Publicly Disclosed
PoC Exploits

🔴 Alway take caution when working with PoC Exploits 🔴

Discovered just now...

PoC for CVE-2025-29927

VercelNext.js🟣 EPSS 32%9.1CRITICAL
Authorization Bypass in Next.js Framework by Vercel

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

Discovered 1 hour ago

PoC for CVE-2025-2752

Open Asset Import...Assimp5.3MEDIUM
Out-of-Bounds Read Vulnerability in Open Asset Import Library Assimp

A vulnerability has been identified in Open Asset Import Library Assimp, specifically in version 5.4.3, under the function fast_atoreal_move located in include/assimp/fast_atof.h. This flaw permits an out-of-bounds read, which can potentially be exploited through remote attacks. Public disclosure...

Discovered 2 hours ago

PoC for CVE-2025-2751

Open Asset Import...Assimp5.3MEDIUM
Out-of-Bounds Read Vulnerability in Open Asset Import Library by As...

A vulnerability has been identified in the Open Asset Import Library (Assimp) version 5.4.3, specifically in the CSM File Handler component's InternReadFile function. This vulnerability arises from improper handling of the 'na' argument, leading to an out-of-bounds read condition. The flaw can be...

PoC for CVE-2025-2750

Open Asset Import...Assimp5.3MEDIUM
Out-of-Bounds Write Vulnerability in Open Asset Import Library Assi...

A vulnerability exists in Open Asset Import Library Assimp version 5.4.3, specifically within the Assimp::CSMImporter::InternReadFile function located in CSM File Handler's CSMLoader.cpp. This flaw allows for out-of-bounds write operations that could be exploited remotely, potentially leading to ...

PoC for CVE-2025-2744

ZhijiantianyaRuoyi-vue-pro5.3MEDIUM
Path Traversal Vulnerability in zhijiantianya Ruoyi-Vue-Pro Product

A vulnerability has been identified in the Material Upload Interface of zhijiantianya Ruoyi-Vue-Pro version 2.4.1, specifically within the file /admin-api/mp/material/upload-news-image. This flaw allows attackers to manipulate the File argument, leading to potential path traversal exploits. The n...

PoC for CVE-2025-2743

ZhijiantianyaRuoyi-vue-pro5.3MEDIUM
Path Traversal Vulnerability in zhijiantianya ruoyi-vue-pro by zhij...

A path traversal vulnerability exists in the Material Upload Interface of the ruoyi-vue-pro version 2.4.1. The flaw allows attackers to manipulate the File argument in the /admin-api/mp/material/upload-temporary endpoint, potentially leading to unauthorized file access or deletion. This attack ca...

PoC for CVE-2025-1974

KubernetesIngress-Nginx Controller
Arbitrary Code Execution Vulnerability in Ingress-Nginx Controller ...

A security issue in the Kubernetes platform allows an unauthenticated attacker with access to the pod network to execute arbitrary code within the context of the ingress-nginx controller. This vulnerability poses serious security risks, as it can potentially expose sensitive secrets accessible to...

PoC for CVE-2025-29927

VercelNext.js🟣 EPSS 32%9.1CRITICAL
Authorization Bypass in Next.js Framework by Vercel

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

Discovered 3 hours ago

PoC for CVE-2025-2742

ZhijiantianyaRuoyi-vue-pro5.3MEDIUM
Path Traversal Vulnerability in zhijiantianya ruoyi-vue-pro Product

A vulnerability discovered in the zhijiantianya ruoyi-vue-pro product allows remote attackers to manipulate the argument 'File' in the Material Upload Interface. This manipulation may lead to unauthorized access and path traversal, potentially enabling attackers to access sensitive files on the s...

PoC for CVE-2025-2740

PHPgurukulOld Age Home Managemen...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Old Age Home Management S...

A security vulnerability has been identified in the PHPGurukul Old Age Home Management System version 1.0, specifically in the file /admin/eligibility.php. This vulnerability arises from improper handling of user input in the argument 'pagetitle', which can be exploited via a SQL injection attack...

PoC for CVE-2025-0717

WordPressSocial Slider Feed
Cross-Site Scripting Vulnerability in WordPress eCommerce Plugin

This vulnerability allows attackers to inject malicious scripts into web pages viewed by users, exploiting weaknesses in the input validation within the eCommerce plugin for WordPress. If exploited, this could lead to the execution of arbitrary JavaScript code in the context of the user's session...

PoC for CVE-2025-1452

WordPressFavorites
Stored Cross-Site Scripting Vulnerability in Favorites WordPress Pl...

The Favorites WordPress plugin versions prior to 2.3.5 are vulnerable due to insufficient sanitization and escaping of certain settings. This flaw allows high privilege users, including administrators, to execute Stored Cross-Site Scripting (XSS) attacks, regardless of the unfiltered_html capabil...

PoC for CVE-2025-1798

WordPressDesign-comuni-WordPres...
Stored Cross-Site Scripting Vulnerability in WordPress Plugin by Ve...

This vulnerability arises from insufficient sanitization and escaping of certain parameters during page output, which could allow unauthenticated users to execute stored Cross-Site Scripting (XSS) attacks. If exploited, attackers can manipulate user sessions, deliver malicious payloads, or intera...

PoC for CVE-2024-13618

WordPressAoa-downloadable
Unauthorized Access Vulnerability in AOA Downloadable Plugin by Wor...

The AOA Downloadable plugin for WordPress versions up to 0.1.0 has a security weakness due to improper authorization and authentication on its download.php endpoint. This vulnerability enables malicious actors to send requests to arbitrary URLs without the need for user authentication, potentiall...

PoC for CVE-2024-9770

WordPressWP-recall
SQL Injection Vulnerability in WP-Recall Plugin for WordPress

The WP-Recall plugin for WordPress prior to version 16.26.12 contains a vulnerability that allows attackers to execute SQL injection attacks. This occurs due to a failure to properly sanitize and escape user-supplied input in SQL statements. Consequently, administrators could be manipulated into ...

PoC for CVE-2024-13617

WordPressAoa-downloadable
File Download Vulnerability in aoa-downloadable WordPress Plugin by...

The aoa-downloadable WordPress plugin versions up to 0.1.0 contains a security flaw that fails to properly validate parameters in its download function. This lack of validation allows unauthenticated attackers to exploit the vulnerability and download arbitrary files from the server, potentially ...

PoC for CVE-2024-13863

WordPressStylish Google Sheet R...
Reflected Cross-Site Scripting in Stylish Google Sheet Reader Plugi...

The Stylish Google Sheet Reader plugin for WordPress versions prior to 4.1 contains a vulnerability where user-supplied input is not properly sanitized or escaped before being rendered on the web page. This oversight can lead to Reflected Cross-Site Scripting (XSS) attacks, allowing malicious act...

PoC for CVE-2024-13122

WordPressAfi
Stored Cross-Site Scripting Vulnerability in AFI WordPress Plugin

The AFI WordPress plugin prior to version 1.100.0 lacks proper sanitization and escaping measures for certain settings, which may permit high privilege users, including administrators, to execute Stored Cross-Site Scripting (XSS) attacks. This vulnerability poses a risk even in environments where...

PoC for CVE-2024-13123

WordPressAfi
Stored Cross-Site Scripting Vulnerability in AFI WordPress Plugin

The AFI WordPress plugin fails to adequately sanitize and escape certain settings, enabling users with elevated privileges, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks. This vulnerability poses a significant risk in configurations where the unfiltered_html capabil...

PoC for CVE-2024-12769

WordPressSimple Banner
Stored Cross-Site Scripting in Simple Banner Plugin for WordPress

The Simple Banner plugin for WordPress, versions prior to 3.0.4, fails to properly sanitize and escape certain configuration settings. This oversight permits users with elevated privileges, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks. Even in multisite environment...

PoC for CVE-2024-13118

WordPressIp Based Login
CSRF Vulnerability in IP Based Login Plugin for WordPress

The IP Based Login plugin for WordPress, prior to version 2.4.1, is susceptible to Cross-Site Request Forgery (CSRF) attacks. This vulnerability arises from the absence of adequate CSRF checks, allowing attackers to exploit legitimate user sessions and perform unauthorized actions on behalf of lo...

PoC for CVE-2024-12682

WordPressSmart Maintenance Mode
Stored Cross-Site Scripting Vulnerability in Smart Maintenance Mode...

The Smart Maintenance Mode plugin for WordPress, prior to version 1.5.2, has a security flaw that allows high privilege users, such as administrators, to execute stored cross-site scripting (XSS) attacks. This vulnerability arises from the plugin's failure to properly sanitize and escape certain ...

PoC for CVE-2024-12109

WordPressProduct Labels For Woo...
SQL Injection Vulnerability in Product Labels for Woocommerce by Wo...

A vulnerability exists in the Product Labels for Woocommerce (Sale Badges) plugin, where it fails to properly sanitize and escape a specific parameter used in SQL statements. This oversight can be exploited by administrators to conduct SQL injection attacks, potentially leading to unauthorized da...

PoC for CVE-2025-2739

PHPgurukulOld Age Home Managemen...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Old Age Home Management S...

A vulnerability exists in PHPGurukul's Old Age Home Management System, version 1.0, specifically in the processing of the file /admin/manage-services.php. An attacker can exploit this weakness by manipulating the 'sertitle' parameter, leading to unauthorized SQL injection attacks. This allows for...

PoC for CVE-2024-11273

WordPressContact Form & Smtp Pl...
Stored Cross-Site Scripting Vulnerability in PirateForms WordPress ...

The Contact Form & SMTP Plugin for WordPress by PirateForms versions earlier than 2.6.0 does not adequately sanitize and escape certain settings. This lack of proper validation enables high privilege users, like administrators, to execute Stored Cross-Site Scripting (XSS) attacks, compromising se...

PoC for CVE-2024-11503

WordPressWP Tabs
Stored Cross-Site Scripting in WP Tabs WordPress Plugin

The WP Tabs WordPress plugin, prior to version 2.2.7, fails to adequately sanitize and escape certain settings. This shortcoming enables high privilege users, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks, even in scenarios where the unfiltered_html capability is re...

PoC for CVE-2024-10679

WordPressQuiz And Survey Master...
Stored Cross-Site Scripting in Quiz and Survey Master Plugin for Wo...

The Quiz and Survey Master plugin for WordPress, prior to version 9.2.1, fails to properly sanitize and escape certain settings. This oversight enables users with elevated privileges, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks, even if the unfiltered_html capabil...

PoC for CVE-2024-10703

WordPressRegistrations For The ...
Stored Cross-Site Scripting Vulnerability in Events Calendar Plugin...

A security vulnerability exists in the Events Calendar plugin for WordPress, where insufficient sanitization and escaping of certain settings allow high privilege users, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks. This vulnerability can compromise the security of...

PoC for CVE-2024-11272

WordPressContact Form & Smtp Pl...
Stored Cross-Site Scripting Vulnerability in Contact Form & SMTP Pl...

The Contact Form & SMTP Plugin for WordPress by PirateForms prior to version 2.6.0 is susceptible to stored cross-site scripting attacks. The vulnerability arises due to the failure to properly sanitize and escape certain settings, allowing high-privilege users, such as administrators, to exploit...

PoC for CVE-2024-10638

WordPressProduct Labels For Woo...
SQL Injection Vulnerability in Product Labels For Woocommerce Plugi...

The Product Labels For Woocommerce (Sale Badges) plugin for WordPress prior to version 1.5.11 is susceptible to SQL injection due to improper sanitization and escaping of input parameters in SQL statements. This vulnerability enables an attacker with administrative privileges to execute arbitrary...

PoC for CVE-2024-10566

WordPressSlider By 10web
Stored Cross-Site Scripting Vulnerability in Slider by 10Web Plugin

The Slider by 10Web WordPress plugin prior to version 1.2.62 has a vulnerability due to improper sanitization and escaping of certain settings. This flaw permits high privilege users, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks. Even in configurations where the un...

PoC for CVE-2025-2738

PHPgurukulOld Age Home Managemen...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Old Age Home Management S...

A vulnerability has been discovered in PHPGurukul's Old Age Home Management System version 1.0, which allows remote attackers to manipulate the 'namesc' parameter within the file '/admin/manage-scdetails.php'. This manipulation can lead to SQL injection, potentially compromising the database and ...

PoC for CVE-2024-10565

WordPressSlider By 10web
Stored Cross-Site Scripting Vulnerability in Slider by 10Web Plugin

The Slider by 10Web plugin for WordPress prior to version 1.2.62 contains a vulnerability due to insufficient sanitization and escaping of certain settings. This flaw allows users with high privileges, such as administrators, to exploit the vulnerability and launch Stored Cross-Site Scripting (XS...

PoC for CVE-2024-10560

WordPressForm Maker By 10web
Stored Cross-Site Scripting Vulnerability in Form Maker by 10Web Pl...

The Form Maker plugin developed by 10Web for WordPress prior to version 1.15.30 contains a serious vulnerability due to inadequate sanitization and escaping of certain settings. This oversight permits high-privilege users, such as administrators, to carry out Stored Cross-Site Scripting (XSS) att...

PoC for CVE-2024-10554

WordPressWordPress WP-advanced-...
Stored Cross-Site Scripting Vulnerability in WP-Advanced-Search Plu...

The WP-Advanced-Search plugin for WordPress versions prior to 3.3.9.3 contains a vulnerability where it fails to properly sanitize and escape certain settings. This oversight could result in high privilege users, specifically admins, being able to execute Stored Cross-Site Scripting (XSS) attacks...

PoC for CVE-2024-10472

WordPressStylish Price List
Stored Cross-Site Scripting Vulnerability in Stylish Price List Plu...

The Stylish Price List plugin for WordPress prior to version 7.1.12 has a serious security flaw that fails to properly sanitize and escape certain settings. This vulnerability may allow high privilege users, such as contributors, to execute Stored Cross-Site Scripting (XSS) attacks, even when the...

PoC for CVE-2024-10105

WordPressJob Postings
Stored Cross-Site Scripting Vulnerability in Job Postings Plugin fo...

The Job Postings plugin for WordPress, specifically versions prior to 2.7.11, is susceptible to a stored cross-site scripting vulnerability. This arises due to insufficient sanitization and escaping of certain settings, allowing high privilege users, such as contributors, to execute harmful scrip...

Discovered 4 hours ago

PoC for CVE-2025-2737

PHPgurukulOld Age Home Managemen...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Old Age Home Management S...

A significant SQL injection vulnerability has been identified in the PHPGurukul Old Age Home Management System version 1.0. The flaw resides in the 'pagetitle' parameter within the '/admin/contactus.php' file, allowing attackers to manipulate this argument to execute arbitrary SQL commands. This ...

PoC for CVE-2025-2736

PHPgurukulOld Age Home Managemen...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Old Age Home Management S...

A vulnerability exists in the PHPGurukul Old Age Home Management System version 1.0, specifically within the /admin/bwdates-report-details.php file. This vulnerability allows for SQL injection through the manipulation of the 'fromdate' argument, which could lead to unauthorized access to the data...

PoC for CVE-2025-2735

PHPgurukulOld Age Home Managemen...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Old Age Home Management S...

An SQL injection vulnerability has been identified in the PHPGurukul Old Age Home Management System version 1.0. This issue arises from the manipulation of the 'sertitle' argument within the /admin/add-services.php file. As a result, unauthorized users could execute remote attacks by exploiting t...

Discovered 5 hours ago

PoC for CVE-2025-2734

PHPgurukulOld Age Home Managemen...6.9MEDIUM
SQL Injection Vulnerability in PHPGurukul Old Age Home Management S...

An SQL injection vulnerability has been identified in the PHPGurukul Old Age Home Management System, specifically in the '/admin/aboutus.php' file. This vulnerability arises from improper handling of user input in the 'pagetitle' parameter, allowing attackers to execute malicious SQL queries remo...

PoC for CVE-2025-2733

MannaandpoemOpenmanus5.3MEDIUM
OS Command Injection Vulnerability in OpenManus by mannaandpoem

A significant OS command injection vulnerability exists in the OpenManus application, specifically affecting the Prompt Handler component within the python_execute.py file. This flaw may be exploited remotely, allowing attackers to execute arbitrary commands on the host system. Despite attempts t...

PoC for CVE-2025-29927

VercelNext.js🟣 EPSS 32%9.1CRITICAL
Authorization Bypass in Next.js Framework by Vercel

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

PoC for CVE-2025-2732

H3cMagic Nx158.7HIGH
Command Injection Vulnerability in H3C Magic Devices

A security vulnerability exists in several H3C Magic devices that allows an attacker to execute arbitrary commands through improper handling of HTTP POST requests in the /api/wizard/getWifiNeighbour endpoint. This could allow unauthorized remote control, potentially leading to various malicious a...

PoC for CVE-2025-24813

ApacheApache Tomcat🟣 EPSS 87%9.8CRITICAL
Remote Code Execution and Information Disclosure Vulnerability in A...

Apache Tomcat is affected by a security vulnerability that allows attackers to exploit path equivalence issues. If certain conditions are met, such as having write permissions enabled for the default servlet and supporting partial PUT uploads, attackers can potentially execute remote code or disc...

Discovered 6 hours ago

PoC for CVE-2025-2731

H3cMagic Nx158.7HIGH
Command Injection Vulnerability in H3C Magic Products

A command injection vulnerability exists in the H3C Magic product line, including models NX15, NX30 Pro, NX400, R3010, and BE18000, up to version V100R014. The issue is associated with the /api/wizard/getDualbandSync endpoint of the HTTP POST Request Handler component. This weakness allows attack...

PoC for CVE-2025-2730

H3cMagic Nx158.7HIGH
Command Injection Vulnerability in H3C Magic Devices

A command injection vulnerability exists in the H3C Magic NX15, NX30 Pro, NX400, R3010, and BE18000 devices through the /api/wizard/getssidname endpoint of the HTTP POST Request Handler. This flaw allows an unauthorized user to execute arbitrary commands remotely. Public disclosure of this exploi...

PoC for CVE-2025-2729

H3cMagic Nx158.7HIGH
Command Injection Vulnerability in H3C Magic Series Routers

A vulnerability exists within the HTTP POST Request Handler of certain H3C Magic routers, specifically affecting networkSetup API calls. This flaw allows an attacker to execute arbitrary commands on the devices remotely, potentially compromising network integrity and confidentiality. The vendor h...

Discovered 7 hours ago

PoC for CVE-2025-2727

H3cMagic Nx30 Pro8.7HIGH
Remote Code Execution Vulnerability in H3C Magic NX30 Pro

A significant vulnerability in the H3C Magic NX30 Pro router allows attackers to exploit the HTTP POST Request Handler within the /api/wizard/getNetworkStatus endpoint. This vulnerability enables remote attackers to execute arbitrary commands on the device, potentially compromising its integrity ...

PoC for CVE-2025-2726

H3cMagic Nx158.7HIGH
Command Injection Vulnerability in H3C Magic Products

A command injection vulnerability exists in specific H3C Magic products, which involves the HTTP POST Request Handler component's file /api/esps. This flaw can be exploited remotely, allowing attackers to execute arbitrary commands. The issue affects multiple models, including NX15, NX30 Pro, NX4...