Publicly Disclosed
PoC Exploits

🔴 Alway take caution when working with PoC Exploits 🔴

Discovered just now...

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

PoC for CVE-2026-41940

WebprosCpanel🟣 EPSS 28%9.3CRITICAL
Authentication Bypass Vulnerability in cPanel and WHM

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

Discovered 20 minutes ago

PoC for CVE-2026-41940

WebprosCpanel🟣 EPSS 28%9.3CRITICAL
Authentication Bypass Vulnerability in cPanel and WHM

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

Discovered 2 hours ago

PoC for CVE-2026-7675

Shenzhen Libituo ...Lbt-t300-hw18.7HIGH
Buffer Overflow Vulnerability in Shenzhen Libituo Technology Product

A buffer overflow vulnerability has been identified in the Shenzhen Libituo Technology LBT-T300-HW1 router, specifically within the start_lan function of the /apply.cgi file. This issue arises when user-controlled input is mishandled, allowing remote attackers to manipulate the Channel/ApCliSsid ...

Discovered 3 hours ago

PoC for CVE-2024-53677

ApacheApache Struts🟣 EPSS 93%9.8CRITICAL
Flawed File Upload Logic in Apache Struts Exposes Vulnerability

A security flaw in the file upload mechanism of Apache Struts could allow an attacker to exploit file upload parameters. This vulnerability enables path traversal, leading to the possibility of uploading a malicious file that can facilitate remote code execution. To mitigate risks, users should u...

PoC for CVE-2026-7673

ZBJKCrmeb Java5.1MEDIUM
Unrestricted File Upload Vulnerability in crmeb_java by ZBJK

A vulnerability in the crmeb_java product version up to 1.3.4 has been identified that allows for unrestricted file uploads through the Admin Upload component. Specifically, the issue resides in the UploadServiceImpl.java file, where manipulation of the model argument can lead to unauthorized fil...

Discovered 4 hours ago

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

PoC for CVE-2026-7671

CodewiseTornet Scooter Mobile App6.3MEDIUM
Improper Authentication in CodeWise Tornet Scooter Mobile App for i...

The CodeWise Tornet Scooter Mobile App version 4.75 for both iOS and Android is exposed to a vulnerability that allows for improper restriction of excessive authentication attempts through an undisclosed function in the file /TwoFactor. This flaw enables attackers to potentially exploit the syste...

Discovered 5 hours ago

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

PoC for CVE-2026-7671

CodewiseTornet Scooter Mobile App6.3MEDIUM
Improper Authentication in CodeWise Tornet Scooter Mobile App for i...

The CodeWise Tornet Scooter Mobile App version 4.75 for both iOS and Android is exposed to a vulnerability that allows for improper restriction of excessive authentication attempts through an undisclosed function in the file /TwoFactor. This flaw enables attackers to potentially exploit the syste...

Discovered 6 hours ago

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

PoC for CVE-2026-7670

JinherOa6.9MEDIUM
SQL Injection Vulnerability in Jinher OA by Jinher Technology

A vulnerability exists in Jinher OA version 1.0, specifically within the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This flaw allows attackers to manipulate the DeptIDList argument, enabling SQL injection attacks that can be executed remotely. The exploit has been documented and potentially ...

PoC for CVE-2026-42167

ProftpdProftpd8.1HIGH
Remote Code Execution Vulnerability in ProFTPD's mod_sql

The mod_sql module in ProFTPD prior to version 1.3.10rc1 contains a critical vulnerability that allows remote attackers to execute arbitrary code by sending specially crafted username requests. This occurs in scenarios where USER request logging is enabled with an expansion format like %U, combin...

Discovered 9 hours ago

PoC for CVE-2026-7668

MikrotikRouteros6.9MEDIUM
Out-of-Bounds Read Vulnerability in MikroTik RouterOS

An out-of-bounds read vulnerability has been identified in MikroTik RouterOS version 6.49.8, specifically within the ASN1_STRING_data function found in the library nova/lib/www/scep.p, which is part of the SCEP Endpoint component. This flaw arises from improper handling of the transactionID and m...

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

Discovered 10 hours ago

PoC for CVE-2026-41940

WebprosCpanel🟣 EPSS 28%9.3CRITICAL
Authentication Bypass Vulnerability in cPanel and WHM

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

Discovered 11 hours ago

PoC for CVE-2026-42779

ApacheApache Mina9.8CRITICAL
Arbitrary Code Execution Vulnerability in Apache MINA by Apache

A vulnerability exists in Apache MINA's AbstractIoBuffer.resolveClass() method, where the check for allowed class names has not been properly enforced in specific version branches. This oversight permits arbitrary code execution when certain applications call IoBuffer.getObject(), making it criti...

Discovered 12 hours ago

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

Discovered 13 hours ago

PoC for CVE-2025-24367

CactiCacti🟣 EPSS 90%8.7HIGH
Remote Code Execution Vulnerability in Cacti by Cacti Group

An authenticated Cacti user can exploit vulnerabilities in the graph creation and graph template features to execute arbitrary PHP scripts within the web root of the application. This unauthorized script execution can lead to significant security breaches, allowing attackers to compromise the ser...

PoC for CVE-2026-33825

MicrosoftMicrosoft Defender Ant...7.8HIGH
Access Control Vulnerability in Microsoft Defender

An access control flaw in Microsoft Defender permits an authorized attacker to elevate their privileges within the system. This vulnerability arises due to insufficient granularity in access controls, potentially enabling local exploitation of the affected product capabilities. Organizations need...

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

PoC for CVE-2026-7653

R-huijtsMcp-server-rijksmuseum5.3MEDIUM
OS Command Injection Flaw in MCP Interface of r-huijts Product

A security flaw exists in the MCP Interface of r-huijts mcp-server-rijksmuseum versions up to 1.0.4 due to improper handling of the imageUrl argument in the open_image_in_browser function. This vulnerability enables attackers to execute arbitrary operating system commands remotely, potentially co...

PoC for CVE-2026-7645

RuvnetSublinear-time-solver6.9MEDIUM
Path Traversal Vulnerability in MCP Interface of Ruvnet Sublinear-T...

A path traversal vulnerability exists in the Ruvnet Sublinear-Time-Solver product, specifically within the MCP Interface. This issue arises from inadequate validation in the export_state function located in the src/consciousness-explorer/mcp/server.js file. Attackers can exploit this vulnerabilit...

Discovered 14 hours ago

PoC for CVE-2026-7644

ChatgptnextwebNextchat6.9MEDIUM
Improper Authorization in ChatGPTNextWeb NextChat Affects User Access

A vulnerability has been identified in the NextChat product of ChatGPTNextWeb, specifically within the addMcpServer function found in app/mcp/actions.ts. This issue allows for improper authorization, which could potentially enable remote attackers to exploit the vulnerability for unauthorized acc...

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

PoC for CVE-2026-7643

ChatgptnextwebNextchat5.3MEDIUM
Permissive CORS Policy in ChatGPTNextWeb NextChat Affects API Endpo...

A vulnerability identified in ChatGPTNextWeb's NextChat version 2.16.1 allows for a permissive CORS policy, placing users at risk for cross-domain attacks. The flaw resides in an unspecified function within the Next.js component of the API endpoint, which could be exploited to allow untrusted dom...

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

PoC for CVE-2026-7642

Pskill9Website-downloader5.3MEDIUM
OS Command Injection Vulnerability in pskill9 Website-Downloader by...

A vulnerability in the pskill9 website-downloader allows for OS command injection via the download_website function in the MCP Interface. By manipulating the outputPath argument, attackers can execute arbitrary commands on the server. This vulnerability can be exploited remotely and has been publ...

Discovered 15 hours ago

PoC for CVE-2026-7633

TotolinkN300rh6.9MEDIUM
File Inclusion Vulnerability in Totolink N300RH Product

A file inclusion vulnerability exists in the Totolink N300RH model affecting version 6.1c.1353_B20190305. Specifically, the function setUploadSetting located in the /cgi-bin/cstecgi.cgi file allows for remote manipulation of the FileName argument. This flaw can be exploited to include unauthorize...

PoC for CVE-2026-7632

Code-projectsOnline Hospital Manage...6.9MEDIUM
SQL Injection Vulnerability in Code-Projects Online Hospital Manage...

A vulnerability exists in Code-Projects' Online Hospital Management System, specifically in the /viewappointment.php file. This flaw allows an attacker to manipulate the 'delid' argument, leading to SQL injection vulnerabilities. The attack can be executed remotely, providing potential access to ...

PoC for CVE-2026-7631

Code-projectsOnline Hospital Manage...5.3MEDIUM
Improper Authorization in Online Hospital Management System by Code...

The Online Hospital Management System version 1.0 by Code-Projects contains a vulnerability in the Registration Handler component. An unknown function within this component improperly manages authorization based on user input. Specifically, manipulation of the 'Username' argument allows unauthori...

PoC for CVE-2026-7630

InnocommerceInnoshop6.9MEDIUM
Improper Authentication in innocommerce InnoShop Affects Installati...

A vulnerability has been identified in the InnoShop component from innocommerce, specifically in the InstallServiceProvider::boot function within the Installation Endpoint. This flaw allows improper authentication, potentially enabling remote exploitation. The issue has been made public, and user...

Discovered 16 hours ago

PoC for CVE-2026-7629

KlenewayAwesome-cursor-mpc-server5.3MEDIUM
Command Injection Vulnerability in kleneway Awesome Cursor MPC Server

A vulnerability has been discovered in the kleneway awesome-cursor-mpc-server affecting versions up to 2.0.1. The flaw exists within the runCodeReviewTool function in the codeReview.ts file, which is part of the Ccode-Review Tool component. This vulnerability allows an attacker to execute arbitra...

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

Discovered 17 hours ago

PoC for CVE-2026-7628

CrazyrabbitltcMcp-code-review-server5.3MEDIUM
Command Injection Vulnerability in crazyrabbitLTC Repository Manage...

A command injection vulnerability exists in the crazyrabbitLTC mcp-code-review-server, specifically within the executeRepomix function located in src/repomix.ts. This flaw allows an attacker to execute arbitrary commands on the server, potentially leading to unauthorized actions. The vulnerabilit...

Discovered 18 hours ago

PoC for CVE-2026-7627

8niteMetatrader-4-mcp5.3MEDIUM
Path Traversal Vulnerability in 8nite Metatrader-4-MCP Software

A security vulnerability exists in version 1.0.0 of 8nite Metatrader-4-MCP, specifically within the CallToolRequestSchema function in the software's src/index.ts file. This vulnerability arises due to improper handling of the 'ea_name' argument, allowing attackers to exploit path traversal issues...

PoC for CVE-2026-41940

WebprosCpanel🟣 EPSS 28%9.3CRITICAL
Authentication Bypass Vulnerability in cPanel and WHM

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

Discovered 19 hours ago

PoC for CVE-2026-7612

ItsourcecodeCourier Management System5.1MEDIUM
SQL Injection Vulnerability in itsourcecode Courier Management System

A SQL injection vulnerability exists in itsourcecode Courier Management System version 1.0, specifically within the /edit_user.php file. By manipulating the 'ID' parameter, an attacker can execute unauthorized SQL commands, potentially compromising the database from a remote location. This vulner...

Discovered 20 hours ago

PoC for CVE-2026-7609

TrendnetTew-821dap5.3MEDIUM
Command Injection Vulnerability in TRENDnet TEW-821DAP Firmware

A vulnerability in the TRENDnet TEW-821DAP device's diagnostic tool exposes users to potential os command injection attacks. The flaw is located in the firmware's diagnostic function, specifically within the '/tmp/diagnostic' file, allowing malicious actors to execute arbitrary commands remotely....

PoC for CVE-2026-41940

WebprosCpanel🟣 EPSS 28%9.3CRITICAL
Authentication Bypass Vulnerability in cPanel and WHM

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

PoC for CVE-2026-7608

TrendnetTew-821dap5.1MEDIUM
OS Command Injection Vulnerability in TRENDnet TEW-821DAP by TRENDnet

A significant vulnerability has been identified in the TRENDnet TEW-821DAP router models operating on firmware version 1.12B01. This vulnerability occurs in the tools_diagnostic function, which is susceptible to OS command injection. This allows attackers to execute arbitrary commands on the affe...

Discovered 21 hours ago

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

Discovered 22 hours ago

PoC for CVE-2026-7605

JeecgBootJeecgboot5.3MEDIUM
Server-Side Request Forgery in JeecgBoot Affects Multiple Versions

A security flaw has been identified in JeecgBoot, specifically in the function handling image upload, which can be exploited to perform server-side request forgery (SSRF). This vulnerability allows an attacker to manipulate requests in a way that may lead to unauthorized access to internal resour...

Discovered 23 hours ago

PoC for CVE-2026-41940

WebprosCpanel🟣 EPSS 28%9.3CRITICAL
Authentication Bypass Vulnerability in cPanel and WHM

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

Discovered 1 day ago

PoC for CVE-2026-7604

JeecgJeecgboot5.3MEDIUM
Server-Side Request Forgery Vulnerability in JeecgBoot by Jeecg

A serious vulnerability has been found in JeecgBoot affecting versions up to 3.9.1, specifically within the OpenApi Service's OpenApiController. This issue allows for server-side request forgery (SSRF) due to improper handling of the originUrl parameter. Attackers can exploit this flaw remotely, ...