Publicly Disclosed
PoC Exploits

🔴 Alway take caution when working with PoC Exploits 🔴

Discovered 36 minutes ago

PoC for CVE-2025-29927

VercelNext.js🟣 EPSS 85%9.1CRITICAL
Authorization Bypass in Next.js Framework by Vercel

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

Discovered 2 hours ago

PoC for CVE-2025-0401

1902756969
Path Traversal Vulnerability in reggie 1.0 by 1902756969

A path traversal vulnerability identified in reggie 1.0 allows an attacker to manipulate the 'name' argument in the download function of CommonController.java. This vulnerability enables unauthorized access to file systems, allowing remote attackers to read sensitive files by exploiting this flaw...

Discovered 9 hours ago

PoC for CVE-2023-5561

WordPressWordPress🟣 EPSS 14%5.3MEDIUM
WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack

Discovered 19 hours ago

PoC for CVE-2025-2048

WordPressLana Downloads Manager4.1MEDIUM
Path Traversal Vulnerability in Lana Downloads Manager Plugin for W...

The Lana Downloads Manager plugin for WordPress, prior to version 1.10.0, is susceptible to a path traversal vulnerability. This flaw arises from inadequate validation of user input used in file path specifications. As a result, authenticated users with admin privileges may exploit this weakness ...

PoC for CVE-2025-1986

WordPressGutentor4.1MEDIUM
SQL Injection Vulnerability in Gutentor Plugin for WordPress

The Gutentor plugin for WordPress prior to version 3.4.7 is susceptible to SQL injection due to a lack of proper sanitization and escaping of user-supplied parameters within SQL statements. This vulnerability could potentially allow administrators to manipulate the database in unintended ways, le...

PoC for CVE-2025-0868

Arc53Docsgpt🟣 EPSS 18%9.3CRITICAL
Remote Code Execution Vulnerability in DocsGPT by Arc53

A security flaw exists in DocsGPT that allows unauthorized access leading to Remote Code Execution. An attacker can exploit this vulnerability through the improper parsing of JSON data using the eval() function. By sending arbitrary Python code to the /api/remote endpoint, an attacker can execute...

Discovered 22 hours ago

PoC for CVE-2013-3900

MicrosoftWindows 10 Version 1809🟣 EPSS 71%5.5MEDIUM
WinVerifyTrust Signature Validation Vulnerability

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. While the forma...

Discovered 1 day ago

PoC for CVE-2023-32784

KeepassKeepass🟣 EPSS 66%7.5HIGH
Memory Dump Vulnerability in KeePass 2.x Allows Recovery of Clearte...

An issue exists in KeePass 2.x versions prior to 2.54 where attackers can exploit memory dumps to recover the cleartext master password, even if the workspace is locked or the application is no longer running. This exploitation can occur through various forms of memory dumps, such as a KeePass pr...

PoC for CVE-2025-3045

Oretnom23Apartment Visitor Mana...5.3MEDIUM
SQL Injection Vulnerability in SourceCodester Apartment Visitor Man...

A SQL injection vulnerability exists in the SourceCodester Apartment Visitor Management System version 1.0, specifically in the remove-apartment.php file. This vulnerability arises from insufficient validation of input parameters, allowing attackers to manipulate the ID argument. Successful explo...

PoC for CVE-2025-3043

GuominjimPersonmanage6.9MEDIUM
Path Traversal Vulnerability in GuoMinJim PersonManage Software

A path traversal vulnerability exists in GuoMinJim PersonManage 1.0, specifically in the preHandle function located at /login/. This flaw allows remote attackers to manipulate the Request argument, potentially leading to unauthorized file access and disclosure of sensitive information. Given the ...

PoC for CVE-2025-3041

Project WorldsOnline Time Table Gene...5.3MEDIUM
Unrestricted File Upload Vulnerability in Project Worlds Online Tim...

A significant vulnerability has been detected in the Project Worlds Online Time Table Generator version 1.0, specifically in the /admin/updatestudent.php file. This issue allows attackers to manipulate the 'pic' argument, enabling unrestricted file uploads. As a result, malicious users can remote...

PoC for CVE-2025-3042

Project WorldsOnline Time Table Gene...5.3MEDIUM
Unrestricted File Upload Vulnerability in Project Worlds Online Tim...

A vulnerability has been identified in the Project Worlds Online Time Table Generator version 1.0, specifically within the /student/updateprofile.php file. This flaw enables attackers to manipulate the 'pic' argument, resulting in the potential for unrestricted file uploads. Such a vulnerability ...

PoC for CVE-2025-3040

Project WorldsOnline Time Table Gene...5.3MEDIUM
Unrestricted File Upload Vulnerability in Project Worlds Online Tim...

A significant vulnerability has been identified in the Project Worlds Online Time Table Generator 1.0 that allows unauthorized file uploads through the /admin/add_student.php interface. By manipulating the 'pic' argument, attackers may exploit this weakness to upload malicious files remotely. Thi...

PoC for CVE-2025-3039

Code-projectsPayroll Management System5.3MEDIUM
SQL Injection Vulnerability in Code-Projects Payroll Management System

A SQL injection vulnerability exists within the Code-Projects Payroll Management System in the /add_employee.php file. This vulnerability arises from improper handling of user-supplied input parameters, specifically lname and fname, allowing attackers to manipulate database queries and potentiall...

PoC for CVE-2025-30208

ViteVite🟣 EPSS 38%
Vite Frontend Development Tool Susceptible to File Access Vulnerabi...

A vulnerability in Vite's frontend development tooling allows attackers to bypass file access restrictions. Specifically, versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 expose the risk where app URLs can be manipulated with trailing query parameters such as '?raw?' or '?import&raw?' t...

PoC for CVE-2025-3038

Code-projectsPayroll Management System5.3MEDIUM
SQL Injection Vulnerability in Code-Projects Payroll Management Sys...

A SQL injection vulnerability exists in version 1.0 of the Payroll Management System by Code-Projects, specifically within the file /view_account.php. This vulnerability arises from improper processing of the argument 'salary_rate', allowing attackers to perform unauthorized actions via SQL manip...

PoC for CVE-2025-3037

Yzk2356911358Studentservlet-jsp5.3MEDIUM
Cross-Site Request Forgery in yzk2356911358 StudentServlet-JSP

A vulnerability has been discovered in yzk2356911358 StudentServlet-JSP that allows for cross-site request forgery (CSRF) attacks. This flaw can be exploited remotely, enabling an attacker to manipulate the application's requests without the user's consent. The ongoing rolling release model of th...

PoC for CVE-2025-3036

Yzk2356911358Studentservlet-jsp4.8MEDIUM
Cross-Site Scripting Vulnerability in yzk2356911358 Student Managem...

A vulnerability has been identified in the Student Management Handler of yzk2356911358's StudentServlet-JSP. This issue allows an attacker to manipulate the 'Name' argument, leading to potential cross-site scripting attacks. Such vulnerabilities enable malicious actors to execute unauthorized scr...

PoC for CVE-2025-3018

SourcecodesterOnline Eyewear Shop5.3MEDIUM
SQL Injection Vulnerability in SourceCodester Online Eyewear Shop b...

The Online Eyewear Shop by SourceCodester is susceptible to an SQL injection vulnerability located in the /classes/Users.php function. This vulnerability arises due to inadequate input validation on the 'ID' parameter, enabling an attacker to manipulate database queries executed by the applicatio...

PoC for CVE-2025-3017

TA-LibTa-lib4.8MEDIUM
Out-of-Bounds Write Vulnerability in TA-Lib Affects Multiple Versions

A significant out-of-bounds write vulnerability has been identified in TA-Lib, specifically affecting the setInputBuffer function within the ta_regtest component. This flaw allows unauthorized users to manipulate memory, potentially leading to data corruption or execution of arbitrary code. The v...

PoC for CVE-2025-3015

Open Asset Import...Assimp5.3MEDIUM
Out-of-Bounds Read Vulnerability in Open Asset Import Library Assimp

A vulnerability exists in the Open Asset Import Library Assimp version 5.4.3 specifically within the function Assimp::ASEImporter::BuildUniqueRepresentation found in the ASE file handler component. This vulnerability arises from improper handling of the argument mIndices, leading to an out-of-bou...

PoC for CVE-2025-3010

Khronos GroupGlslang4.8MEDIUM
Null Pointer Dereference in Khronos Group glslang Product

A null pointer dereference vulnerability exists in the Khronos Group glslang 15.1.0 implementation. This flaw, located in the glslang::TIntermediate::isConversionAllowed function within the Intermediate.cpp file, can be exploited through local access. If an attacker successfully manipulates the a...

PoC for CVE-2025-3009

Jinher NetworkOa5.3MEDIUM
SQL Injection Vulnerability in Jinher Network OA C6 Product

A security vulnerability was discovered in the Jinher Network OA C6 product, specifically in the file NetDiskProperty.aspx. This vulnerability allows for SQL Injection through the manipulation of the ID parameter. Attackers can exploit this weakness remotely, potentially gaining unauthorized acce...

PoC for CVE-2025-3006

PHPgurukulE-diary Management System6.9MEDIUM
SQL Injection Flaw in PHPGurukul e-Diary Management System

A security vulnerability has been identified in PHPGurukul's e-Diary Management System version 1.0, specifically within the /edit-category.php file. The vulnerability allows attackers to manipulate the 'Category' parameter, leading to potential SQL injection attacks. This exposure could enable un...

PoC for CVE-2025-3005

SayskiForestblog5.1MEDIUM
Cross Site Scripting Vulnerability in Sayski ForestBlog by Sayski

A vulnerability exists in the Sayski ForestBlog, specifically within the Friend Link Handler component, affecting versions up to 20250321. This security issue allows remote attackers to manipulate the component and execute cross site scripting (XSS) attacks. Given that the exploit has been public...

PoC for CVE-2025-1974

KubernetesIngress-nginx🟣 EPSS 82%9.8CRITICAL
Arbitrary Code Execution Vulnerability in Ingress-Nginx Controller ...

A security issue in the Kubernetes platform allows an unauthenticated attacker with access to the pod network to execute arbitrary code within the context of the ingress-nginx controller. This vulnerability poses serious security risks, as it can potentially expose sensitive secrets accessible to...

PoC for CVE-2025-3004

SayskiForestblog5.1MEDIUM
Cross-Site Scripting Vulnerability in Sayski ForestBlog Product

A vulnerability exists in Sayski ForestBlog that allows for cross-site scripting through improper handling of user input in the /search file. By manipulating the 'keywords' parameter, attackers can execute arbitrary scripts in the context of the user's browser. This poses a significant security r...

PoC for CVE-2025-3003

EsafenetCdg5.3MEDIUM
SQL Injection Vulnerability in ESAFENET CDG Software

A SQL injection vulnerability has been identified in ESAFENET CDG 3, specifically within the UserAjax functionality. This flaw allows attackers to manipulate the Username parameter, enabling them to execute unauthorized SQL commands remotely. The vulnerability poses a significant security risk, a...

PoC for CVE-2025-3002

Digital ChinaDcme-5206.9MEDIUM
OS Command Injection Vulnerability in Digital China DCME-520

A vulnerability has been identified in Digital China DCME-520 affecting versions up to 20250320, specifically within the processing of input parameters in the file /usr/local/WWW/function/audit/newstatistics/mon_merge_stat_hist.php. An improper handling of the 'type_name' argument allows an attac...

PoC for CVE-2025-3001

FacebookPytorch4.8MEDIUM
Memory Corruption in PyTorch 2.6.0 Affecting torch.lstm_cell Function

A vulnerability in PyTorch 2.6.0 has been identified, specifically within the torch.lstm_cell function. This flaw allows for memory corruption, which could be exploited locally by an attacker. The manipulation of this function creates the risk of segmentation faults, potentially leading to unexpe...

PoC for CVE-2025-3000

PyTorchPytorch4.8MEDIUM
Memory Corruption Vulnerability in PyTorch 2.6.0

A vulnerability exists in PyTorch 2.6.0 affecting the torch.jit.script function, allowing for potential memory corruption. This issue can be exploited locally, posing risks to system integrity. The vulnerability has been publicly disclosed and could lead to unauthorized access or disruption of se...

PoC for CVE-2024-25600

WordPressBricks Builder🟣 EPSS 92%10CRITICAL
Code Injection Vulnerability Affects Bricks Builder

The vulnerability in Bricks Builder, developed by Codeer Limited, allows for improper control of code generation, leading to code injection risks. This condition is particularly critical in versions ranging from n/a to 1.9.6. Attackers may exploit this weakness to execute arbitrary code on the se...

PoC for CVE-2025-2998

Meta AIPytorch4.8MEDIUM
Memory Corruption Vulnerability in PyTorch by Meta AI

A memory corruption vulnerability exists in the torch.nn.utils.rnn.pad_packed_sequence function of PyTorch version 2.6.0. This issue requires local access for exploitation, potentially allowing an attacker to manipulate memory allocation, leading to segmentation faults or unexpected behavior in a...

PoC for CVE-2025-2997

Zhangyanbo2007Youkefu5.3MEDIUM
Server-Side Request Forgery in Youkefu 4.2.0 by Zhangyanbo2007

A vulnerability exists in Youkefu version 4.2.0 developed by Zhangyanbo2007, specifically within an unverified function of the file /res/url. This flaw arises from improper handling of the 'url' argument, allowing an attacker to perform server-side request forgery (SSRF). Through SSRF, a remote a...

PoC for CVE-2024-36991

SplunkSplunk Enterprise🟣 EPSS 88%7.5HIGH
Splunk Enterprise Path Traversal Vulnerability on Windows

A path traversal vulnerability exists in Splunk Enterprise running on Windows, affecting versions prior to 9.2.2, as well as versions 9.1.5 and 9.0.10. This issue allows an attacker to potentially access restricted directories and files on the server through the /modules/messaging/ endpoint. Ensu...

Discovered 2 days ago

PoC for CVE-2025-2996

TendaFh12026.9MEDIUM
Improper Access Control in Tenda FH1202 Web Management Interface

A newly discovered vulnerability in the Tenda FH1202's Web Management Interface allows for improper access control, particularly in the /goform/SysToolDDNS file. This flaw enables remote attackers to manipulate access controls, potentially compromising the device's security and integrity. The iss...

PoC for CVE-2025-2995

TendaFh12026.9MEDIUM
Improper Access Control in Tenda FH1202 Web Management Interface

A vulnerability exists in the Tenda FH1202 Web Management Interface, specifically in the /goform/SysToolChangePwd file, allowing unauthorized manipulation of access controls. This flaw can be exploited remotely, providing attackers with the ability to gain unauthorized access to sensitive system ...

PoC for CVE-2025-2994

TendaFh12026.9MEDIUM
Improper Access Controls in Tenda FH1202 Web Management Interface

A vulnerability has been identified in the Tenda FH1202 router’s web management interface. The flaw resides in the qossetting component, which suffers from improper access controls, allowing an unauthorized remote attacker to manipulate settings and potentially gain sensitive information. Exploit...

PoC for CVE-2025-2993

TendaFh12026.9MEDIUM
Improper Access Controls in Tenda FH1202 Router

A security flaw in the Tenda FH1202 router allows unauthorized access due to improper access controls associated with the /default.cfg file. This vulnerability can be exploited remotely, enabling attackers to manipulate sensitive configurations without proper authentication. Due to the public dis...

PoC for CVE-2025-2992

TendaFh12026.9MEDIUM
Improper Access Controls in Tenda FH1202 Web Management Interface

The Tenda FH1202 device's Web Management Interface is susceptible to an improper access control vulnerability. Specifically, the flaw resides in the '/goform/AdvSetWrlsafeset' component, allowing unauthorized access that could be exploited remotely. This issue can lead to various security risks, ...

PoC for CVE-2025-2991

TendaFh12026.9MEDIUM
Improper Access Control in Tenda FH1202 Web Management Interface

A vulnerability exists in the Tenda FH1202's web management interface that allows remote attackers to exploit inadequate access controls. The issue arises from the 'AdvSetWrlmacfilter' function, potentially allowing unauthorized users to gain elevated privileges and manipulate configurations with...

PoC for CVE-2025-2990

TendaFh12026.9MEDIUM
Improper Access Control in Tenda FH1202 Web Management Interface

A security flaw has been identified in the Tenda FH1202 router, specifically within the Web Management Interface. This vulnerability arises from improper access controls in processing requests to the file /goform/AdvSetWrlGstset, potentially allowing unauthorized remote attackers to manipulate se...

PoC for CVE-2025-2989

TendaFh12026.9MEDIUM
Improper Access Controls in Tenda FH1202 Web Management Interface

A vulnerability has been identified in the Tenda FH1202 model's Web Management Interface, specifically within the AdvSetWrl component. This vulnerability enables unauthorized manipulation due to improper access controls, allowing potential attackers to gain unrestricted access to sensitive functi...

PoC for CVE-2025-2985

Code-projectsPayroll Management System5.3MEDIUM
SQL Injection Vulnerability in Payroll Management System by Code-Pr...

A vulnerability has been identified in the Payroll Management System 1.0 developed by Code-Projects that allows for SQL injection through the manipulation of the 'deduction' parameter within the 'update_account.php' file. This flaw can be exploited remotely, enabling attackers to execute unauthor...

PoC for CVE-2023-34960

ChamiloChamilo🟣 EPSS 94%9.8CRITICAL
Chamilo wsConvertPpt Command Injection Vulnerability

The Chamilo platform's wsConvertPpt component contains a command injection vulnerability that allows attackers to execute arbitrary system commands. This security flaw manifests through the processing of crafted PowerPoint file names in the SOAP API, potentially enabling unauthorized operations w...

PoC for CVE-2022-26134

AtlassianConfluence Data Center🟣 EPSS 94%9.8CRITICAL
OGNL Injection Vulnerability in Confluence Server and Data Center b...

An OGNL injection vulnerability exists in Confluence Server and Data Center, allowing unauthenticated attackers to execute arbitrary code on affected instances. Versions earlier than 7.4.17, and specific ranges of 7.13.x, 7.14.x, 7.15.x, 7.16.x, 7.17.x, and 7.18.x, are vulnerable. This security i...

PoC for CVE-2018-0239

CiscoCisco Staros7.5HIGH
Denial of Service Vulnerability in Cisco StarOS Affecting ASR 5700 ...

A vulnerability exists in the egress packet processing of the Cisco StarOS operating system. This flaw allows unauthenticated remote attackers to disrupt the forwarding of packets by exploiting the maximum length check of transmitted packets. By sending specially crafted IP packets or fragments, ...

PoC for CVE-2009-1151

PHPmyadminPHPmyadmin🟣 EPSS 87%9.8CRITICAL
PHPmyadmin

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

PoC for CVE-2025-2984

Code-projectsPayroll Management System5.3MEDIUM
SQL Injection Vulnerability in Payroll Management System by Code-Pr...

A vulnerability exists in the Payroll Management System version 1.0, specifically within the /delete.php file. This flaw arises from improper handling of the emp_id argument, which can be exploited to perform SQL injection attacks. Remote attackers may manipulate this vulnerability to gain unauth...

PoC for CVE-2021-4045

Tp-linkTapo C200🟣 EPSS 88%9.8CRITICAL
TP-LINK Tapo C200 remote code execution vulnerability

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.