Publicly Disclosed
PoC Exploits

🔴 Alway take caution when working with PoC Exploits 🔴

Discovered 1 hour ago

PoC for CVE-2026-7127

SourcecodesterPharmacy Sales And Inv...6.9MEDIUM
SQL Injection Vulnerability in SourceCodester Pharmacy Sales and In...

A vulnerability has been discovered in version 1.0 of the SourceCodester Pharmacy Sales and Inventory System, specifically affecting the `/ajax.php?action=delete_receiving` file. This weakness allows attackers to manipulate an ID argument, potentially leading to SQL injection attacks. As the expl...

Discovered 2 hours ago

PoC for CVE-2026-7126

SourcecodesterPharmacy Sales And Inv...6.9MEDIUM
SQL Injection Vulnerability in SourceCodester Pharmacy Sales and In...

A security vulnerability has been identified in the SourceCodester Pharmacy Sales and Inventory System 1.0, which allows attackers to manipulate the ID parameter in the ajax.php file, leading to SQL injection. This vulnerability can be exploited remotely, posing a significant risk to the integrit...

PoC for CVE-2026-7125

TotolinkA8000ru9.3CRITICAL
OS Command Injection in Totolink A8000RU by Totolink

A vulnerability exists in the Totolink A8000RU router, specifically in the setWiFiEasyCfg function within the CGI Handler component located at /cgi-bin/cstecgi.cgi. This issue allows an attacker to manipulate the merge argument, facilitating OS command injection. As a result, remote attackers cou...

PoC for CVE-2026-7124

TotolinkA8000ru9.3CRITICAL
Command Injection Vulnerability in Totolink A8000RU's CGI Handler

A command injection vulnerability exists in the CGI Handler of the Totolink A8000RU, specifically within the setIpv6LanCfg function of the /cgi-bin/cstecgi.cgi file. By manipulating the addrPrefixLen argument, an attacker can execute arbitrary operating system commands remotely. This vulnerabilit...

PoC for CVE-2026-7123

TotolinkA8000ru9.3CRITICAL
Command Injection Vulnerability in Totolink A8000RU by Totolink

A security flaw in the Totolink A8000RU, specifically in the function setIptvCfg of the cgi-bin/cstecgi.cgi file, allows for OS command injection. This vulnerability can be exploited remotely by manipulating the argument in setIptvCfg, potentially leading to unauthorized access and command execut...

Discovered 3 hours ago

PoC for CVE-2026-7122

TotolinkA8000ru9.3CRITICAL
OS Command Injection Vulnerability in Totolink A8000RU Router

A critical OS command injection vulnerability has been identified in the Totolink A8000RU router, specifically within the setUPnPCfg function of the CGI component located in the /cgi-bin/cstecgi.cgi file. This flaw allows attackers to craft malicious requests, potentially executing arbitrary comm...

PoC for CVE-2026-7121

TotolinkA8000ru9.3CRITICAL
Command Injection Vulnerability in Totolink A8000RU Router

A security flaw has been identified in the Totolink A8000RU router, specifically within the setWizardCfg function of the CGI Handler located in /cgi-bin/cstecgi.cgi. This vulnerability allows for os command injection via manipulation of input arguments. It can be exploited remotely, presenting a ...

PoC for CVE-2026-7119

TendaHg38.7HIGH
OS Command Injection Vulnerability in Tenda HG3 Router

A vulnerability in the Tenda HG3 2.0 router allows attackers to exploit an unknown function in the file /boaform/formCountrystr. By manipulating the 'countrystr' argument, attackers can execute arbitrary OS commands from a remote location. This vulnerability poses a significant security risk as t...

PoC for CVE-2026-7118

Code-projectsEmployee Management Sy...5.3MEDIUM
SQL Injection Vulnerability in Employee Management System by Code-P...

A security vulnerability exists in the Employee Management System version 1.0 developed by Code-Projects, specifically within the cancel.php file. This flaw is triggered by improper handling of the 'id/token' arguments, allowing remote attackers to execute SQL injection attacks. The remote exploi...

Discovered 4 hours ago

PoC for CVE-2026-7117

Code-projectsEmployee Management Sy...5.3MEDIUM
SQL Injection Vulnerability in Code-Projects Employee Management Sy...

A security flaw has been found in the Employee Management System (version 1.0) by Code-Projects, specifically in the 'approve.php' file. An attacker can manipulate the 'id/token' parameters, leading to SQL injection vulnerabilities that can be exploited remotely. The exploit is publicly available...

PoC for CVE-2026-7116

Code-projectsEmployee Management Sy...5.3MEDIUM
Cross-Site Scripting Vulnerability in Employee Management System by...

A security flaw exists in the Employee Management System 1.0 developed by Code-Projects, specifically affecting the handling of the file `370project/mark.php`. This vulnerability can lead to cross-site scripting (XSS) attacks, allowing remote attackers to manipulate content and execute scripts in...

PoC for CVE-2026-7115

Code-projectsEmployee Management Sy...5.3MEDIUM
SQL Injection Vulnerability in Employee Management System by Code-P...

A security flaw has been discovered in the code-projects Employee Management System version 1.0, specifically within the delete.php file. This vulnerability allows remote attackers to manipulate the 'ID' argument, leading to potential SQL injection attacks. The exploit can be easily executed, pos...

PoC for CVE-2026-7114

Code-projectsEmployee Management Sy...5.3MEDIUM
SQL Injection Vulnerability in code-projects Employee Management Sy...

A vulnerability has been identified in the Employee Management System 1.0 developed by code-projects, specifically within the edit.php file. This vulnerability allows for SQL injection attacks through manipulation of the argument ID. Attackers can exploit this security flaw remotely, which poses ...

Discovered 5 hours ago

PoC for CVE-2026-0911

WordPressHustle – Email Marketi...7.5HIGH
Arbitrary File Upload Vulnerability in Hustle Plugin for WordPress

The Hustle plugin for WordPress contains a vulnerability that allows authenticated users with lower-privileged roles, such as Subscribers, to upload arbitrary files due to insufficient file type validation. This flaw is present in all versions up to and including 7.8.9.2 and could potentially lea...

PoC for CVE-2026-7113

NousresearchHermes-agent6.3MEDIUM
Webhooks Endpoint Vulnerability in NousResearch Hermes-Agent

An issue has been discovered in NousResearch hermes-agent version 0.8.0, where the Webhooks Endpoint's _INSECURE_NO_AUTH argument allows for missing authentication controls. This vulnerability enables remote attackers to exploit it without authentication, potentially leading to unauthorized acces...

PoC for CVE-2026-7112

NousresearchHermes-agent6.3MEDIUM
Improper Authentication in NousResearch hermes-agent API Component

A security flaw exists in the NousResearch hermes-agent version 0.8.0 involving the function _check_auth located in the file gateway/platforms/api_server.py. This vulnerability allows for improper authentication, potentially enabling remote attackers to manipulate user access and permissions. Alt...

PoC for CVE-2026-7110

Code-projectsInvoice System In Laravel5.1MEDIUM
Cross-Site Scripting in Code-Projects Invoice System by Code-Projects

A vulnerability exists in the Code-Projects Invoice System version 1.0, where an exploitation of the file /item allows attackers to manipulate input parameters related to item names and descriptions. This manipulation can lead to Cross-Site Scripting (XSS) attacks, enabling remote attackers to ex...

PoC for CVE-2026-7109

Code-projectsInvoice System In Laravel6.9MEDIUM
Improper Authorization in Code-Projects Invoice System API Endpoint

A vulnerability has been identified in the Code-Projects Invoice System, specifically within the API Endpoint related to the '/item' function. This flaw enables improper authorization, allowing attackers to manipulate requests and gain unauthorized access. The impact is significant as the attack ...

Discovered 6 hours ago

PoC for CVE-2026-7108

Code-projectsInvoice System In Laravel5.3MEDIUM
Cross-Site Request Forgery Vulnerability in Invoice System by Code-...

A security vulnerability has been found in the Invoice System developed by Code-Projects, specifically in version 1.0, which is susceptible to cross-site request forgery (CSRF) attacks. This vulnerability allows malicious actors to perform unauthorized actions on behalf of users without their con...

PoC for CVE-2026-7107

Code-projectsInvoice System In Laravel5.3MEDIUM
Unrestricted File Upload Vulnerability in Code-Projects Invoice Sys...

A vulnerability has been discovered in the Code-Projects Invoice System, impacting version 1.0. The issue arises from an undefined function within the '/company' file, allowing attackers to manipulate the 'logo' argument and execute unrestricted file uploads. This vulnerability is exploitable rem...

PoC for CVE-2026-7102

TendaF4565.3MEDIUM
Command Injection Vulnerability in Tenda F456 by Tenda

A command injection vulnerability has been identified in the Tenda F456 product, specifically within the FromWriteFacMac function of the /goform/WriteFacMac file. This flaw allows attackers to manipulate the 'mac' argument, leading to unauthorized command execution. Remote exploitation of this vu...

Discovered 7 hours ago

PoC for CVE-2026-7101

TendaF4568.7HIGH
Buffer Overflow Vulnerability in Tenda F456 Router

A significant vulnerability has emerged in the Tenda F456 router, specifically in version 1.0.0.5. This flaw arises from the 'fromWrlclientSet' function within the '/goform/WrlclientSet' file of the httpd component, leading to a buffer overflow. The vulnerability could allow an attacker to exploi...

PoC for CVE-2026-7100

TendaF4568.7HIGH
Buffer Overflow Vulnerability in Tenda F456 by Tenda

A vulnerability exists in the Tenda F456 router's HTTP service, specifically within the fromNatlimitof function in the httpd component. This flaw can be exploited remotely, potentially allowing an attacker to manipulate the affected function and trigger a buffer overflow. Exploitation of this vul...

PoC for CVE-2026-7099

TendaF4568.7HIGH
Buffer Overflow Vulnerability in Tenda F456 Router

A buffer overflow vulnerability has been identified in the Tenda F456 router. Specifically, the vulnerability lies in the function formQuickIndex located in the /goform/QuickIndex file of the httpd component. By manipulating the 'mit_linktype' argument, an attacker can cause a buffer overflow, wh...

PoC for CVE-2026-7098

TendaF4568.7HIGH
Buffer Overflow Vulnerability in Tenda F456 Router

A critical security vulnerability has been identified in the Tenda F456 router version 1.0.0.5, specifically in the fromDhcpListClient function within the /goform/DhcpListClient component. This vulnerability allows remote attackers to manipulate the arguments passed to the function, leading to a ...

PoC for CVE-2014-3566

RedhatEnterprise Linux Deskt...🟣 EPSS 94%3.4LOW
SSL Protocol 3.0 Vulnerability in OpenSSL Products

The SSL Protocol 3.0 vulnerability allows attackers to exploit the nondeterministic CBC padding method used in OpenSSL, enabling man-in-the-middle attacks. This vulnerability can lead to the exposure of sensitive cleartext data via a padding-oracle attack, commonly referred to as the 'POODLE' exp...

Discovered 8 hours ago

PoC for CVE-2026-7097

TendaF4568.7HIGH
Buffer Overflow Vulnerability in Tenda F456 by Tenda

A vulnerability in the Tenda F456 version 1.0.0.5 has been identified, which affects the httpd component, specifically within the function fromwebExcptypemanFilter. This vulnerability is caused by inadequate validation of input parameters, enabling attackers to exploit the argument 'page' to perf...

PoC for CVE-2026-7096

TendaHg38.7HIGH
OS Command Injection Vulnerability in Tenda HG3 by Tenda

A vulnerability has been identified in Tenda HG3 2.0 version 300003070 that allows an attacker to exploit the function formgponConf in the file /boaform/admin/formgponConf. By manipulating the argument fmgpon_loid, remote command execution can be achieved, putting devices at risk of unauthorized ...

PoC for CVE-2026-7095

Code-projectsEmployee Management Sy...5.3MEDIUM
Cross Site Scripting Vulnerability in Employee Management System by...

A cross site scripting vulnerability has been discovered in the Employee Management System version 1.0 developed by Code-Projects. This vulnerability exists in the file located at 370project/edit.php, where the manipulation of the argument ID can be exploited. Attackers can initiate this remotely...

PoC for CVE-2026-7094

ShadowclonelabsGlutamatemcpservers6.9MEDIUM
Server-Side Request Forgery in ShadowCloneLabs GlutamateMCPServers

A vulnerability exists in ShadowCloneLabs GlutamateMCPServers that allows a remote attacker to manipulate URL arguments, potentially leading to server-side request forgery. This flaw is located in the file src/puppeteer/index.ts within the puppeteer_navigate component. Despite being reported earl...

Discovered 9 hours ago

PoC for CVE-2026-7093

Code-projectsInvoice System In Laravel5.3MEDIUM
Improper Authorization in Code-Projects Invoice System for Laravel

A vulnerability exists in the Code-Projects Invoice System for Laravel 1.0, specifically within the Invoice Endpoint component. This issue arises from an improper authorization mechanism related to manipulation of the argument ID in the /invoice/ file. A remote attacker could exploit this vulnera...

PoC for CVE-2026-7092

Code-projectsInvoice System In Laravel5.3MEDIUM
Improper Authorization in Code-Projects Invoice System by Code-Proj...

A vulnerability has been identified in the Code-Projects Invoice System, specifically in the Profile Handler component. This issue arises from the manipulation of the argument ID, leading to improper authorization which could allow unauthorized access to sensitive user profiles. The flaw can be e...

PoC for CVE-2026-7091

Code-projectsInvoice System In Laravel5.3MEDIUM
Improper Authorization Flaw in Code-Projects Invoice System for Lar...

A security flaw has been identified in the Code-Projects Invoice System implemented in Laravel 1.0, specifically within an undisclosed function of the User Management Handler that handles user authentication. This vulnerability allows for unauthorized access, enabling potential remote exploitatio...

PoC for CVE-2026-7090

Code-projectsChat System4.8MEDIUM
Cross-Site Scripting Vulnerability in Code-Projects Chat System by ...

A vulnerability has been identified in the code-projects Chat System 1.0, specifically in the /admin/send_message.php file within the Chat Interface component. This flaw allows attackers to exploit the argument 'msg' to execute malicious scripts, leading to cross-site scripting (XSS). The nature ...

Discovered 10 hours ago

PoC for CVE-2026-7089

Code-projectsHome Service System5.3MEDIUM
Cross Site Scripting Vulnerability in Home Service System by Code-P...

A security flaw has been identified in the Home Service System 1.0 related to the Appointment Booking component. This vulnerability arises from improper handling of user-input arguments, specifically fname and lname, in the /booking.php file. Attackers can exploit this flaw to inject malicious sc...

PoC for CVE-2026-7088

SourcecodesterPharmacy Sales And Inv...6.9MEDIUM
SQL Injection Flaw in SourceCodester Pharmacy Sales and Inventory S...

A critical weakness has been discovered in the Pharmacy Sales and Inventory System, specifically within the /ajax.php?action=save_receiving file. This vulnerability allows an attacker to manipulate the parameter ID, which can lead to unauthorized SQL queries being executed on the database. This e...

PoC for CVE-2026-7087

SourcecodesterPharmacy Sales And Inv...6.9MEDIUM
SQL Injection Vulnerability in SourceCodester Pharmacy Sales and In...

A critical SQL injection flaw has been identified in the SourceCodester Pharmacy Sales and Inventory System version 1.0, specifically within the /ajax.php?action=save_sales function. This vulnerability allows attackers to manipulate the argument ID to execute arbitrary SQL queries on the database...

PoC for CVE-2026-7086

Hbai-ltdToonflow-app5.3MEDIUM
Path Traversal Vulnerability in Toonflow App by HBAI-Ltd

A security vulnerability has been detected in the Toonflow app by HBAI-Ltd, specifically affecting the updateStoryboardUrl function within the replaceUrl.ts file. This flaw permits unauthorized attackers to potentially exploit path traversal, allowing access to file system paths that should remai...

Discovered 11 hours ago

PoC for CVE-2026-7085

Hbai-ltdToonflow-app2.3LOW
Path Traversal Vulnerability in HBAI-Ltd Toonflow App

A vulnerability exists in the HBAI-Ltd Toonflow-app affecting the z.url functionality in the downloadApp endpoint, which can be exploited to achieve path traversal. This flaw allows an attacker to potentially manipulate the URL parameter exploited remotely. The complexity of this attack is high d...

PoC for CVE-2026-7084

Hbai-ltdToonflow-app5.3MEDIUM
Server-Side Request Forgery in HBAI-Ltd Toonflow App

A vulnerability was identified in HBAI-Ltd's Toonflow app, specifically in version 1.1.1. The issue resides in the getCodeByLink endpoint, where improper handling of input parameters allows an attacker to perform server-side request forgery (SSRF). This exploit can be executed remotely, posing si...

PoC for CVE-2026-7083

Likeadmin-likeshopLikeadmin PHP5.1MEDIUM
SQL Injection Vulnerability in Likeadmin-Likeshop by Guangzhou Duod...

A SQL injection vulnerability exists in the Likeadmin-Likeshop platform, specifically within the queryResult function of the DataTableLists.php file. This flaw allows remote attackers to manipulate SQL queries, potentially compromising the database and access sensitive data. Despite being reporte...

PoC for CVE-2026-7082

TendaF4568.7HIGH
Buffer Overflow Vulnerability in Tenda F456 Router

A buffer overflow vulnerability exists in the Tenda F456 router, specifically within the 'formWrlExtraSet' function of the httpd component. By manipulating the argument 'Go', an attacker can exploit this flaw to execute arbitrary code remotely, potentially compromising the device's security. The ...

PoC for CVE-2024-51482

ZoneminderZoneminder🟣 EPSS 48%10CRITICAL
ZoneMinder vulnerable to SQL Injection, fix released in 1.37.64

ZoneMinder, a popular open-source closed-circuit television software, has a vulnerability that exposes versions v1.37.* up to and including v1.37.64 to a boolean-based SQL injection attack through the web/ajax/event.php endpoint. This flaw can allow an attacker to manipulate SQL queries, potentia...

Discovered 12 hours ago

PoC for CVE-2026-7081

TendaF4568.7HIGH
Buffer Overflow Vulnerability in Tenda F456 Router

A buffer overflow vulnerability exists within the Tenda F456 router, specifically in the function fromGstDhcpSetSer of the httpd component. An attacker can exploit this weakness by manipulating the dips argument, allowing the execution of arbitrary code remotely. Given that the exploit details ar...

PoC for CVE-2026-7080

TendaF4568.7HIGH
Buffer Overflow Vulnerability in Tenda F456 by Tenda

A security vulnerability has been identified in Tenda F456 version 1.0.0.5, specifically in the PPTPUserSetting function within the httpd component. An argument manipulation in the delno parameter can lead to a buffer overflow, which exposes the system to potential remote exploitation. This vulne...

PoC for CVE-2026-7079

TendaF4568.7HIGH
Buffer Overflow Vulnerability in Tenda F456 Devices

A buffer overflow vulnerability has been discovered in the Tenda F456 router, specifically within the fromAdvSetWan function of the httpd component. This vulnerability arises from improper handling of the wanmode argument, allowing an attacker to manipulate the input and potentially execute arbit...

PoC for CVE-2026-7078

TendaF4568.7HIGH
Buffer Overflow Vulnerability in Tenda F456

A security flaw has been identified in the Tenda F456 router, specifically in the function fromSetIpBind located in the /goform/SetIpBind component of the httpd service. This vulnerability stems from improper handling of the argument page, leading to a buffer overflow condition. Attackers can exp...

Discovered 13 hours ago

PoC for CVE-2026-7077

ItsourcecodeCourier Management System6.9MEDIUM
SQL Injection Vulnerability in itsourcecode Courier Management System

A vulnerability in the itsourcecode Courier Management System 1.0 has been discovered, specifically within an unidentified function in the edit_parcel.php file. This weakness allows for SQL injection through the manipulation of the 'ID' argument. The SQL injection can be executed remotely, thereb...

PoC for CVE-2026-41242

ProtobufjsProtobuf.js9.4CRITICAL
Code Execution Vulnerability in Protobuf.js by ProtobufJS

Protobuf.js, a library that compiles protocol buffer definitions into JavaScript functions, is susceptible to a vulnerability that enables attackers to inject arbitrary code via the 'type' fields in protobuf definitions. This injected code can be executed during the decoding of the corresponding ...

PoC for CVE-2026-7076

ItsourcecodeCourier Management System6.9MEDIUM
SQL Injection Vulnerability in itsourcecode Courier Management System

A vulnerability exists in the itsourcecode Courier Management System version 1.0, specifically within the /edit_branch.php file. This flaw enables attackers to execute SQL injection attacks by manipulating the ID argument. The potential for remote exploitation of this vulnerability raises serious...