Publicly Disclosed
PoC Exploits

🔴 Alway take caution when working with PoC Exploits 🔴

Discovered just now...

PoC for CVE-2026-46457

ApacheApache Camel7.5HIGH
Improper Input Validation Vulnerability in Apache Camel NATS Component

An improper input validation issue exists in the NATS component of Apache Camel, affecting versions 4.0.0 to 4.14.7, 4.15.0 to 4.18.2, and 4.19.0 to 4.20.9. This flaw allows clients capable of publishing to specific NATS subjects to inject arbitrary Camel control headers, which can manipulate the...

Discovered 39 minutes ago

PoC for CVE-1999-0524

MicrosoftWindows🟣 EPSS 32%
Arbitrary Host ICMP Information Exposure in Cisco Products

The vulnerability allows arbitrary hosts to send ICMP requests that reveal sensitive information, including netmask and timestamp data. This exposure can assist attackers in conducting reconnaissance and facilitate further attacks on the network. Proper configuration and monitoring are essential ...

Discovered 2 hours ago

PoC for CVE-2026-15696

TendaBe12 Pro8.7HIGH
Stack-Based Buffer Overflow in Tenda BE12 Pro by Tenda Electronics

A significant vulnerability exists in the Tenda BE12 Pro, specifically within the fromVirtualSer function of the /goform/VirtualSer component. This vulnerability allows for manipulation of the input parameters, potentially leading to a stack-based buffer overflow. As a result, attackers can execu...

PoC for CVE-2026-58479

Dan-in-caSip9.2CRITICAL
Command Injection Vulnerability in Sustainable Irrigation Platform ...

The Sustainable Irrigation Platform (SIP) versions up to 5.2.16 are vulnerable to command injection through the optional cli_control plugin. This weakness enables unauthenticated attackers to exploit the platform by submitting a malicious payload via the plugin's HTTP endpoint. Once an attack is ...

PoC for CVE-2026-58478

Dan-in-caSip6.3MEDIUM
Server-Side Request Forgery Vulnerability in Sustainable Irrigation...

The Sustainable Irrigation Platform versions up to 5.2.16 expose a Server-Side Request Forgery (SSRF) vulnerability that can be exploited by unauthenticated attackers using a malicious callback URL when the optional Node-RED plugin is enabled. This flaw allows attackers to circumvent destination ...

PoC for CVE-2026-58477

Dan-in-caSip8.8HIGH
Mass Assignment Vulnerability in Sustainable Irrigation Platform by...

The Sustainable Irrigation Platform (SIP) version 5.2.16 and earlier is susceptible to a mass assignment vulnerability. This flaw enables unauthenticated attackers to overwrite sensitive configuration settings by supplying arbitrary parameter names within HTTP requests. Vulnerable configurations ...

PoC for CVE-2026-60114

Dan-in-caSip8.7HIGH
Path Traversal Flaw in Sustainable Irrigation Platform by Unknown V...

The Sustainable Irrigation Platform (SIP) through version 5.2.16 is vulnerable to a path traversal issue that can be exploited by attackers who gain access to the restore functionality. By uploading specially crafted JSON backup files that include unvalidated keys, attackers can write files to ar...

PoC for CVE-2026-15695

TendaBe12 Pro8.7HIGH
Stack-based Buffer Overflow in Tenda BE12 Pro Routers

A critical flaw in Tenda BE12 Pro routers (version 16.03.66.23) allows for a stack-based buffer overflow through the 'fromDhcpListClient' function in the '/goform/DhcpListClient' file. This vulnerability can be exploited remotely, posing a significant risk to device integrity and security. Attack...

Discovered 3 hours ago

PoC for CVE-2026-58476

Dan-in-caSip7HIGH
Cross-Site Request Forgery Vulnerability in Sustainable Irrigation ...

The Sustainable Irrigation Platform (SIP) through version 5.2.16 is susceptible to a cross-site request forgery (CSRF) vulnerability. This flaw allows remote attackers to execute state-changing administrative actions by enticing a logged-in administrator to visit a malicious webpage. The absence ...

PoC for CVE-2026-58475

Dan-in-caSip5.3MEDIUM
Stored Cross-Site Scripting Vulnerability in Sustainable Irrigation...

The Sustainable Irrigation Platform, up to version 5.2.16, is vulnerable to a stored cross-site scripting (XSS) flaw, enabling unauthorized attackers to inject malicious JavaScript payloads. This vulnerability arises from improper output encoding within program names submitted via HTTP requests, ...

PoC for CVE-2026-15694

TendaBe12 Pro8.7HIGH
Stack-Based Buffer Overflow in Tenda BE12 Pro Router

A stack-based buffer overflow vulnerability exists in the Tenda BE12 Pro router due to improper handling in the fromSetIpBind function, specifically in the /goform/SetIpBind file. By manipulating the 'page' argument, an attacker can exploit this weakness to execute arbitrary code remotely. The ex...

PoC for CVE-2023-38646

MetabaseMetabase🟣 EPSS 98%9.8CRITICAL
Remote Code Execution Vulnerability in Metabase by Metabase

Metabase, both the open-source and enterprise versions prior to specified updates, contains a vulnerability that allows malicious actors to execute arbitrary commands at the server's privilege level without requiring authentication. This weakness can lead to significant security breaches, includi...

PoC for CVE-2025-21293

MicrosoftWindows 10 Version 1507🟣 EPSS 18%8.8HIGH
Active Directory Elevation of Privilege Vulnerability in Microsoft ...

This vulnerability in Active Directory Domain Services allows attackers to gain elevated privileges within the system, potentially leading to unauthorized access and control over sensitive resources. By exploiting this flaw, an attacker could perform actions that exceed their intended access righ...

Discovered 4 hours ago

PoC for CVE-2026-15693

TendaBe12 Pro8.7HIGH
Buffer Overflow in Tenda BE12 Pro Router

A critical security vulnerability has been identified in the Tenda BE12 Pro router, specifically in the 'fromSafeMacFilter' function located in the '/goform/SafeMacFilter' file. This vulnerability allows for a stack-based buffer overflow due to improper handling of input arguments, which can be e...

PoC for CVE-2014-7169

GnuBash🟣 EPSS 100%9.8CRITICAL
Environmental Variable Command Injection in GNU Bash by GNU

The vulnerability in GNU Bash through version 4.3 allows attackers to exploit malformed function definitions in environment variables. This can lead to unauthorized writing to files or other impacts, particularly through methods that involve privilege boundaries. Notable examples of exploitation ...

PoC for CVE-2026-15692

TendaBe12 Pro8.7HIGH
Stack-Based Buffer Overflow in Tenda BE12 Pro Product

A vulnerability has been discovered in the Tenda BE12 Pro router version 16.03.66.23, specifically in the fromSafeUrlFilter function located in the /goform/SafeUrlFilter file. This weakness can be exploited by manipulating the 'page' argument leading to a stack-based buffer overflow. The exploit ...

Discovered 5 hours ago

PoC for CVE-2026-15691

TendaBe12 Pro8.7HIGH
Stack-Based Buffer Overflow in Tenda BE12 Pro Router

A security flaw has been identified in the Tenda BE12 Pro router, particularly in the fromSafeClientFilter function located in the /goform/SafeClientFilter file. This vulnerability can be exploited by manipulating the argument page, leading to a stack-based buffer overflow. Given its remote explo...

PoC for CVE-2026-15690

open62541Open625412.3LOW
Remote Null Pointer Dereference in open62541 Client Library

A vulnerability exists in the open62541 Shared Client Library, specifically within the responseReadNamespacesArray function of the file src/client/ua_client_connect.c. This flaw allows for a null pointer dereference, which can be caused by improper handling of the Server_NamespaceArray argument. ...

Discovered 9 hours ago

PoC for CVE-2026-43724

AppleiOS And iPad OS7.8HIGH
Improper Input Sanitization Vulnerability in Apple Products

A vulnerability has been identified in Apple's iOS, iPadOS, and macOS that could potentially allow an application to lead to unexpected system termination or unauthorized access to kernel memory. This vulnerability results from insufficient input sanitization, which may be exploited by malicious ...

Discovered 10 hours ago

PoC for CVE-2026-38526

WebkulKrayin CRM9.9CRITICAL
Arbitrary File Upload Vulnerability in Webkul Krayin CRM

An authenticated arbitrary file upload vulnerability exists in the /admin/tinymce/upload endpoint of Webkul Krayin CRM version 2.2.x. This flaw enables attackers to upload crafted PHP files, which can subsequently lead to the execution of arbitrary code on the server. Such vulnerabilities can be ...

PoC for CVE-2026-15678

Code-projectsOnline Job Portal5.1MEDIUM
Cross Site Scripting Vulnerability in Code-Projects Online Job Port...

A security flaw has been identified in the Online Job Portal version 1.0 developed by Code-Projects. This vulnerability affects an unspecified function within the /Admin/DetailJob.php file, enabling attackers to perform cross-site scripting (XSS) attacks remotely. The flaw may allow unauthorized ...

Discovered 11 hours ago

PoC for CVE-2026-15677

Code-projectsOnline Job Portal6.9MEDIUM
Unrestricted File Upload in Online Job Portal by Code-Projects

A vulnerability in the Online Job Portal 1.0 by Code-Projects allows attackers to manipulate the 'txtFile' argument in the /JobSeekerInsert.php file, leading to unrestricted file uploads. This vulnerability can be exploited remotely, enabling malicious actors to upload arbitrary files to the serv...

PoC for CVE-2026-15676

Code-projectsOnline Job Portal6.9MEDIUM
SQL Injection Vulnerability in Code-Projects Online Job Portal

A security flaw has been found in the Code-Projects Online Job Portal, specifically in the DeleteUser.php file. This vulnerability allows attackers to execute SQL injection attacks through manipulation of an unspecified function. The exploit can be executed remotely, posing a significant risk to ...

PoC for CVE-2026-12511

WordPressAi Engine8.1HIGH
Path Traversal Vulnerability in AI Engine WordPress Plugin

The AI Engine WordPress plugin prior to version 3.5.5 is susceptible to a path traversal vulnerability. This issue allows authenticated users with editor-level permissions to provide malicious filenames, which the plugin fails to properly sanitize. Consequently, this could permit an attacker to w...

PoC for CVE-2026-12988

WordPressWP 2fa6.4MEDIUM
Improper Email Verification in WP 2FA Plugin for WordPress

The WP 2FA plugin for WordPress, prior to version 3.1.1.2, is vulnerable due to a flaw in the email verification process during two-factor authentication setup. Attackers who have acquired user credentials can manipulate the verification process by providing an email address under their control. ...

PoC for CVE-2026-12583

WordPressNewsletters8.1HIGH
Deserialization Vulnerability in Newsletters Plugin by WordPress

The Newsletters plugin for WordPress, prior to version 4.15, is susceptible to a deserialization vulnerability that arises from the handling of untrusted input via public forms. This flaw permits unauthenticated attackers to inject PHP objects, leveraging a property-oriented gadget chain inherent...

PoC for CVE-2026-11563

WordPressWord Count And Social ...9.6CRITICAL
File Deletion Vulnerability in Word Count and Social Shares Plugin ...

The Word Count and Social Shares plugin for WordPress versions up to 1.0 has a serious security issue where it fails to validate user-supplied file paths before performing deletions. This vulnerability allows authenticated users, such as those with Subscriber roles, to delete any file on the serv...

PoC for CVE-2026-11567

WordPressSureforms5.9MEDIUM
Payment Validation Flaw in SureForms Plugin for WordPress

The SureForms plugin for WordPress prior to version 2.11.1 features an improper payment amount validation flaw. This vulnerability allows unauthenticated users to exploit dynamically-sourced payment fields, leading to potential underpayment for products or subscriptions. Forms configured with a f...

PoC for CVE-2025-15665

WordPressUltimate Before After ...5.4MEDIUM
Cross-Site Scripting Flaw in Ultimate Before After Image Slider & G...

The Ultimate Before After Image Slider & Gallery plugin for WordPress versions prior to 4.7.1 is susceptible to a cross-site scripting vulnerability. This issue arises because the plugin fails to properly escape the shortcode field when outputting the value of the BEAF Slider widget. As a result,...

PoC for CVE-2026-15675

Code-projectsOnline Job Portal6.9MEDIUM
SQL Injection Vulnerability in Online Job Portal by Code-Projects

A vulnerability exists within the Online Job Portal 1.0 developed by Code-Projects, where an attacker can exploit the EditUser.php file through manipulation of the UserId argument, leading to SQL injection. This flaw allows unauthorized access to the database and potential exposure of sensitive i...

PoC for CVE-2026-15672

ItsourcecodeElectronic Judging System5.3MEDIUM
SQL Injection in itsourcecode Electronic Judging System Affects Rem...

A vulnerability has been identified within the itsourcecode Electronic Judging System, specifically affecting the /intrams/admin/add_judges.php file. The manipulation of the 'fname' argument can lead to SQL injection, enabling an attacker to execute arbitrary SQL commands. This exploitation can o...

Discovered 12 hours ago

PoC for CVE-2026-15669

Louisho5Picobot4.8MEDIUM
OS Command Injection Vulnerability in louisho5 Picobot by louisho5

A significant vulnerability has been identified in the louisho5 Picobot up to version 0.2.0, specifically affecting the ExecTool.Execute function within the exec.go file. This flaw allows for os command injection due to improper input validation, posing a risk for local exploitation. Although the...

Discovered 13 hours ago

PoC for CVE-2026-46456

ApacheApache Camel9.8CRITICAL
Improper Input Validation in Apache Camel AWS2-SQS Component

An improper input validation vulnerability in the Apache Camel AWS2-SQS Component allows unauthorized manipulation of Camel control headers through unfiltered inbound message attributes. This flaw may permit an attacker to influence the behavior of downstream routes by injecting arbitrary headers...

PoC for CVE-2026-15668

Louisho5Picobot5.3MEDIUM
Server-Side Request Forgery in louisho5 picobot Web Tool

A vulnerability exists in the louisho5 picobot web Tool which could allow an attacker to exploit the WebTool.Execute function within the internal/agent/tools/web.go file. By manipulating the URL argument, a remote attacker may execute server-side request forgery (SSRF) attacks. This vulnerability...

PoC for CVE-2026-15629

Louisho5Picobot5.3MEDIUM
Improper Link Resolution in louisho5 picobot Component

A weakness has been discovered in the louisho5 picobot's Workspace Handler, specifically in the CreateSkill/GetSkill functions found in the filesystem.go file. This vulnerability enables an attacker to manipulate link following behavior, potentially allowing unauthorized access and exploitation. ...

Discovered 14 hours ago

PoC for CVE-2026-15628

ZhayujieChatgpt-on-wechat Cowa...5.3MEDIUM
Server-Side Request Forgery Vulnerability in zhayujie ChatGPT-on-We...

A security issue has been found in zhayujie ChatGPT-on-WeChat CowAgent that allows for server-side request forgery (SSRF). This vulnerability affects the Vision Tool component, specifically the Vision._download_to_data_url function within the vision.py file. By manipulating the 'image' argument, ...

PoC for CVE-2026-15627

NextlevelbuilderGoclaw5.3MEDIUM
Information Disclosure Vulnerability in nextlevelbuilder GoClaw

A vulnerability in the GoClaw tool from nextlevelbuilder may allow for information disclosure due to improper handling of navigation parameters within the handleNavigate function. Specifically, manipulation of the args.targetUrl argument can facilitate unauthorized remote access to sensitive info...

Discovered 15 hours ago

PoC for CVE-2026-15626

NextlevelbuilderGoclaw5.3MEDIUM
Path Traversal Vulnerability in nextlevelbuilder GoClaw ToolBridge ...

A path traversal vulnerability was identified in nextlevelbuilder GoClaw version 3.13.3-beta.3. This issue arises in the 'writeFile' function within the file internal/providers/acp/tool_bridge.go of the ACP ToolBridge Workspace Handler. An attacker can exploit this vulnerability remotely, allowin...

PoC for CVE-2026-15625

NextlevelbuilderGoclaw5.3MEDIUM
Command Execution Vulnerability in nextlevelbuilder GoClaw Product

A vulnerability exists in the ExecApprovalManager.CheckCommand function within the GoClaw product. This flaw is characterized by an incomplete blacklist, which could allow an attacker to execute arbitrary commands remotely. The issue has been publicly disclosed, highlighting the importance of pro...

PoC for CVE-2020-14343

PyyamlPyyaml9.8CRITICAL
Arbitrary Code Execution in PyYAML Library Affecting Multiple Versions

The PyYAML library, specifically in versions preceding 5.4, has a vulnerability allowing arbitrary code execution when handling untrusted YAML input via the full_load method or FullLoader. This weakness can be exploited by an attacker to execute malicious code on the affected system, taking advan...

PoC for CVE-2022-1471

SnakeyamlSnakeyaml🟣 EPSS 100%9.8CRITICAL
Remote Code execution in SnakeYAML

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization...

PoC for CVE-2022-29078

EjsEjs🟣 EPSS 33%9.8CRITICAL
Server-Side Template Injection in Embedded JavaScript Templates for...

The ejs (Embedded JavaScript templates) package version 3.1.6 for Node.js is susceptible to server-side template injection. This occurs when the 'settings[view options][outputFunctionName]' is manipulated, allowing an attacker to replace the outputFunctionName option with a malicious OS command. ...

PoC for CVE-2026-15624

NextlevelbuilderGoclaw5.3MEDIUM
Server-Side Request Forgery in Nextlevelbuilder GoClaw by Nextlevel...

A security flaw has been discovered in Nextlevelbuilder's GoClaw version 3.13.3-beta.3, specifically within the bytePlusDownloadVideo function found in the internal/tools/create_video_byteplus.go file. This vulnerability allows attackers to manipulate the output.video_url argument, leading to pot...

Discovered 16 hours ago

PoC for CVE-2026-15622

Poco-aiPoco-claw6.9MEDIUM
Authorization Bypass Vulnerability in Poco AI Poco-Claw Workspace API

A vulnerability exists in the Poco AI Poco-Claw Workspace API that allows an unauthorized user to bypass intended access controls. The issue lies within the function get_workspace_file located in executor_manager/app/api/v1/workspace.py. This flaw arises when the user_id argument is manipulated, ...

PoC for CVE-2026-15622

Poco-aiPoco-claw6.9MEDIUM
Authorization Bypass Vulnerability in Poco AI Poco-Claw Workspace API

A vulnerability exists in the Poco AI Poco-Claw Workspace API that allows an unauthorized user to bypass intended access controls. The issue lies within the function get_workspace_file located in executor_manager/app/api/v1/workspace.py. This flaw arises when the user_id argument is manipulated, ...

PoC for CVE-2026-15622

Poco-aiPoco-claw6.9MEDIUM
Authorization Bypass Vulnerability in Poco AI Poco-Claw Workspace API

A vulnerability exists in the Poco AI Poco-Claw Workspace API that allows an unauthorized user to bypass intended access controls. The issue lies within the function get_workspace_file located in executor_manager/app/api/v1/workspace.py. This flaw arises when the user_id argument is manipulated, ...

PoC for CVE-2026-15622

Poco-aiPoco-claw6.9MEDIUM
Authorization Bypass Vulnerability in Poco AI Poco-Claw Workspace API

A vulnerability exists in the Poco AI Poco-Claw Workspace API that allows an unauthorized user to bypass intended access controls. The issue lies within the function get_workspace_file located in executor_manager/app/api/v1/workspace.py. This flaw arises when the user_id argument is manipulated, ...

Discovered 17 hours ago

PoC for CVE-2018-16385

ThinkPHPThinkPHP9.8CRITICAL
SQL Injection Vulnerability in ThinkPHP Framework by Topthink

ThinkPHP versions prior to 5.1.23 are susceptible to SQL injection attacks through the 'public/index/index/test/index' query string. This vulnerability allows malicious actors to execute arbitrary SQL queries on the underlying database, potentially leading to unauthorized access or manipulation o...

PoC for CVE-2026-15620

MosaxivClawlet5.3MEDIUM
Server-Side Request Forgery in mosaxiv Clawlet Affects Multiple Ver...

A security vulnerability has been found in mosaxiv Clawlet versions up to 0.2.10, specifically within the tools.webFetch function located in the tools/tool_web_fetch.go file. This flaw allows attackers to execute server-side request forgery (SSRF) attacks, which can be initiated remotely. The exp...

PoC for CVE-2026-56291

Balbooa.comBalbooa.com Balbooa Fo...10CRITICAL
Unauthenticated Arbitrary File Upload Vulnerability in Balbooa Form...

The Balbooa Forms extension for Joomla contains a vulnerability that allows unauthenticated users to upload arbitrary files, including executable files. This flaw can be exploited to achieve remote code execution (RCE), posing a significant security threat to sites leveraging this extension. It i...