Publicly Disclosed
PoC Exploits
🔴 Alway take caution when working with PoC Exploits 🔴
Discovered just now...
PoC for CVE-2021-33044
A vulnerability affecting various Dahua security devices allows attackers to bypass the authentication mechanism during the login process. By crafting malicious data packets, attackers can exploit this flaw to gain unauthorized access to sensitive device functionalities, potentially compromising ...
PoC for CVE-2025-55182
A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...
Discovered 7 hours ago
PoC for CVE-2026-4632
A security flaw has been discovered in the itsourcecode Online Enrollment System version 1.0. This vulnerability resides in the /sms/user/index.php?view=add file, specifically affecting the parameter handling mechanism. By manipulating the 'Name' argument, an attacker could execute a SQL injectio...
Discovered 8 hours ago
PoC for CVE-2024-46879
A Reflected Cross-Site Scripting (XSS) vulnerability is present in the POST request data zipPath of tiki-admin_system.php in Tiki version 21.2. This flaw permits attackers to inject and execute arbitrary JavaScript code through specially crafted input, which can lead to unauthorized interactions ...
PoC for CVE-2024-46878
A Cross-Site Scripting (XSS) vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier, enabling attackers to execute arbitrary JavaScript code. This exploit can lead to unauthorized access to sensitive information or unauthorized actions, posing significant...
PoC for CVE-2026-23744
MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...
Discovered 9 hours ago
PoC for CVE-2026-4626
A Cross Site Scripting (XSS) vulnerability has been identified in the projectworlds Lawyer Management System version 1.0, affecting an unspecified function within the file /lawyer_booking.php. The vulnerability arises from improper handling of the 'Description' parameter, which allows attackers t...
PoC for CVE-2026-4625
A vulnerability has been identified in the SourceCodester Online Admission System version 1.0, specifically in the 'programmes.php' file. This flaw allows an attacker to manipulate the 'program' argument, leading to a SQL injection scenario. This issue can be exploited remotely, allowing unauthor...
PoC for CVE-2026-4624
A SQL injection vulnerability has been identified in the SourceCodester Online Library Management System version 1.0. The issue arises from an insufficiently validated input within an unspecified function of the file /home.php related to the Parameter Handler component. Attackers can manipulate t...
Discovered 10 hours ago
PoC for CVE-2026-4623
A vulnerability has been discovered in the DefaultFuction Jeson-Customer-Relationship-Management-System, specifically within the API Module located at /api/System.php. This vulnerability allows an attacker to manipulate the 'url' parameter, potentially leading to server-side request forgery (SSRF...
Discovered 11 hours ago
PoC for CVE-2026-4617
A security weakness has been identified in the SourceCodester Patients Waiting Area Queue Management System version 1.0, specifically within the ValidateToken function located in /php/api_patient_checkin.php. This vulnerability allows unauthorized manipulation of the Patient Check-In Module, maki...
Discovered 12 hours ago
PoC for CVE-2026-4615
A SQL injection vulnerability exists in the SourceCodester Online Catering Reservation 1.0 application, specifically within the /search.php file. The flaw allows attackers to manipulate the 'rcode' argument, potentially leading to unauthorized database access and data manipulation. This vulnerabi...
PoC for CVE-2026-4614
A vulnerability has been identified in the itsourcecode 'sanitize or validate this input' product, specifically within the Parameter Handler component located in the /admin/subjects.php file. This privilege can be exploited through manipulation of the argument subject_code, which results in SQL i...
Discovered 13 hours ago
PoC for CVE-2026-4613
A security issue has been identified in SourceCodester E-Commerce Site version 1.0, specifically within the /products.php file. This vulnerability allows for SQL injection via the manipulation of the Search argument, which can be exploited remotely by attackers. The public disclosure of this expl...
Discovered 14 hours ago
PoC for CVE-2026-4612
A SQL injection vulnerability exists in the itsourcecode Free Hotel Reservation System version 1.0, specifically within the file /hotel/admin/mod_users/index.php?view=edit&id=8. This vulnerability arises when the argument account_id is manipulated, allowing attackers to execute arbitrary SQL quer...
Discovered 15 hours ago
PoC for CVE-2026-4597
A security flaw has been identified in the Stream Proxy Query Handler of the wvp-GB28181-pro product, specifically involving the selectAll function in StreamProxyProvider.java. This vulnerability enables SQL injection attacks, which can be executed remotely, providing attackers the ability to man...
Discovered 16 hours ago
PoC for CVE-2026-4596
A cross-site scripting (XSS) vulnerability has been identified in Projectworlds Lawyer Management System version 1.0, specifically affecting the processing of parameters in the /lawyers.php file. This vulnerability allows remote attackers to inject malicious scripts via the 'first_Name' argument,...
Discovered 17 hours ago
PoC for CVE-2026-32852
A reflected cross-site scripting vulnerability exists in MailEnable versions prior to 10.55, affecting its webmail interface. This security flaw allows remote attackers to execute arbitrary JavaScript in a victim's browser. By crafting a malicious URL with an exploited StartDate parameter in the ...
PoC for CVE-2026-4595
A cross-site scripting (XSS) vulnerability has been identified within the Exam Form Submission 1.0 product from Code-Projects. This vulnerability is related to improper handling of the 'sname' argument within the /admin/update_s6.php file, potentially allowing remote attackers to inject malicious...
PoC for CVE-2026-25075
strongSwan versions ranging from 4.5.0 up to 6.0.4 are impacted by an integer underflow vulnerability in the EAP-TTLS AVP parser. This flaw enables unauthenticated remote attackers to disrupt service by submitting specially crafted AVP data with erroneous length fields during IKEv2 authentication...
Discovered 18 hours ago
PoC for CVE-2026-4594
A vulnerability has been identified in the Erupt Framework's EruptJpaUtils.java file, specifically within the geneEruptHqlOrderBy function. This flaw allows attackers to manipulate the sort.field argument, potentially leading to SQL injection attacks through an improperly validated input. The vul...
Discovered 19 hours ago
PoC for CVE-2026-4593
A significant vulnerability has been identified in the Erupt MCP Tool Interface, specifically within the EruptDataQuery function located in EruptDataQuery.java. This flaw allows for SQL injection via improper input validation, enabling remote attackers to manipulate database queries. The exploit ...
Discovered 22 hours ago
PoC for CVE-2019-25625
Blob Studio version 2.17 is susceptible to a denial of service vulnerability, which can be exploited by local attackers. By supplying malformed input through the key entry mechanism, an attacker can create a text file filled with excessively repeated characters. When this file is accessed by the ...
PoC for CVE-2019-25624
Liquid Studio 2.17 is affected by a denial of service vulnerability that enables local attackers to crash the application through malformed input via the keyboard interface. When arbitrary characters are entered during the application's runtime, it can lead to the application becoming unresponsiv...
PoC for CVE-2019-25623
Luminance Studio 2.17 is susceptible to a denial of service issue that arises when local attackers input malformed characters via the keyboard interface. By generating specially crafted text files with arbitrary character sequences, these attackers can cause the application to either freeze or te...
PoC for CVE-2019-25622
Paint Studio version 2.17 is susceptible to a denial of service vulnerability that allows local attackers to crash the application. By providing malformed input through the key entry mechanism, attackers can create a specially crafted text file that causes the application to consume excessive res...
PoC for CVE-2019-25621
Pixel Studio 2.17 contains a vulnerability that allows local attackers to disrupt the application’s functionality through malformed input via the keyboard interface. By entering arbitrary characters, an attacker can cause the application to become unresponsive or to terminate unexpectedly, leadin...
PoC for CVE-2019-25620
Tree Studio version 2.17 is vulnerable to a denial of service attack that can be exploited by local attackers. By providing malformed input via the keyboard interface, an attacker can cause the application to crash or become unresponsive. This vulnerability allows for the execution of arbitrary c...
Discovered 1 day ago
PoC for CVE-2026-4586
A vulnerability has been identified in CodePhiliaX's Chat2DB, affecting versions up to 0.3.7. The issue resides in the JDBC Driver Upload functionality, specifically within the Upload method of the JdbcDriverController.java file. This flaw enables attackers to perform unauthorized file uploads, a...
PoC for CVE-2026-4585
An OS command injection vulnerability has been identified in the Tiandy Easy7 Integrated Management Platform, specifically affecting versions up to 7.17.0. This flaw resides in the Configuration Handler component, particularly within the ImportSystemConfiguration.jsp file. By manipulating the arg...
PoC for CVE-2026-4584
A flaw in the Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N poses a significant risk due to inappropriate handling of cardholder data. This vulnerability allows for the potential cleartext transmission of sensitive information over the local network, exposing it to unauthorized access. Exploiting ...
PoC for CVE-2026-4583
A vulnerability exists within the Bluetooth Handler of the Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This flaw enables an attacker to bypass authentication through capture-replay techniques. Exploitation requires the attacker to be on the same local network, complicating the attack process. D...
PoC for CVE-2026-4582
A security vulnerability has been identified in the Shenzhen HCC Technology MPOS M6 PLUS, specifically related to the Bluetooth component where authentication is absent. This vulnerability allows potential local network exploitation, although such attacks are complex and challenging to execute. D...
PoC for CVE-2026-4581
A significant SQL injection vulnerability has been discovered in the Simple Laundry System version 1.0, specifically affecting the /checklogin.php file within the Parameters Handler component. The flaw allows unauthorized manipulation of the Username argument, enabling remote attackers to execute...
PoC for CVE-2026-4580
A security vulnerability has been found in version 1.0 of the Code-Projects Simple Laundry System, specifically within the checkupdatestatus.php file related to the Parameters Handler component. An attacker can exploit this vulnerability by manipulating the serviceId argument, enabling a remote S...
PoC for CVE-2025-21756
A vulnerability in the Linux kernel allows for improper socket binding, leading to potential use-after-free scenarios. Specifically, the issue arises in the vsock module where socket bindings may not be preserved correctly during transport reassignment. This flaw can cause unintended memory acces...
PoC for CVE-2026-4579
A security flaw has been discovered in Simple Laundry System version 1.0, specifically within the Parameters Handler component. This vulnerability occurs in the /viewdetail.php file, where improper handling of the input parameter 'serviceId' can result in SQL injection. Attackers can exploit this...
PoC for CVE-2026-4578
A cross-site scripting vulnerability exists in the Exam Form Submission product developed by code-projects. This issue arises from improper validation of the 'sname' argument in the /admin/update_s3.php file. An attacker can exploit this vulnerability remotely by inputting malicious scripts, pote...
PoC for CVE-2026-23744
MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...
PoC for CVE-2026-4577
A cross-site scripting vulnerability exists in the Code-Projects Exam Form Submission version 1.0, specifically in the '/admin/update_s4.php' file. Insufficient input validation allows an attacker to manipulate the 'sname' argument, leading to the execution of arbitrary scripts in the context of ...
PoC for CVE-2026-1969
The trx_addons WordPress plugin prior to version 2.38.5 contains a flaw in its AJAX action that improperly validates file types. This weakness enables unauthenticated users to upload malicious files, posing a significant threat to website security. The vulnerability stems from an unsuccessful fix...
PoC for CVE-2026-4576
A vulnerability in the code-projects Exam Form Submission software has been identified, specifically within the file /admin/update_s5.php. The flaw allows remote attackers to manipulate the 'sname' parameter, leading to Cross Site Scripting (XSS) attacks. This exploitation can potentially comprom...
PoC for CVE-2026-4575
A cross site scripting vulnerability exists in the Exam Form Submission 1.0 application, specifically in the handling of input within the /admin/update_s2.php file. The flaw allows an attacker to manipulate the 'sname' parameter, enabling remote code execution through malicious scripts. This coul...
PoC for CVE-2026-4574
A vulnerability has been identified in the SourceCodester Simple E-learning System 1.0, specifically within the User Profile Update Handler. This flaw allows an attacker to manipulate the 'firstName' argument, facilitating SQL injection attacks. Such an attack can be executed remotely, compromisi...
PoC for CVE-2026-4573
A security vulnerability has been discovered in the SourceCodester Simple E-learning System that allows an attacker to manipulate the HTTP GET parameter 'post_id' within the delete_post.php file. This flaw can lead to SQL injection, enabling remote attackers to execute unauthorized SQL commands a...
PoC for CVE-2026-4572
A vulnerability exists in the SourceCodester Sales and Inventory System version 1.0 that allows an attacker to exploit the HTTP POST request handler in the /view_product.php file. By manipulating the searchtxt parameter, an SQL injection attack can be executed remotely, leading to unauthorized ac...
PoC for CVE-2026-4571
A security flaw has been identified in the SourceCodester Sales and Inventory System 1.0, specifically within the '/view_payments.php' file associated with the HTTP POST Request Handler component. By manipulating the 'searchtxt' argument, an attacker can exploit this vulnerability to execute SQL ...
PoC for CVE-2026-4570
A vulnerability exists in the SourceCodester Sales and Inventory System 1.0, specifically within the /view_customers.php file. The HTTP POST Request Handler is susceptible to SQL injection due to improper validation of the 'searchtxt' parameter. An attacker can exploit this loophole remotely, all...
PoC for CVE-2026-4569
A SQL injection vulnerability exists in the SourceCodester Sales and Inventory System version 1.0, specifically within the /view_category.php file. The issue arises due to improper handling of the 'searchtxt' parameter in HTTP POST requests. This flaw allows attackers to manipulate the input to e...
PoC for CVE-2026-4568
A vulnerability in the SourceCodester Sales and Inventory System version 1.0 allows for SQL injection through improper handling of the 'sid' argument in the /update_supplier.php file. This weakness can be exploited remotely, potentially allowing attackers to execute arbitrary SQL commands and com...