Publicly Disclosed
PoC Exploits

🔴 Alway take caution when working with PoC Exploits 🔴

Discovered just now...

PoC for CVE-2026-50131

Fedify-devFedify8.6HIGH
SSRF Vulnerability in Fedify TypeScript Library by Fedify

The Fedify TypeScript library, used for building federated server applications powered by ActivityPub, has a critical vulnerability relating to Server-Side Request Forgery. While prior updates attempted to address internal network access by adding public URL validation for outbound fetches, the v...

Discovered 2 hours ago

PoC for CVE-2023-0386

LinuxKernel7.8HIGH
Privilege Escalation Vulnerability in Linux Kernel’s OverlayFS System

A vulnerability exists in the Linux kernel's OverlayFS subsystem that enables a local user to gain unauthorized access to a setuid file with capabilities. This issue arises when a user copies a capable file from a nosuid mount to another mount, leading to potential privilege escalation. The uid m...

PoC for CVE-2025-27636

ApacheApache Camel🟣 EPSS 80%5.6MEDIUM
Bypass/Injection Vulnerability in Apache Camel by Apache

A bypass and injection vulnerability exists in Apache Camel stemming from a flaw in its default header filtering mechanism. This flaw allows attackers to circumvent protective measures by manipulating the casing of header names. As a result, they can inject malicious headers which may invoke arbi...

Discovered 4 hours ago

PoC for CVE-2026-44825

ApacheApache Solr8.1HIGH
Basic Authentication Flaw in Apache Solr Affects User Security

A vulnerability in Apache Solr allows for remote unauthorized access due to hardcoded default credentials in the Basic Authentication setup tool. Versions 9.4.0 through 9.10.1 and 10.0.0 are particularly exposed, as attackers can leverage these known credentials to gain full control over the Solr...

Discovered 5 hours ago

PoC for CVE-2026-40048

ApacheApache Camel Pqc7.8HIGH
Deserialization Vulnerability in Apache Camel's File-Based Key Manager

The FileBasedKeyLifecycleManager class in Apache Camel allows deserialization of `<keyId>.key` files using java.io.ObjectInputStream without implementing ObjectInputFilter or restricting class loading. This flaw can lead to arbitrary code execution due to unsanitized deserialization methods being...

PoC for CVE-2021-40346

HaproxyHaproxy🟣 EPSS 58%7.5HIGH
Integer Overflow Vulnerability in HAProxy Versions 2.0 to 2.5

An integer overflow vulnerability is present in HAProxy versions 2.0 through 2.5. This flaw is associated with the htx_add_header function, enabling attackers to exploit the vulnerability to conduct an HTTP request smuggling attack. By bypassing all configured HTTP request Access Control Lists (A...

PoC for CVE-2026-15138

TumfMcp-text-editor5.3MEDIUM
Path Traversal Vulnerability in Tumf MCP Text Editor Affects Versio...

A security vulnerability has been identified in Tumf's MCP Text Editor, specifically in the _validate_file_path function found in text_editor.py. This vulnerability allows an attacker to perform path traversal by manipulating the 'file_path' argument, potentially gaining unauthorized access to se...

Discovered 6 hours ago

PoC for CVE-2026-15135

Code-projectsOnline Food Order System6.9MEDIUM
SQL Injection Vulnerability in Code-Projects Online Food Order System

A security vulnerability has been identified in the Online Food Order System by Code-Projects, specifically in the edit_food_items.php file. This flaw allows for SQL injection through manipulated inputs in the 'update' argument. Attackers can exploit this vulnerability remotely, potentially leadi...

Discovered 7 hours ago

PoC for CVE-2026-15134

CodeastroSimple Online Leave Ma...6.9MEDIUM
SQL Injection Vulnerability in CodeAstro Simple Online Leave Manage...

A vulnerability exists in the CodeAstro Simple Online Leave Management System version 1.0, specifically related to inadequate input validation in the /SimpleOnlineLeave/index.php file. By manipulating the 'email' parameter, an attacker may execute SQL injection attacks, potentially accessing sens...

PoC for CVE-2026-15105

DavenardellaSnap75.3MEDIUM
Deserialization Vulnerability in davenardella Snap7 Product

A deserialization flaw exists in davenardella's Snap7 product, impacting the TS7Worker::PerformFunctionRead function within the ReadVar Request Handler component. This vulnerability allows for manipulation of data structures, which can lead to remote exploitation on local networks. The problem ha...

Discovered 9 hours ago

PoC for CVE-2026-35204

HelmHelm8.4HIGH
Arbitrary File Write Vulnerability in Helm Package Manager

A security issue has been identified in Helm, the package manager for Kubernetes Charts. Versions 4.0.0 through 4.1.3 are impacted by a flaw that allows a specially crafted Helm plugin to write files to arbitrary locations on the filesystem when installed or updated. To mitigate this risk, it is ...

Discovered 10 hours ago

PoC for CVE-2026-40047

ApacheApache Camel9.1CRITICAL
Command Injection Vulnerability in Apache Camel Docling Component

A command injection vulnerability exists in the Apache Camel Docling component due to improper validation of custom CLI arguments. The vulnerability arises when the DoclingProducer constructs an argument list for the external 'docling' command-line tool, where insufficient validation may allow an...

PoC for CVE-2026-59807

ComposiohqComposio8.9HIGH
Path Validation Bypass in Composio SDK Enables Sensitive File Exposure

The Composio SDK is affected by a path validation bypass vulnerability that allows malicious actors to read and exfiltrate sensitive files. This issue arises from the missing assertSafeFileUploadPath check in the readFileFromDisk function located in tool-file-uploads.ts. By exploiting prompt inje...

PoC for CVE-2026-59806

Gradio-appGradio4.9MEDIUM
Open Redirect and Server-Side Request Forgery in Gradio by Gradio App

Gradio, an application developed by Gradio App, contains a vulnerability that impacts versions prior to 6.20.0. This security issue involves an open redirect and server-side request forgery that can be exploited by attackers. By manipulating the file_fetch() function in the /gradio_api/file= endp...

PoC for CVE-2026-59804

Web-infra-devMidscene7.6HIGH
Unauthenticated Remote Attack Risk in Midscene Bridge Server by Web...

The Midscene Bridge Server, up to version 1.10.3, is susceptible to a vulnerability that enables unauthenticated remote attackers to hijack active bridge sessions. This exploit works by opening a cross-origin WebSocket connection to the local Socket.IO server, which fails to validate the Origin h...

PoC for CVE-2026-59803

SmallnestRpcx8.7HIGH
Denial-of-Service Vulnerability in rpcx by Smallnest

The rpcx library, prior to version 1.9.3, is susceptible to a denial-of-service attack due to inadequate controls in the message decoding process. When handling messages with a compression flag, the payload is decompressed without restrictions on size, which can result in significant heap allocat...

PoC for CVE-2026-60104

BitwardenServer9.3CRITICAL
Authorization Bypass in Bitwarden Server Exposes Vault Keys

A vulnerability in Bitwarden Server prior to version 2026.6.0 allows a low-privileged member of an organization to exploit the authentication request process. By creating a Trusted Device Encryption request using an attacker-controlled public key, the malicious actor can obtain another user's vau...

Discovered 11 hours ago

PoC for CVE-2025-54136

CursorCursor7.2HIGH
Remote Code Execution Vulnerability in Cursor Code Editor by Cursor

In Cursor Code Editor versions prior to 1.3, a significant vulnerability exists allowing attackers to execute arbitrary code remotely. This occurs through manipulation of a trusted MCP configuration file either within a shared GitHub repository or on the target machine. If an attacker can alter t...

Discovered 13 hours ago

PoC for CVE-2021-21974

VmwareVmware Esxi🟣 EPSS 45%8.8HIGH
Heap Overflow Vulnerability in ESXi by VMware

The OpenSLP service in VMware ESXi contains a heap overflow vulnerability that could allow an attacker within the same network segment to execute arbitrary code. By sending specially crafted packets to port 427, an unauthorized actor may exploit this flaw, potentially compromising the entire syst...

Discovered 14 hours ago

PoC for CVE-2026-43499

LinuxLinux7.8HIGH
Linux Kernel Vulnerability in rtmutex Component Affecting Multiple ...

A vulnerability exists in the Linux kernel's rtmutex component where the remove_waiter() function incorrectly utilizes current instead of waiter::task during a dequeue operation within various mutex handling paths. This mismanagement leads to multiple issues, including potential use-after-free vu...

Discovered 15 hours ago

PoC for CVE-2026-15036

HarnessHarness5.3MEDIUM
Authorization Bypass in Harness Gitspaces Component

A vulnerability exists in the Harness platform, specifically within the gitspaces component, affecting versions up to 2.28.2. The issue is located in the getAuthorizedSpaces function of the app/api/controller/gitspace/list_all.go file. It allows unauthorized users to bypass authorization, potenti...

Discovered 16 hours ago

PoC for CVE-2026-15035

BentomlOpenllm4.8MEDIUM
Command Injection in OpenLLM Model Repository by Bentoml

A command injection vulnerability has been identified in the OpenLLM 0.6.30, specifically within the async_run_command function located in src/openllm/common.py. This flaw allows an attacker to manipulate the cmd argument, potentially leading to unauthorized command execution on affected systems....

PoC for CVE-2026-56290

Joomlack.frJoomlack.fr Page Build...10CRITICAL
Unauthenticated Arbitrary File Upload Vulnerability in Joomla Exten...

The Joomla extension Page Builder CK contains a vulnerability that allows unauthenticated attackers to upload arbitrary files. This weakness can be exploited to upload executable files, resulting in remote code execution on the server. The implications of this vulnerability are severe, as it may ...

PoC for CVE-2026-15034

Flask-dashboardFlask-monitoringdashboard5.3MEDIUM
Cross-Site Request Forgery Vulnerability in Flask-MonitoringDashboa...

A vulnerability identified in Flask-MonitoringDashboard, up to version 5.0.2, facilitates cross-site request forgery attacks. This issue allows attackers to exploit certain functions without proper authorization, potentially leading to unauthorized actions performed on behalf of legitimate users....

Discovered 20 hours ago

PoC for CVE-2026-46242

LinuxLinux7.8HIGH
Eventpoll Memory Management Flaw in Linux Kernel

A memory management vulnerability in the Linux kernel's eventpoll subsystem allows for a misuse of freed memory, resulting from improper handling of file structures during critical operations. The flaw occurs when an ep_remove operation clears a file pointer under lock while allowing concurrent o...

Discovered 1 day ago

PoC for CVE-2026-12378

WordPressAppointment Booking Ca...8.1HIGH
PHP Deserialization Vulnerability in Appointment Booking Calendar P...

The Appointment Booking Calendar Plugin for WordPress, up to version 1.1.28, fails to validate user input before it is processed by a PHP deserialization function. This flaw exposes the plugin to attacks from unauthenticated users, who could exploit the vulnerability to inject arbitrary PHP objec...

PoC for CVE-2026-12277

WordPressFrontend File Manager ...8.7HIGH
Unauthorized File Deletion in Frontend File Manager Plugin by WordP...

The Frontend File Manager Plugin for WordPress, version 23.6, is susceptible to a vulnerability that allows unauthenticated users to delete arbitrary files on the server without proper validation of file paths derived from user input. This issue is particularly concerning when guest upload mode i...

PoC for CVE-2025-36911

GoogleAndroid7.1HIGH
Logic Flaw in Key-Based Pairing Affects Android Devices

The vulnerability arises from a logic error in the key-based pairing process of certain Android devices. This flaw may allow an attacker in proximity to exploit the issue and gain unauthorized access to sensitive user information, including conversations and location data. Notably, the attack doe...

PoC for CVE-2022-46364

ApacheApache Cxf9.8CRITICAL
Apache CXF SSRF Vulnerability

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. 

PoC for CVE-2025-64459

DjangoprojectDjango🟣 EPSS 19%9.1CRITICAL
SQL Injection Vulnerability in Django Software by Django

An SQL injection vulnerability exists in specific versions of Django prior to 5.1.14, 4.2.26, and 5.2.8. Through the use of specially crafted dictionaries, attackers can exploit the `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()` methods, as well as the `Q()` class, when utilizing...

PoC for CVE-2026-48611

PHPbbPHPbb9.8CRITICAL
Improper Authentication in OAuth Implementation Affects phpBB Software

The OAuth implementation in phpBB has a critical flaw where improper authentication checks can lead to account hijacking. This vulnerability is particularly concerning as it may allow unauthorized users to gain access to accounts even if OAuth is not configured or enabled. Default installations a...

PoC for CVE-2026-6300

GoogleChrome8.8HIGH
Use After Free Vulnerability in Google Chrome

A use after free vulnerability in the CSS handling of Google Chrome versions prior to 147.0.7727.101 enables remote attackers to execute arbitrary code. This vulnerability can be triggered through a maliciously crafted HTML document, allowing unauthorized actions within a sandboxed environment, w...

PoC for CVE-2023-31488

CiscoIronport Email Securit...9.8CRITICAL
Segmentation Fault Vulnerability in Hyland Perceptive Filters for C...

A vulnerability has been identified in Hyland Perceptive Filters versions prior to December 8, 2023. This issue affects products like Cisco IronPort Email Security Appliance Software and Cisco Secure Email Gateway, along with several non-Cisco products. Attackers can exploit this flaw by crafting...

PoC for CVE-2023-20075

CiscoCisco Secure Email6.7MEDIUM
Remote Command Execution Vulnerability in Cisco Secure Email Gateway

A vulnerability exists in the command-line interface (CLI) of Cisco Secure Email Gateway due to improper input validation. This security flaw allows authenticated, remote attackers to inject malicious operating system commands into legitimate commands. A successful exploitation of this vulnerabil...

PoC for CVE-2023-20009

CiscoCisco Secure Email7.2HIGH
Privilege Escalation in Cisco Secure Email Gateway and Manager

A vulnerability exists within the Web UI and administrative CLI of Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA). This security flaw enables both authenticated local and remote attackers to escalate their privileges, potentially gaining root access on the device. T...

PoC for CVE-2023-0090

ProofpointEnterprise Protection9.8CRITICAL
Proofpoint Enterprise Protection webservices unauthenticated RCE

The webservices in Proofpoint Enterprise Protection (PPS/POD) are susceptible to a vulnerability that enables unauthorized users to execute remote code through 'eval injection'. Exploitation of this vulnerability necessitates network access to the webservices API; however, such access is typicall...

PoC for CVE-2023-0089

ProofpointEnterprise Protection8.8HIGH
Proofpoint Enterprise Protection webutils authenticated RCE

The webutils component of Proofpoint Enterprise Protection is affected by a vulnerability that permits an authenticated user to leverage eval injection for remote code execution. This vulnerability affects all versions up to and including 8.20.0, potentially allowing malicious actions by users wi...

PoC for CVE-2026-14762

Code-projectsHotel And Tourism Rese...6.9MEDIUM
SQL Injection Vulnerability in Hotel and Tourism Reservation by Cod...

A significant SQL injection vulnerability has been identified in the Hotel and Tourism Reservation application by Code-Projects, specifically within the Room Management Page component. The vulnerability arises from the manipulation of an argument within the /admin/rooms.php file, allowing an atta...

PoC for CVE-2026-58473

TopoteretesCognee9.3CRITICAL
Improper Access Control in Cognee by Topoteretes

Cognee, prior to version 1.2.0, exhibits an improper access control vulnerability that allows unauthenticated attackers to register an account and modify global LLM provider configurations through the settings endpoint. This endpoint does not enforce necessary administrative checks, enabling atta...

PoC for CVE-2026-58583

FluxinkColor Management Driver8.4HIGH
Local Privilege Escalation Vulnerability in FluxInk Color Managemen...

The FluxInk Color Management Driver (TcnPeripheral64.sys) version 1.0.7.2 contains a security flaw that allows a standard user account to escalate privileges by mapping arbitrary physical memory. This vulnerability poses a significant risk, enabling unauthorized users to gain elevated access and ...

PoC for CVE-2026-58468

NocobaseNocobase5.1MEDIUM
Server-Side Request Forgery in NocoBase by NocoBase

NocoBase, up to version 2.1.20, exhibits a server-side request forgery vulnerability within the serverRequest wrapper. This flaw permits authenticated administrators to make unauthorized outbound HTTP requests by inputting malicious URL links into workflow request nodes, custom action buttons, or...

PoC for CVE-2026-53359

LinuxLinux
Use-After-Free Vulnerability in Linux Kernel Affecting KVM x86 Prod...

A vulnerability has been identified in the Linux kernel concerning the KVM x86 module, specifically a use-after-free scenario due to an unexpected role in shadow paging. This issue arises when a host modifies a Page Directory Entry (PDE) mapping from outside a guest virtual machine and subsequent...

PoC for CVE-2026-14191

RarlabWinrar7.8HIGH
Out-of-Bounds Heap Write in WinRAR Product by RARLab

A vulnerability exists within the RAR5 recovery-volume parser used in WinRAR and UnRAR, leading to potential heap corruption through crafted .rev files. This flaw stems from the incorrect validation of input that allows for manipulation of internal data structures, posing a risk when users perfor...

PoC for CVE-2024-36401

GeoserverGeoserver🟣 EPSS 100%9.8CRITICAL
Remote Code Execution Vulnerability in GeoServer Prior to Versions ...

GeoServer, an open-source server enabling geospatial data sharing and manipulation, contains a vulnerability that permits unauthenticated users to execute arbitrary code. This flaw arises from the handling of OGC request parameters, where property names are unsafely evaluated as XPath expressions...

PoC for CVE-2021-41773

ApacheApache Http Server🟣 EPSS 100%7.5HIGH
Path traversal and file disclosure vulnerability in Apache HTTP Ser...

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default config...

Discovered 2 days ago

PoC for CVE-2026-11405

TendaFirmware9.8CRITICAL
Hidden Backdoor Authentication in Web Server Binary by Vendor

The web server binary '/bin/httpd' contains a vulnerability that enables a hidden backdoor authentication mechanism within its login function. This flaw allows unauthorized access by reading a backdoor password from the device configuration file if normal authentication fails. Using a direct comp...

PoC for CVE-2026-53359

LinuxLinux
Use-After-Free Vulnerability in Linux Kernel Affecting KVM x86 Prod...

A vulnerability has been identified in the Linux kernel concerning the KVM x86 module, specifically a use-after-free scenario due to an unexpected role in shadow paging. This issue arises when a host modifies a Page Directory Entry (PDE) mapping from outside a guest virtual machine and subsequent...

PoC for CVE-2026-23697

VtigerVtiger Crm8.7HIGH
Authenticated File Upload Vulnerability in Vtiger CRM by Vtiger

Vtiger CRM versions prior to 8.4.0 are subject to an authenticated file upload vulnerability that allows low-privileged users to perform remote code execution. This is achieved by uploading a .phar file containing malicious PHP code through the Documents module, circumventing the configured denyl...

PoC for CVE-2026-23698

VtigerVtiger Crm8.6HIGH
Remote Code Execution Vulnerability in Vtiger CRM Admin Module

Vtiger CRM versions up to 8.4.0 contain a vulnerability that permits authenticated users with administrative privileges to execute arbitrary PHP code remotely. This occurs via the ModuleManager's import feature, which allows crafted zip files to be uploaded without sufficient validation. Attacker...

PoC for CVE-2026-57851

Micro-star Intern...Kerncorelib64.sys8.5HIGH
Local Privilege Escalation Vulnerability in MSI Feature Manager by MSI

The MSI Feature Manager, through its KernCoreLib64.sys kernel driver, introduces a local privilege escalation vulnerability. This flaw enables any locally authenticated user to execute arbitrary read/write operations on physical memory and conduct unrestricted I/O port operations. By exploiting e...