the rootAPmac argument. Successful exploitation allows remote attackers to execute arbitrary OS commands...

PoC for CVE-2026-13560

EdimaxEw-7478apc5.3MEDIUM
OS Command Injection Vulnerability in Edimax EW-7478APC by Edimax

A security vulnerability has been identified in the Edimax EW-7478APC version 1.04, specifically within the formAccept function of the POST Request Handler. This flaw allows remote attackers to manipulate the submit-url parameter, leading to potential OS command injection. This vulnerability has ...

PoC for CVE-2026-13559

Code-projectsReal State Services6.9MEDIUM
SQL Injection Vulnerability in Code-Projects Real State Services by...

A vulnerability has been detected in the Code-Projects Real State Services, specifically in the function within the file /single-list_sale.php when the action parameter is set to 'add'. By manipulating the argument ID, an attacker can execute an SQL injection, potentially exposing sensitive data....

Discovered 20 hours ago

PoC for CVE-2026-13558

CodeastroComplaint Management S...5.1MEDIUM
Cross Site Scripting Vulnerability in CodeAstro Complaint Managemen...

A security vulnerability has been identified in the CodeAstro Complaint Management System version 1.0, specifically within the Report Handler component. The flaw is triggered by improper handling of the 'Report Title' argument in the /report/addreport file. This oversight allows attackers to inje...

PoC for CVE-2026-13557

ItsourcecodeOnline Hotel Managemen...5.3MEDIUM
Cross-Site Scripting Vulnerability in itsourcecode Online Hotel Man...

A cross-site scripting (XSS) vulnerability was discovered in the itsourcecode Online Hotel Management System version 1.0, specifically in the POST Request Handler component located in the file /admin/mod_room/controller.php. This vulnerability allows an attacker to manipulate the argument 'Name',...

PoC for CVE-2026-13556

ItsourcecodeOnline Hotel Managemen...5.3MEDIUM
Cross Site Scripting Vulnerability in itsourcecode Online Hotel Man...

A cross site scripting vulnerability exists within itsourcecode Online Hotel Management System version 1.0, specifically affecting the POST Request Handler component. The vulnerability arises from improper handling of user input in the file /admin/mod_users/controller.php when the 'edit' action i...

PoC for CVE-2026-13555

ItsourcecodeOnline Hotel Managemen...6.9MEDIUM
SQL Injection Vulnerability in itsourcecode Online Hotel Management...

A security flaw has been identified in the itsourcecode Online Hotel Management System 1.0, where the file /admin/mod_users/controller.php allows remote attackers to execute SQL injection attacks. By manipulating the 'Name' argument, unauthorized users could potentially access or alter sensitive ...

Discovered 21 hours ago

PoC for CVE-2026-13554

ItsourcecodeOnline Hotel Managemen...5.3MEDIUM
Cross Site Scripting in Online Hotel Management System by itsourcecode

A vulnerability exists in the Online Hotel Management System (version 1.0) due to improper handling of POST requests in the controller file. Specifically, the 'add' action in /admin/mod_amenities/controller.php is susceptible to cross site scripting (XSS) attacks. By manipulating the 'Name' argum...

PoC for CVE-2025-55182

MetaReact-server-dom-webpack🟣 EPSS 100%10CRITICAL
Remote Code Execution Vulnerability in React Server Components by Meta

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

PoC for CVE-2026-13553

ItsourcecodeOnline Hotel Managemen...6.9MEDIUM
Unrestricted File Upload Vulnerability in itsourcecode Online Hotel...

A security flaw has been identified in the itsourcecode Online Hotel Management System version 1.0, specifically in the /admin/mod_amenities/controller.php file. This vulnerability is associated with an unprotected function that processes image uploads, allowing an attacker to manipulate argument...

PoC for CVE-2026-48908

Joomshaper.netSp Page Builder Extens...10CRITICAL
Arbitrary File Upload in SP Page Builder for Joomla

A vulnerability in the SP Page Builder for Joomla permits unauthenticated users to upload arbitrary files. This weakness can lead to the execution of PHP code, presenting significant security risks for Joomla websites using this extension.