Publicly Disclosed
PoC Exploits
đź”´ Alway take caution when working with PoC Exploits đź”´
Discovered just now...
PoC for CVE-2025-26465
A significant vulnerability has been identified in OpenSSH when the VerifyHostKeyDNS option is activated. This flaw allows a malicious actor to conduct a man-in-the-middle attack by impersonating a legitimate server. The crux of the issue lies in the mishandling of error codes by OpenSSH during t...
Discovered 2 hours ago
PoC for CVE-2025-1544
A critical SQL injection vulnerability affects the dingfanzu CMS, specifically at the /ajax/loadShopInfo.php endpoint. This flaw arises due to improper handling of the shopId parameter, allowing remote attackers to execute arbitrary SQL queries. The risk is heightened as the vulnerability has bee...
PoC for CVE-2025-1543
A path traversal vulnerability has been identified in iteachyou Dreamer CMS version 4.1.3, affecting the processing of the /resource/js/ueditor-1.4.3.3 file. This issue can be exploited remotely, allowing attackers to manipulate file paths and potentially access restricted directories. The vulner...
Discovered 3 hours ago
PoC for CVE-2025-1539
A security vulnerability has been identified in D-Link DAP-1320 version 1.00, specifically within the function replace_special_char in the file /storagein.pd-XXXXXX. This flaw allows for a stack-based buffer overflow, which can be exploited remotely by attackers. Notably, this vulnerability affec...
PoC for CVE-2025-1538
A significant vulnerability has been identified in the D-Link DAP-1320 version 1.00, specifically within the set_ws_action function of the /dws/api/ file. This flaw results in a heap-based buffer overflow, which could be exploited remotely, potentially allowing attackers to manipulate system beha...
Discovered 4 hours ago
PoC for CVE-2025-1537
An SQL injection vulnerability exists in Harpia DiagSystem 12, specifically within the file /diagsystem/PACS/atualatendimento_jpeg.php. The flaw arises from improper handling of the input parameter 'codexame', allowing attackers to manipulate SQL queries. This vulnerability can be exploited remot...
PoC for CVE-2025-1536
A vulnerability has been identified in the Raisecom Multi-Service Intelligent Gateway, specifically within the Request Parameter Handler of the /vpn/vpn_template_style.php file. This flaw allows for OS command injection due to improper handling of the 'stylenum' argument. Attackers can exploit th...
Discovered 6 hours ago
PoC for CVE-2025-1535
A SQL injection vulnerability exists in the Baiyi Cloud Asset Management System, specifically in the /wuser/admin.ticket.close.php file. This vulnerability enables attackers to manipulate the ticket_id parameter, which can lead to unauthorized access to the database. The exploit can be executed r...
Discovered 12 hours ago
PoC for CVE-2024-13585
The Ajax Search Lite WordPress plugin prior to version 4.12.5 is susceptible to Stored Cross-Site Scripting due to improper sanitization and escaping of certain settings. This vulnerability allows users with elevated privileges, including administrators, to execute malicious scripts, even in envi...
PoC for CVE-2024-13314
The Carousel, Slider, Gallery by WP Carousel WordPress plugin prior to version 2.7.4 is vulnerable due to inadequate sanitization and escaping of certain settings. This flaw allows users with elevated privileges, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks, even i...
Discovered 16 hours ago
PoC for CVE-2025-24971
The DumpDrop file upload application has exposed an OS Command Injection vulnerability in its `/upload/init` endpoint. This issue arises when the Apprise Notification feature is enabled, allowing attackers to execute arbitrary code remotely. Users of affected DumpDrop versions are strongly advise...
Discovered 17 hours ago
PoC for CVE-2024-13481
The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress contains a vulnerability that allows unauthenticated attackers to exploit the 'edit_id' and 'dropship_edit_id' parameters. Due to insufficient escaping of user-supplied input and inadequate preparation of existing SQL queries, att...
PoC for CVE-2024-13479
The LTL Freight Quotes – SEFL Edition plugin for WordPress is susceptible to SQL Injection through the 'dropship_edit_id' and 'edit_id' parameters. This vulnerability arises from inadequate escaping of user-supplied parameters and insufficient query preparation, allowing unauthenticated attackers...
PoC for CVE-2024-13478
The LTL Freight Quotes – TForce Edition plugin for WordPress has a vulnerability that allows unauthenticated attackers to exploit SQL Injection through the 'dropship_edit_id' and 'edit_id' parameters. This arises from inadequate input escaping and improper handling of SQL queries, enabling attack...
PoC for CVE-2024-13483
The LTL Freight Quotes – SAIA Edition plugin for WordPress is susceptible to SQL Injection through the 'edit_id' and 'dropship_edit_id' parameters. This vulnerability is present in all versions up to and including 2.2.10 due to inadequate escaping of user-supplied input and the absence of proper ...
PoC for CVE-2024-13485
The LTL Freight Quotes – ABF Freight Edition plugin for WordPress is susceptible to SQL Injection through the 'edit_id' and 'dropship_edit_id' parameters. This vulnerability arises from inadequate escaping of user-supplied input and insufficient preparation in the SQL query, enabling unauthentica...
PoC for CVE-2024-13489
The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is affected by a SQL Injection vulnerability through the 'edit_id' and 'dropship_edit_id' parameters. This flaw arises from inadequate escaping of user-supplied data and insufficient preparation of SQL queries. As a result, unauth...
Discovered 18 hours ago
PoC for CVE-2024-13488
The Estes Edition plugin for WordPress is susceptible to an SQL Injection vulnerability through the 'dropship_edit_id' and 'edit_id' parameters. Due to insufficient escaping of user-supplied inputs and the absence of adequate preparation of SQL queries, this flaw allows unauthenticated attackers ...
Discovered 1 day ago
PoC for CVE-2024-2961
The iconv() function in the GNU C Library (glibc) has a vulnerability that can cause a buffer overflow when converting strings to the ISO-2022-CN-EXT character set. This flaw occurs due to the function's failure to adequately check the size of the output buffer, allowing it to overflow by up to 4...
Discovered 2 days ago
PoC for CVE-2025-0108
An authentication bypass vulnerability in Palo Alto Networks PAN-OS allows unauthenticated attackers with network access to the management web interface to bypass necessary authentication. This issue enables potential manipulation of certain PHP scripts by attackers, which could compromise the in...
PoC for CVE-2021-26291
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. ...
PoC for CVE-2025-22654
The Simplified plugin by Kodeshpa contains a vulnerability that allows for the unrestricted upload of files with dangerous types. This flaw could enable attackers to upload malicious files to the server, posing significant security risks. Versions affected include all releases from n/a to 1.0.6, ...
PoC for CVE-2024-45870
Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file.
PoC for CVE-2023-44487
The HTTP/2 protocol is susceptible to a denial of service vulnerability that can be exploited via rapid stream resets. This allows attackers to overwhelm servers by rapidly canceling requests, leading to significant resource consumption and potential service disruption. Exploitation of this vulne...
PoC for CVE-2025-1465
A code injection vulnerability has been identified in the maintenance component of LMXCMS version 1.41, specifically within the 'db.inc.php' file. This flaw allows an attacker to manipulate the system remotely, potentially injecting malicious code. Although the attack's complexity is notably high...
PoC for CVE-2025-1464
A vulnerability has been identified in the Baiyi Cloud Asset Management System affecting the admin.house.collect.php file. The flaw arises from inadequate validation of the project_id argument, allowing attackers to execute arbitrary SQL commands remotely. This weakness poses a significant risk a...
Discovered 3 days ago
PoC for CVE-2024-12173
The Master Slider WordPress plugin prior to version 3.10.5 is susceptible to stored cross-site scripting vulnerabilities due to improper sanitization and escaping of its settings. This flaw can be exploited by users with high privileges, such as Editors and above, potentially allowing them to exe...
PoC for CVE-2024-13159
Ivanti Endpoint Manager is impacted by an absolute path traversal vulnerability that enables remote unauthenticated attackers to access and leak sensitive information. This issue affects Ivanti EPM versions released prior to the January 2025 security update. It is crucial for users of these produ...
PoC for CVE-2024-31903
A vulnerability exists in IBM Sterling B2B Integrator Standard Edition that allows an attacker within the local network to execute arbitrary code on the system. This is due to improper deserialization of untrusted data, which can lead to exploitation of the affected versions. Proper validation of...
PoC for CVE-2025-26465
A significant vulnerability has been identified in OpenSSH when the VerifyHostKeyDNS option is activated. This flaw allows a malicious actor to conduct a man-in-the-middle attack by impersonating a legitimate server. The crux of the issue lies in the mishandling of error codes by OpenSSH during t...
PoC for CVE-2025-1448
A command injection vulnerability has been identified in Synway SMG Gateway Management Software that affects versions up to 20250204. This flaw arises from improper handling of the 'retry' argument in the file 9-12ping.php, allowing an attacker to execute arbitrary commands on the server remotely...
PoC for CVE-2023-4911
The first article discusses two different critical vulnerabilities in the GNU C Library (glibc) that allow unprivileged attackers to gain root access on multiple major Linux distributions. The vulnerabilities are tracked as CVE-2023-4911 and CVE-2023-6246 and both can lead to local privilege esca...
PoC for CVE-2025-25163
A path traversal vulnerability has been identified in the A/B Image Optimizer plugin developed by Zach Swetz. This flaw allows attackers to access files outside the intended directory structure by manipulating file paths, potentially leading to unauthorized access to sensitive data on the server....
PoC for CVE-2021-3560
A flaw in Polkit allows an unprivileged local attacker to bypass credential checks for D-Bus requests. This can lead to the elevation of privileges to that of the root user, enabling the attacker to execute commands with elevated permissions. This vulnerability poses a significant threat to the c...
Discovered 4 days ago
PoC for CVE-2024-4367
A vulnerability has been identified in PDF.js, specifically related to a missing type check when processing fonts. This oversight permits arbitrary JavaScript execution within the PDF.js environment. As a result, users of affected versions of Mozilla Firefox and Thunderbird could be vulnerable to...
PoC for CVE-2025-21420
A vulnerability has been identified in the Windows Disk Cleanup Tool that may allow attackers to escalate privileges on affected systems. By exploiting this flaw, an unauthorized user could gain elevated access to system functions and potentially compromise the integrity of the system. It is cruc...
PoC for CVE-2021-44967
A vulnerability exists in LimeSurvey 5.2.4 that permits remote code execution via the plugin upload and installation process. Attackers can exploit this weakness to upload arbitrary PHP code files, potentially compromising the integrity and security of the affected installation. This vulnerabilit...
PoC for CVE-2025-1381
A serious vulnerability has been identified in the Real Estate Property Management System version 1.0 developed by Code-Projects, specifically within the /ajax_city.php file. This vulnerability allows for SQL injection through the manipulation of the CityName argument, enabling attackers to execu...
PoC for CVE-2025-1380
A vulnerability exists in the Codezips Gym Management System 1.0, specifically related to the functionality in the file /dashboard/admin/del_plan.php. This security flaw stemmed from improper handling of input parameters, allowing an attacker to manipulate the 'name' argument to execute SQL injec...
PoC for CVE-2025-1379
A vulnerability exists in the Code-Projects Real Estate Property Management System's /Admin/CustomerReport.php file due to improper handling of user input in the 'city' parameter. This weakness allows attackers to perform SQL injection attacks, enabling them to manipulate database queries and pot...
PoC for CVE-2024-48990
A vulnerability has been identified in Needrestart, the tool developed by Qualys, which prior to version 3.8, can be exploited by local attackers. This flaw allows attackers to execute arbitrary code with root privileges by manipulating the PYTHONPATH environment variable when Needrestart runs th...
Discovered 5 days ago
PoC for CVE-2025-1378
A vulnerability exists in the radare2 toolset, specifically in the rasm2 component. This issue, found in the function located in /libr/main/rasm2.c, results in memory corruption that can be exploited through local access. Exploitation of this vulnerability may compromise system integrity, making ...
PoC for CVE-2024-13726
The Coder plugin for WordPress, up to version 1.3.4, allows unauthenticated users to execute arbitrary SQL code through an AJAX action, due to insufficient sanitization and escaping of parameters. This vulnerability can lead to unauthorized access and manipulation of the database, posing signific...
PoC for CVE-2024-13627
The OWL Carousel Slider plugin for WordPress, up to version 2.2, contains a vulnerability that allows for reflected cross-site scripting. This occurs because the plugin fails to properly sanitize and escape a specific parameter when it is outputted back to the page. Attackers can exploit this fla...
PoC for CVE-2024-13626
The VR-Frases plugin for WordPress, up to version 3.0.1, is susceptible to a reflected cross-site scripting attack due to insufficient sanitization and escaping of user-supplied parameters. This vulnerability could allow attackers to execute scripts in the context of high-privilege users, such as...
PoC for CVE-2024-13625
The Tube Video Ads Lite plugin for WordPress, versions up to 1.5.7, contains a vulnerability that allows for reflected cross-site scripting. This is due to the failure to properly sanitize and escape user-inputted parameters before rendering them on the webpage. Exploitation of this vulnerability...
PoC for CVE-2024-13608
The Track Logins plugin for WordPress, up to version 1.0, is susceptible to SQL injection due to inadequate sanitization and escaping of a user-supplied parameter prior to its use in SQL statements. This oversight enables attackers, including malicious admins, to craft SQL queries that may compro...
PoC for CVE-2024-13603
The Wise Forms plugin for WordPress, up to version 1.2.0, contains a vulnerability that fails to properly sanitize and escape certain settings. This oversight allows unauthenticated users to exploit the plugin through crafted form submissions, leading to potential Stored Cross-Site Scripting (XSS...
PoC for CVE-2025-1377
A denial of service vulnerability has been identified in GNU elfutils version 0.192, specifically affecting the gelf_getsymshndx function within the eu-strip component's strip.c file. This vulnerability allows local attackers to manipulate the function to cause a denial of service, potentially di...
PoC for CVE-2019-18818
Strapi versions prior to 3.0.0-beta.17.5 contain a vulnerability that improperly manages password resets, leading to potential unauthorized access. The flaw resides in the strapi-admin and strapi-plugin-users-permissions components, which may enable attackers to bypass authentication mechanisms, ...