Publicly Disclosed
PoC Exploits
🔴 Alway take caution when working with PoC Exploits 🔴
Discovered 51 minutes ago
PoC for CVE-2026-27778
The WebSocket Application Programming Interface in E-Power systems is vulnerable due to a lack of restrictions on the number of authentication requests. This vulnerability can be exploited by attackers to perform denial-of-service attacks, which may disrupt legitimate charger telemetry. Additiona...
Discovered 3 hours ago
PoC for CVE-2026-31431
A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...
PoC for CVE-2019-13132
In earlier versions of the ZeroMQ library (libzmq), a significant vulnerability exists that allows a remote and unauthenticated client to connect and potentially cause a stack overflow. This vulnerability arises from improper handling of buffers, leading to arbitrary data being written to the sta...
PoC for CVE-2026-31431
A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...
Discovered 6 hours ago
PoC for CVE-2026-31431
A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...
PoC for CVE-2026-7750
A buffer overflow vulnerability has been identified in the Totolink N300RH router, specifically in the setMacFilterRules function within the POST Request Handler of the /cgi-bin/cstecgi.cgi file. The vulnerability arises from improper handling of the mac_address argument, which allows remote atta...
Discovered 7 hours ago
PoC for CVE-2026-7749
A security vulnerability has been identified in the Totolink N300RH router, specifically within the function setWanConfig located in /cgi-bin/cstecgi.cgi. This issue arises from improper handling of the priDns argument, leading to a potential buffer overflow. The vulnerability can be exploited re...
PoC for CVE-2026-7748
A vulnerability has been identified in the Totolink N300RH router firmware version 3.2.4-B20220812, specifically within the setUpgradeFW function located in the /cgi-bin/cstecgi.cgi file. This weakness arises from the improper handling of the FileName argument, which can be exploited to trigger a...
PoC for CVE-2026-7747
A buffer overflow vulnerability exists in the loginauth function of the Parameter Handler component in Totolink N300RH routers running firmware version 3.2.4-B20220812. This flaw can be exploited remotely by manipulating the Password argument, leading to potential unauthorized access and adverse ...
PoC for CVE-2026-7746
A vulnerability exists in the SourceCodester Web-based Pharmacy Product Management System version 1.0, specifically in the edit-admin.php file. This issue arises from improper handling of the argument ID, enabling attackers to execute remote SQL injection attacks. Given that exploits are publicly...
Discovered 8 hours ago
PoC for CVE-2026-7745
A security flaw has been identified in CodeAstro's Online Classroom software, specifically in the faculty details functionality. This vulnerability arises from improper handling of user input in the 'deleteid' parameter, leading to SQL injection. Attackers can exploit this weakness remotely, pote...
PoC for CVE-2026-7744
A vulnerability has been identified in CodeAstro Online Classroom 1.0 that affects the unspecified functionality of the addnewstudent endpoint. Manipulation of the 'fname' parameter can lead to SQL injection attacks, allowing adversaries to interact with the database through crafted queries. This...
PoC for CVE-2026-7743
A SQL injection vulnerability exists in the CodeAstro Online Classroom 1.0, specifically in an unidentified function within the /OnlineClassroom/studentdetails file. This vulnerability allows for malicious manipulation of the 'deleteid' argument, enabling an attacker to execute remote SQL queries...
PoC for CVE-2026-7742
A vulnerability has been identified in CodeAstro's Online Classroom version 1.0, specifically in an undisclosed function located in the faculty login script. Manipulating the 'fid' argument allows for SQL injection attacks, which can be executed remotely. This exposure enables unauthorized users ...
Discovered 9 hours ago
PoC for CVE-2026-7741
The CodeAstro Online Classroom application version 1.0 is vulnerable to SQL injection through the student login function. This vulnerability allows attackers to manipulate the 'sid' argument, potentially leading to unauthorized access to sensitive data. Exploitation can be executed remotely, and ...
PoC for CVE-2026-7740
A vulnerability has been identified in justdan96 tsMuxer software, specifically in the function VvcVpsUnit::setFPS located in tsMuxer/vvc.cpp. This flaw allows an attacker to manipulate the track_id argument, potentially leading to a denial of service. The vulnerability requires local access to e...
PoC for CVE-2026-7739
A local vulnerability has been discovered in the tsMuxer software developed by justdan96, specifically affecting the HevcVpsUnit::setFPS function located in hevc.cpp file. This issue arises from improper handling of the 'track_id' argument, potentially leading to a denial of service condition. Ex...
PoC for CVE-2026-7738
A security flaw affecting Puchunjie's doc-tools-mcp version 1.0.18 has been identified, specifically within the functions create_document and open_document of the MCP Interface. This vulnerability can be exploited through path traversal techniques by manipulating the filePath argument. Attackers ...
PoC for CVE-2026-5335
The Magic Export & Import WordPress plugin prior to version 1.2.0 exposes exported CSV files in a publicly accessible location. This vulnerability allows unauthorized visitors to access and download sensitive user information contained within these files, posing significant privacy and security r...
Discovered 11 hours ago
PoC for CVE-2026-7733
A vulnerability has been identified in Funadmin versions up to 7.1.0-rc6 within the Frontend Chunked Upload Endpoint. It stems from a flaw in the UploadService::chunkUpload function located in app/common/service/UploadService.php. This weakness allows an attacker to manipulate the File argument, ...
PoC for CVE-2026-7732
An unrestricted file upload vulnerability exists in the BloodBank Managing System 1.0, specifically in the request_blood.php file. This issue allows an attacker to remotely upload files without proper validation, potentially leading to the execution of arbitrary code. As the exploit is now public...
PoC for CVE-2026-31431
A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...
PoC for CVE-2026-7731
A security vulnerability has been identified in the BloodBank Managing System version 1.0, specifically within the 'get_state.php' file. This vulnerability arises from inadequate validation of the G_STATE_ID parameter, allowing for SQL injection attacks. Attackers can exploit this vulnerability r...
PoC for CVE-2026-7730
A vulnerability has been detected in the privsim mcp-test-runner version 0.2.0 affecting the child_process.spawn function located in src/index.ts. By manipulating the command argument, an attacker could execute arbitrary OS commands, potentially leading to severe security breaches. This vulnerabi...
Discovered 12 hours ago
PoC for CVE-2026-7729
A security flaw has been identified in the pixelsock directus-mcp version 1.0.0. This vulnerability resides in the validateUrl function located in index.ts of the MCP Interface component. An attacker can manipulate the fileUrl argument, potentially leading to servers being tricked into making una...
PoC for CVE-2026-7728
A security vulnerability has been identified in the MCP Interface of the mcp-rtfm product. This issue allows an attacker to manipulate the function get_doc_content/read_doc/update_doc through the argument docFile, leading to unauthorized access to files outside the intended directory structure. T...
PoC for CVE-2026-7725
A vulnerability exists in PrefectHQ's product related to the GitRepository Pull Handler, specifically within the file src/prefect/runner/storage.py. The issue arises from improper handling of arguments, specifically the 'commit_sha' and 'directories' parameters, leading to potential argument inje...
Discovered 13 hours ago
PoC for CVE-2026-7724
A vulnerability exists in the PrefectHQ Prefect software within the Webhook/Notification component. The specific flaw lies in the validate_restricted_url function, which is susceptible to a time-of-check time-of-use condition. This vulnerability allows remote attackers to exploit the system under...
PoC for CVE-2026-7723
A security flaw has been identified in the WebSocket Endpoint of the PrefectHQ Prefect application, affecting versions up to 3.6.13. This vulnerability permits remote exploitation, as it allows an attacker to manipulate the system due to a lack of proper authentication mechanisms. To mitigate thi...
PoC for CVE-2026-7722
A vulnerability was identified in the Health Check API of PrefectHQ's Prefect, affecting versions up to 3.6.21. This flaw allows for improper authentication through the 'endswith' function in the /api/health endpoint. Attackers could exploit this vulnerability remotely, increasing the risk of una...
PoC for CVE-2026-7721
A security vulnerability has been identified in the Totolink WA300 router, specifically within the NTPSyncWithHost function located in the /cgi-bin/cstecgi.cgi file. This flaw allows an attacker to manipulate the 'hostTime' argument, leading to the possibility of command injection. The vulnerabil...
Discovered 14 hours ago
PoC for CVE-2026-7720
A vulnerability has been discovered in the Totolink WA300 router's POST Request Handler, specifically within the setLanguageCfg function in the /cgi-bin/cstecgi.cgi script. This weakness allows an attacker to manipulate the langType argument, potentially leading to command injection. The exploit ...
PoC for CVE-2026-7719
A security flaw has been identified in the Totolink WA300 access point, specifically in the 'loginauth' function located in the cstecgi.cgi file of the POST Request Handler. The vulnerability arises from improper handling of the 'http_host' argument, leading to a buffer overflow that can be explo...
PoC for CVE-2026-7718
A vulnerability has been identified in the Totolink WA300 router, specifically within the function setWebWlanIdx located in /cgi-bin/cstecgi.cgi of the POST Request Handler. An attacker can manipulate the webWlanIdx argument, resulting in command injection, which may be initiated remotely. The ex...
PoC for CVE-2026-7717
A buffer overflow vulnerability exists in the UploadCustomModule function of the Totolink WA300 router's POST Request Handler. This issue stems from improper handling of input on the /cgi-bin/cstecgi.cgi script, allowing attackers to manipulate the 'File' argument. If successfully exploited, this...
Discovered 15 hours ago
PoC for CVE-2026-7716
A SQL injection vulnerability has been identified in the Code-Projects Gym Management System, specifically affecting the file /index.php. This flaw occurs due to improper handling of input parameters in the 'day' argument, allowing attackers to execute arbitrary SQL commands remotely. The public ...
PoC for CVE-2026-7715
A path traversal vulnerability exists in the MCP Interface's arango_backup function within the ravenwits mcp-server-arangodb software, affecting versions up to 0.4.7. An attacker can manipulate the outputDir argument, leading to unauthorized access to filesystem paths. This vulnerability can be e...
PoC for CVE-2026-7714
An authentication flaw has been identified in the Admin Endpoint of Crocodilestick's Calibre-Web-Automated within the file cps/cwa_functions.py. This vulnerability allows remote attackers to manipulate the application due to inadequate authentication mechanisms. As a result, unauthorized users ma...
PoC for CVE-2026-31431
A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...
Discovered 16 hours ago
PoC for CVE-2026-7712
A security vulnerability exists within MindsDB versions up to 26.01, specifically in the 'pickle.loads' function of the Pickle Handler component. This vulnerability allows for malicious manipulation that leads to deserialization issues, enabling attackers to exploit the flaw remotely. The exploit...
PoC for CVE-2026-7711
A vulnerability has been discovered in the MindsDB Engine Handler, specifically within the exec function of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py. This issue allows for remote attackers to exploit the system by carrying out unauthorized file uploads. With the exploit...
PoC for CVE-2026-7710
A security flaw exists in the YunaiV yudao-cloud up to version 3.8.0, specifically within the doFilterInternal function of JwtAuthenticationTokenFilter.java related to the Ruoyi-Vue-Pro component. This vulnerability allows attackers to manipulate the argument mock-token, resulting in improper aut...
PoC for CVE-2026-7709
A significant vulnerability exists within the Janeczku Calibre-Web application, specifically in the Endpoint function located in the kobo_auth.py file. This flaw allows for unauthorized manipulation of the user_id argument in the generate_auth_token function, leading to improper authorization. Re...
Discovered 17 hours ago
PoC for CVE-2026-7708
A vulnerability exists in Open5GS up to version 2.7.7, specifically in the function ogs_dbi_subscription_data within the UDR component's library. This vulnerability allows for a remote denial of service attack by manipulating the 'supi_id' argument. Exploitation of this flaw can lead to service i...
PoC for CVE-2026-31431
A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...
PoC for CVE-2026-7707
A denial of service vulnerability exists in the UDR component of Open5GS versions up to 2.7.7. This vulnerability is found within the `udr_nudr_dr_handle_subscription_context` function in the file `/src/udr/nudr-handler.c`. An attacker can exploit this weakness by manipulating the argument 'pei',...
PoC for CVE-2026-7706
A vulnerability exists within the Open5GS AMF component, specifically in the gmm_handle_service_request function located in the gmm-handler.c file. This issue can result in a denial of service, potentially allowing malicious actors to disrupt service availability remotely. Public disclosure of th...
PoC for CVE-2026-7705
A command injection vulnerability exists in JD Cloud JDCOS version 4.5.1.r4518, specifically within the set_iptv_info function located in the /jdcap component of the Service Interface. By manipulating the 'vid' argument, an attacker can execute arbitrary commands remotely. This issue poses a sign...
Discovered 18 hours ago
PoC for CVE-2019-6250
A pointer overflow vulnerability exists in the ZeroMQ library (libzmq) that can allow an authenticated attacker to execute arbitrary code. The flaw arises from an integer overflow in the v2_decoder.cpp component, specifically within the zmq::v2_decoder_t::size_ready function. This vulnerability e...
Discovered 21 hours ago
PoC for CVE-2020-11022
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.