Publicly Disclosed
PoC Exploits

đź”´ Alway take caution when working with PoC Exploits đź”´

Discovered just now...

PoC for CVE-2026-25769

WazuhWazuh9.1CRITICAL
Remote Code Execution in Wazuh due to Untrusted Data Deserialization

Wazuh, a widely-used open-source platform for threat detection and response, exhibits a vulnerability that allows for Remote Code Execution due to faulty deserialization of untrusted data. This issue affects deployments utilizing cluster mode wherein an attacker can gain full control of the maste...

PoC for CVE-2026-33017

Langflow-aiLangflow9.3CRITICAL
Authentication Bypass in Langflow Tool for AI-Powered Workflows

Langflow, a tool for constructing and deploying AI-driven agents and workflows, is susceptible to a vulnerability in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint in versions before 1.9.0. This vulnerability enables an attacker to build public flows without authentication, leveraging ...

Discovered 2 hours ago

PoC for CVE-2025-66034

FonttoolsFonttools6.3MEDIUM
Arbitrary File Write Vulnerability in fontTools Affects Remote Code...

The fontTools library, used for font manipulation in Python, contains an arbitrary file write vulnerability affecting versions from 4.33.0 to before 4.60.2. This flaw allows an attacker to execute remote code when a specially crafted .designspace file is processed through the fonttools varLib scr...

PoC for CVE-2026-4516

Foundation AgentsMetagpt5.3MEDIUM
Injection Vulnerability in Foundation Agents MetaGPT by Unknown Vendor

A significant injection vulnerability exists in Foundation Agents' MetaGPT before version 0.8.1, specifically within the unknown code of the file metagpt/actions/di/write_analysis_code.py, related to the DataInterpreter component. This flaw allows remote attackers to manipulate code execution, po...

Discovered 4 hours ago

PoC for CVE-2019-25572

NordvpnNordvpn6.9MEDIUM
Denial of Service Vulnerability in NordVPN by NordVPN

NordVPN version 6.19.6 is liable to a denial of service vulnerability that enables local attackers to disrupt the application by providing an excessively long input in the email field. Specifically, attackers can crash the application by inputting a string of up to 100,000 characters during the l...

PoC for CVE-2019-25571

MediamonkeyMediamonkey6.9MEDIUM
Denial of Service Vulnerability in MediaMonkey by Ventis Media

MediaMonkey 4.1.23 has a vulnerability that enables local attackers to crash the application. This originates from a specially crafted MP3 file containing an excessively long URL string. When the malicious file is opened through the File > Open URL dialog, it triggers a crash due to the buffer be...

PoC for CVE-2019-25570

RealtermRealterm: Serial Terminal6.8MEDIUM
Denial of Service Vulnerability in RealTerm Serial Terminal Software

RealTerm Serial Terminal version 2.0.0.70 is susceptible to a denial of service vulnerability triggered by the Port input field. Local attackers can exploit this flaw by entering an excessively long string, specifically 1000 characters. When the open button is clicked, the application crashes, re...

PoC for CVE-2019-25569

RealtermRealterm: Serial Terminal6.9MEDIUM
Stack-Based Buffer Overflow in RealTerm Serial Terminal by RealTerm

RealTerm Serial Terminal version 2.0.0.70 is susceptible to a stack-based buffer overflow vulnerability within the Echo Port field. This flaw enables local attackers to manipulate the application by injecting a specially crafted input string, which contains 268 bytes of padding and specific overw...

PoC for CVE-2019-25568

MemuplayMemu Play9.3CRITICAL
Insecure File Permissions in Memu Play by Microvirt

Memu Play version 6.0.7 is susceptible to an insecure file permissions vulnerability. This weakness allows low-privileged users to escalate their privileges by replacing the MemuService.exe executable in the installation directory with a malicious version. When the service is restarted after a re...

PoC for CVE-2019-25566

AcutesystemsTransmac6.9MEDIUM
Buffer Overflow Vulnerability in TransMac by Acute Systems

TransMac 12.3 is susceptible to a buffer overflow vulnerability within the volume name field, allowing local attackers to crash the application. By providing an excessively long string, such as a malicious file containing 1000 repeated characters, attackers can trigger the application to fail dur...

PoC for CVE-2019-25567

Valentina-dbValentina Studio6.9MEDIUM
Buffer Overflow Vulnerability in Valentina Studio by Valentina DB

Valentina Studio version 9.0.5 for Linux is susceptible to a buffer overflow vulnerability within the Host field of its connection dialog. This flaw allows local attackers to crash the application by submitting an excessively long input string, specifically one that exceeds 264 bytes. The vulnera...

PoC for CVE-2019-25565

MagicisoMagic Iso Maker6.9MEDIUM
Buffer Overflow Vulnerability in Magic Iso Maker by MagicISO

Magic Iso Maker version 5.5 build 281 is susceptible to a buffer overflow vulnerability located in the Serial Code registration field. This flaw allows local attackers to exploit the application by providing an excessively large input during the registration process. Specifically, an attacker can...

PoC for CVE-2019-25564

UvncPchelpwarev26.8MEDIUM
Denial of Service Vulnerability in PCHelpWareV2 by UVNC

The PCHelpWareV2 1.0.0.5 application is susceptible to a denial of service attack due to improper handling of input in the Group field. Local attackers can leverage this vulnerability by submitting an excessively long string into the Group property field, which can lead to an application crash. T...

PoC for CVE-2019-25563

UvncPchelpwarev26.9MEDIUM
Denial of Service Vulnerability in PCHelpWareV2 by UVNC

PCHelpWareV2 version 1.0.0.5 is susceptible to a denial of service vulnerability that allows local attackers to crash the application. This can be achieved by submitting a specially crafted BMP file with an oversized buffer while using the Create SC feature, leading to application instability. Pr...

PoC for CVE-2019-25562

JetaudioConvert Video Jetaudio6.8MEDIUM
Buffer Overflow Vulnerability in jetAudio by COWON

jetAudio version 8.1.7 has a vulnerability in its video converter component that allows local attackers to exploit a buffer overflow via the File Naming field. By submitting an oversized string, specifically a malicious buffer of 512 bytes, attackers can induce a crash of the application upon cli...

PoC for CVE-2019-25561

JetaudioLyric Maker6.9MEDIUM
Buffer Overflow in Lyric Maker Affects Local Users

Lyric Maker 2.0.1.0 is susceptible to a buffer overflow vulnerability that enables local attackers to create a denial of service condition. By inputting an excessively long string—up to 5000 bytes—in the Title field, an attacker can crash the application, rendering it unusable. This flaw highligh...

PoC for CVE-2019-25560

LyricvideocreatorLyric Video Creator8.7HIGH
Denial of Service Vulnerability in Lyric Video Creator by Lyric Vid...

Lyric Video Creator 2.1 is susceptible to a denial of service vulnerability arising from improper handling of malformed MP3 files. Attackers can exploit this flaw by crafting a specifically designed MP3 file that contains an oversized buffer. When the affected application processes this file, it ...

PoC for CVE-2019-25559

NsauditorSpotpaltalk6.8MEDIUM
Denial of Service Vulnerability in SpotPaltalk by Paltalk

SpotPaltalk 1.1.5 is vulnerable to a denial of service attack due to insufficient input validation in the registration code input field. An attacker can exploit this vulnerability by entering a string that exceeds the expected length, specifically by using a lengthy buffer of 1000 characters in t...

PoC for CVE-2019-25558

PixarraSelfie Studio6.9MEDIUM
Denial of Service Vulnerability in Selfie Studio by Pixarra

Selfie Studio 2.17 is susceptible to a denial of service attack via its Resize Image function. By inputting excessively long strings into the New Width or New Height fields, local attackers can exploit a buffer overflow, leading to a crash of the application. This vulnerability highlights the sig...

PoC for CVE-2019-25557

PixarraTwistedbrush Pro Studio6.9MEDIUM
Denial of Service Vulnerability in TwistedBrush Pro Studio by Pixarra

TwistedBrush Pro Studio 24.06 is susceptible to a denial of service vulnerability, which enables local attackers to crash the application by importing specially crafted .srp script files. An attacker can create a .srp file containing an excessively large buffer and import it through the Script Pl...

PoC for CVE-2019-25556

PixarraTwistedbrush Pro Studio6.9MEDIUM
Denial of Service Vulnerability in TwistedBrush Pro Studio by Pixarra

TwistedBrush Pro Studio 24.06 has a vulnerability in the Resize Image function that enables local attackers to induce a denial of service condition. By entering an excessively long buffer in the New Width or New Height field, attackers can cause a buffer overflow, leading to application crashes. ...

PoC for CVE-2019-25555

PixarraTwistedbrush Pro Studio6.9MEDIUM
Denial of Service Vulnerability in TwistedBrush Pro Studio by Pixarra

TwistedBrush Pro Studio 24.06 features a vulnerability within its Script Recorder component that could allow a local attacker to induce a denial of service. By providing an excessively large input, specifically a string with 500,000 characters, an attacker can effectively crash the application. T...

PoC for CVE-2019-25554

TomaboMp4 Converter6.8MEDIUM
Denial of Service Vulnerability in Tomabo MP4 Converter by Tomabo

Tomabo MP4 Converter version 3.25.22 is susceptible to a denial of service vulnerability that arises from improper handling of user input. Attackers can exploit this issue by entering an excessively long string into the Name field when configuring a preset in the Video/Audio Formats settings. If ...

PoC for CVE-2019-25553

Cewe-photoworldCewe Photo Importer6.9MEDIUM
Denial of Service Vulnerability in CEWE PHOTO IMPORTER by CEWE

CEWE PHOTO IMPORTER version 6.4.3 is susceptible to a denial of service attack, which can be executed by local attackers. By importing a specially crafted image file, an attacker can crash the application. This vulnerability is exploited through the import feature, where a malformed JPG file with...

PoC for CVE-2019-25552

Cewe-photoworldCewe Photo Show8.7HIGH
Denial of Service Vulnerability in CEWE PHOTO SHOW by CEWE

The CEWE PHOTO SHOW version 6.4.3 has a vulnerability that can lead to denial of service. By inputting an excessively lengthy string into the password field during the application upload process, an attacker can cause the application to crash. This vulnerability can be exploited by submitting a l...

PoC for CVE-2019-25551

SandboxieSandboxie6.9MEDIUM
Denial of Service Vulnerability in Sandboxie 5.30 by Sandboxie

Sandboxie 5.30 is vulnerable to a denial of service issue that allows local attackers to crash the application. By inputting an excessively long string—specifically, a buffer of 5000 characters—in the Program Alerts configuration field, an attacker can effectively trigger an application crash. Th...

PoC for CVE-2019-25550

VeryPDFEncrypt PDF6.9MEDIUM
Buffer Overflow Vulnerability in Encrypt PDF 2.3 by VeryPDF

Encrypt PDF 2.3 contains a vulnerability that enables local attackers to crash the application by entering excessively long strings in the password fields. Specifically, by inputting a 1000-byte buffer into either the User Password or Master Password fields in the application’s Settings dialog, a...

PoC for CVE-2019-25549

VeryPDFVeryPDF Pcl Converter6.9MEDIUM
Denial of Service Vulnerability in VeryPDF PCL Converter 2.7

VeryPDF PCL Converter 2.7 is susceptible to a denial of service attack that allows local users to cause the application to crash. This vulnerability is exploited by providing an exceptionally long password, specifically a 3000-byte string, within the PDF Security encryption settings. When process...

PoC for CVE-2019-25548

BluestacksBluestacks6.9MEDIUM
Denial of Service Vulnerability in BlueStacks by BlueStacks, Inc.

BlueStacks version 4.80.0.1060 contains a vulnerability that exposes the application to denial of service attacks. Malicious actors can exploit this flaw by inputting excessively large data into the search field, specifically by pasting a buffer of 100,000 'A' characters. Once this oversized inpu...

PoC for CVE-2019-25547

Infiltration-systemsNetaware6.9MEDIUM
Buffer Overflow Vulnerability in NetAware by Infiltration Systems

NetAware version 1.20 has a buffer overflow vulnerability within its User Blocking feature. This issue allows local attackers to cause a denial of service by inputting oversized data. Specifically, when a malicious user provides a buffer of 512 bytes in the 'Add a website or keyword to be filtere...

PoC for CVE-2019-25546

Infiltration-systemsNetaware6.9MEDIUM
Buffer Overflow in NetAware Product by Infiltration Systems

NetAware 1.20 is susceptible to a buffer overflow vulnerability within the Share Name field. This flaw allows local attackers to disrupt application functionality by submitting an overly long string, specifically a 1000-byte buffer, when creating a new share via the Manage Shares interface. By ex...

PoC for CVE-2019-25545

LizardsystemsTerminal Services Manager6.9MEDIUM
Local Buffer Overflow Vulnerability in Terminal Services Manager by...

Terminal Services Manager 3.2.1 is impacted by a local buffer overflow vulnerability that enables attackers to crash the application. By entering an excessively long string (up to 5000 bytes) into the 'Computer name or IP address' field during the addition of a computer, an attacker can trigger a...

PoC for CVE-2019-25544

PidginPidgin6.9MEDIUM
Denial of Service Vulnerability in Pidgin by Pidgin Developers

Pidgin 2.13.0 is susceptible to a denial of service issue where an attacker can create a local account using an excessively long username. By inputting a buffer of 1000 characters in the username field, attackers can trigger a crash when attempting to join a chat, rendering the application inoper...

Discovered 5 hours ago

PoC for CVE-2026-4515

Foundation AgentsMetagpt5.3MEDIUM
Code Injection Vulnerability in Foundation Agents MetaGPT by Founda...

A vulnerability present in Foundation Agents MetaGPT versions up to 0.8.1 enables code injection through the code_generate function in operator.py. This flaw can be exploited remotely, potentially allowing attackers to execute arbitrary code. The issue has been made public, raising significant se...

Discovered 6 hours ago

PoC for CVE-2026-29000

Pac4jPac4j-jwt9.3CRITICAL
Authentication Bypass in JwtAuthenticator of pac4j-jwt by pac4j

The pac4j-jwt library's JwtAuthenticator prior to versions 4.5.9, 5.7.9, and 6.3.3 is susceptible to an authentication bypass that could allow remote adversaries to create forged authentication tokens. By leveraging the server's RSA public key, attackers are able to craft a JWE-wrapped PlainJWT w...

PoC for CVE-2021-42574

UnicodeUnicode🟣 EPSS 25%8.3HIGH
Visual Reordering Vulnerability in Unicode Specification Affecting ...

A vulnerability in the Unicode Specification, particularly in the Bidirectional Algorithm, allows adversaries to manipulate the visual order of characters. This can lead to confusion when analyzing source code, as the logical order of tokens processed by compilers and interpreters may differ from...

PoC for CVE-2026-4514

Aurcloud TechnologyPbootcms5.3MEDIUM
Access Control Vulnerability in PbootCMS Backend by Aurcloud Techno...

A vulnerability has been identified in the PbootCMS platform that affects versions up to 3.2.12. The issue resides in the UserController.php file, where improper access controls can be exploited by manipulating the 'Field' argument. This allows attackers to potentially gain unauthorized access to...

Discovered 7 hours ago

PoC for CVE-2026-4513

Vanna-aiVanna5.3MEDIUM
SQL Injection Vulnerability in vanna-ai's Vanna Product

A vulnerability has been identified in the Vanna product by vanna-ai, specifically in the 'ask' function located within the file 'base.py'. This issue allows for SQL injection attacks, which can be exploited remotely, enabling unauthorized access to the database and manipulation of data. The vuln...

PoC for CVE-2024-36991

SplunkSplunk Enterprise🟣 EPSS 94%7.5HIGH
Splunk Enterprise Path Traversal Vulnerability on Windows

A path traversal vulnerability exists in Splunk Enterprise running on Windows, affecting versions prior to 9.2.2, as well as versions 9.1.5 and 9.0.10. This issue allows an attacker to potentially access restricted directories and files on the server through the /modules/messaging/ endpoint. Ensu...

Discovered 8 hours ago

PoC for CVE-2026-4511

Vanna-aiVanna5.3MEDIUM
Remote Command Execution Vulnerability in Vanna-AI Product by Vanna

A security vulnerability exists in the vanna-ai product, specifically in the exec function located in /src/vanna/legacy. This flaw allows for injection attacks that can be executed remotely, posing a significant risk to users. The exploit has been publicly disclosed, and despite early notificatio...

Discovered 10 hours ago

PoC for CVE-2026-4510

PbootCMSPbootcms5.3MEDIUM
Cross Site Scripting Vulnerability in PbootCMS by PbootCMS

A vulnerability in PbootCMS versions up to 3.2.12 allows for cross site scripting (XSS) attacks due to improper handling of user-supplied input in the alert_location function of the MemberController.php file. Attackers can exploit this weakness by manipulating the backurl parameter, enabling them...

Discovered 11 hours ago

PoC for CVE-2026-4509

PbootPbootcms5.3MEDIUM
Incomplete Blacklist Vulnerability in PbootCMS File Upload by Pboot

A security flaw has been identified in PbootCMS, specifically within the file upload module located in core/function/file.php. This vulnerability relates to an incomplete blacklist implementation in the argument handling, which can be exploited remotely. Attackers can manipulate file uploads, pot...

Discovered 13 hours ago

PoC for CVE-2025-11926

WordPressRelated Posts Lite4.4MEDIUM
Stored Cross-Site Scripting in Related Posts Lite Plugin for WordPress

The Related Posts Lite plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability, due to inadequate input sanitization and output escaping in admin settings. This issue affects all versions up to 1.12, enabling authenticated attackers with administrator-level permissions ...

PoC for CVE-2025-48784

Soar Cloud System...Hrd Human Resource Man...8.8HIGH
Missing Authorization Vulnerability in Soar Cloud HRD Human Resourc...

A missing authorization flaw in the Soar Cloud HRD Human Resource Management System, up to version 7.3.2025.0408, allows unauthorized remote attackers to change critical system settings. This vulnerability poses a significant risk as it enables malicious users to alter configurations without appr...

Discovered 14 hours ago

PoC for CVE-2025-6934

WordPressOpal Estate Pro – Prop...🟣 EPSS 24%9.8CRITICAL
Privilege Escalation Vulnerability in Opal Estate Pro Plugin for Wo...

The Opal Estate Pro – Property Management and Submission plugin for WordPress is susceptible to privilege escalation. This is a result of improper role restriction during user registration in the 'on_register_user' function. Attackers without authentication can exploit this vulnerability to assig...

Discovered 18 hours ago

PoC for CVE-2026-4508

PbootPbootcms6.9MEDIUM
SQL Injection Vulnerability in PbootCMS Member Login by Pboot

In PbootCMS versions up to 3.2.12, a significant vulnerability exists in the Member Login component, specifically within the checkUsername function located in apps/home/controller/MemberController.php. This flaw allows the manipulation of user-supplied input to execute SQL injection attacks, pote...

Discovered 19 hours ago

PoC for CVE-2026-4507

MindinventoryMindsql5.3MEDIUM
SQL Injection Vulnerability in Mindinventory MindSQL Product

A security flaw has been identified in Mindinventory's MindSQL that allows for SQL injection via a manipulation of the 'ask_db' function located in mindsql/core/mindsql_core.py. This vulnerability can be exploited remotely, placing users at risk of unauthorized database access and potential data ...

PoC for CVE-2026-4506

MindinventoryMindsql5.3MEDIUM
SQL Injection Vulnerability in Mindinventory MindSQL Product

A significant vulnerability has been identified in Mindinventory's MindSQL product, specifically affecting the 'ask_db' function located in 'mindsql/core/mindsql_core.py'. This flaw allows for remote code injection, posing serious security risks. An attacker could exploit this vulnerability to ma...

Discovered 21 hours ago

PoC for CVE-2026-4505

Eosphoros-aiDb-gpt5.3MEDIUM
Unrestricted Upload Vulnerability in eosphoros-ai DB-GPT Product fr...

A vulnerability in the eosphoros-ai DB-GPT affects its FastAPI Endpoint, particularly the function module_plugin.refresh_plugins located in controller.py. This flaw enables unauthorized users to perform unrestricted uploads remotely, potentially compromising system integrity. Despite early notifi...

PoC for CVE-2026-4504

Eosphoros-aiDb-gpt6.9MEDIUM
SQL Injection Vulnerability in eosphoros-ai db-gpt Product by Eosph...

An SQL injection vulnerability exists within the eosphoros-ai db-gpt product, specifically in the /api/v1/editor/ endpoint. This flaw is a result of an incomplete fix, allowing attackers to exploit remote access and manipulate database operations. The affected versions include up to 0.7.5, and th...