Publicly Disclosed
PoC Exploits

🔴 Alway take caution when working with PoC Exploits 🔴

Discovered 3 hours ago

PoC for CVE-2026-15202

YzmCMSYzmcms5.3MEDIUM
Cross Site Scripting Vulnerability in YzmCMS by YzmCMS

A security flaw has been identified in the YzmCMS component 'Header Handler' in versions up to 7.5, specifically within the get_url function located in the yzmphp.php file. This vulnerability arises from improper validation of the HTTP_HOST argument, allowing attackers to perform cross-site scrip...

PoC for CVE-2026-40473

ApacheApache Camel Mina8.8HIGH
Arbitrary Code Execution in Apache Camel's MinaConverter Component

The Apache Camel MinaConverter component is prone to a vulnerability that permits an attacker to exploit the serialization process by sending a crafted serialized Java object over the network. This issue occurs due to the lack of ObjectInputFilter or class-loading restrictions when the MinaConver...

PoC for CVE-2026-15194

Open5GSOpen5gs4.8MEDIUM
Use After Free Vulnerability in Open5GS Software by Open5GS

A security flaw has been identified in Open5GS version 2.7.7 affecting the AMF component's function amf_context_final located in src/amf/context.c. This vulnerability arises from improper handling of memory, leading to a use after free condition. An attacker with local access can exploit this fla...

PoC for CVE-2026-15193

AidanparkOpenclaw-android4.8MEDIUM
OS Command Injection Vulnerability in AidanPark Android WebView Bridge

AidanPark's openclaw-android is susceptible to an OS command injection vulnerability due to a flaw in the Android WebView Bridge component. This issue arises from improper handling of functions within JsBridge.kt, which allows local attackers to inject arbitrary commands into the system. As this ...

Discovered 4 hours ago

PoC for CVE-2026-15192

MettleSendportal6.9MEDIUM
Improper Authentication Vulnerability in Mettle Sendportal APIv1 We...

A vulnerability has been identified in Mettle Sendportal, specifically in the APIv1 Webhooks component that handles sendgrid, postmark, postal, and mailjet functionalities. This flaw results in missing authentication, allowing potential attackers to exploit the system remotely. The vulnerability ...

PoC for CVE-2026-15191

MettleSendportal5.3MEDIUM
Authorization Bypass in Mettle SendPortal by Mettle

A vulnerability has been identified in Mettle SendPortal, specifically within the Campaign Creation Endpoint. This flaw allows an attacker to bypass authorization controls by manipulating the request handling mechanism in the CampaignStoreRequest.php file. The vulnerability is remotely exploitabl...

PoC for CVE-2021-3712

OpenSSLOpenSSL🟣 EPSS 50%7.4HIGH
Read buffer overruns processing ASN.1 strings

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) b...

PoC for CVE-2026-15190

SourcecodesterSimple And Nice Shoppi...6.9MEDIUM
SQL Injection Vulnerability in SourceCodester Simple and Nice Shopp...

A security vulnerability has been identified in SourceCodester's Simple and Nice Shopping Cart Script 1.0 that allows for SQL injection attacks via the '/login.php' file. By manipulating the 'Username' argument, attackers can exploit this weakness to execute unauthorized SQL commands remotely, po...

Discovered 5 hours ago

PoC for CVE-2026-15188

ManjurulhoqueDjango-job-portal5.3MEDIUM
Improper Access Control in Employee Dashboard Endpoint of Django Jo...

A vulnerability has been discovered in the Django Job Portal's Employee Dashboard Endpoint, specifically within the function EditEmployeeProfileAPIView. This weakness allows for improper access control due to manipulation of the role argument. Attackers may exploit this flaw remotely, as the nece...

Discovered 6 hours ago

PoC for CVE-2026-15187

Node.jsEnquirer5.3MEDIUM
Prototype Pollution Vulnerability in Enquirer by Node.js

A security flaw has been identified in the Enquirer library, impacting versions up to 2.4.1. The vulnerability lies within the Enquirer.set function of the Public Package API, where improper handling of the question.name argument leads to uncontrolled modifications of object prototype attributes....

Discovered 8 hours ago

PoC for CVE-2026-15185

GPACGpac4.8MEDIUM
Out-of-Bounds Read Vulnerability in GPAC MP4Box

A vulnerability has been identified in GPAC's MP4Box, specifically in the vobsub_read_idx function found within the /src/media_tools/vobsub.c file. A local attacker can exploit this vulnerability by manipulating the num_langs argument, potentially leading to an out-of-bounds read. The exploit has...

PoC for CVE-2026-15184

GnuLibredwg4.8MEDIUM
Null Pointer Dereference Vulnerability in GNU LibreDWG's DWG File H...

A local vulnerability exists in GNU LibreDWG's DWG File Handler due to a null pointer dereference in the dwg_next_entity function. This issue can be exploited by manipulating the next_obj argument, potentially leading to application crashes. Users are strongly advised to upgrade to version 0.14 t...

Discovered 9 hours ago

PoC for CVE-2026-15182

GnuLibredwg4.8MEDIUM
Heap-based Buffer Overflow in GNU LibreDWG's BMP Image Handler

A vulnerability exists in the BMP Image Handler of GNU LibreDWG versions up to 0.13.4, specifically in the dwg_bmp function within src/dwg.c. This flaw allows for a locally executed heap-based buffer overflow, which can lead to potential exploitation of memory corruption. To mitigate this risk, u...

PoC for CVE-2026-53571

VitejsVite8.2HIGH
Frontend Tooling Framework Vulnerability Affecting Vite by Vite.js

The vulnerability in Vite, a widely-used frontend tooling framework for JavaScript, poses a significant security risk on Windows systems. Prior to specific versions (8.0.16, 7.3.5, and 6.4.3), the server.fs.deny configuration meant to prevent access to sensitive files can be bypassed. Due to impr...

Discovered 10 hours ago

PoC for CVE-2026-50746

Ubiquiti IncUnifi Connect Application10CRITICAL
Improper Access Control Vulnerability in UniFi Connect Application ...

A vulnerability exists in the UniFi Connect Application due to improper access control mechanisms. This flaw allows a malicious actor with network access to exploit the system by executing arbitrary commands on the host device. As a result, unauthorized actions could be performed, potentially com...

Discovered 11 hours ago

PoC for CVE-2026-50131

Fedify-devFedify8.6HIGH
SSRF Vulnerability in Fedify TypeScript Library by Fedify

The Fedify TypeScript library, used for building federated server applications powered by ActivityPub, has a critical vulnerability relating to Server-Side Request Forgery. While prior updates attempted to address internal network access by adding public URL validation for outbound fetches, the v...

PoC for CVE-2026-43499

LinuxLinux7.8HIGH
Linux Kernel Vulnerability in rtmutex Component Affecting Multiple ...

A vulnerability exists in the Linux kernel's rtmutex component where the remove_waiter() function incorrectly utilizes current instead of waiter::task during a dequeue operation within various mutex handling paths. This mismanagement leads to multiple issues, including potential use-after-free vu...

Discovered 14 hours ago

PoC for CVE-2026-12517

WordPressFediverse Embeds5.3MEDIUM
Server-Side Request Forgery Vulnerability in Fediverse Embeds WordP...

The Fediverse Embeds WordPress plugin, prior to version 1.5.8, contains a vulnerability that permits unauthenticated users to conduct Server-Side Request Forgery (SSRF) attacks. Through a compromised site-info endpoint, attackers can send requests to internal and private-network URLs, thereby obt...

PoC for CVE-2026-11875

WordPressWP Support Plus Respon...5.3MEDIUM
Session Cookie Forgery in WP Support Plus Responsive Ticket System ...

The WP Support Plus Responsive Ticket System plugin for WordPress, up to version 9.1.2, is vulnerable due to its lack of signing and verification of guest-session cookies. This flaw enables unauthenticated users to create forged cookies, allowing them to impersonate legitimate ticket owners. Cons...

PoC for CVE-2026-11571

WordPressEverest Forms7.5HIGH
File Exposure Vulnerability in Everest Forms Plugin by WordPress

The Everest Forms plugin for WordPress, prior to version 3.5.0, fails to properly manage temporary CSV files created during email notification processes. This oversight leaves the files accessible in the public uploads directory. As a result, unauthenticated attackers can exploit this vulnerabili...

PoC for CVE-2026-12516

WordPressFediverse Embeds5.3MEDIUM
Server-Side Request Forgery Vulnerability in Fediverse Embeds WordP...

The Fediverse Embeds WordPress plugin prior to version 1.5.8 is susceptible to a security flaw that permits unauthenticated users to submit server-side requests to arbitrary URLs. This vulnerability arises from the lack of validation checks on the destination of the requests made through a media-...

PoC for CVE-2026-12270

WordPressEverest Forms6.5MEDIUM
Access Control Flaw in Everest Forms WordPress Plugin by WPMU DEV

The Everest Forms WordPress plugin prior to version 3.5.0 contains an access control issue that allows unauthenticated users to exploit vulnerabilities in its onboarding assistant features. This flaw arises from insufficient checks on specific REST API endpoints, enabling attackers to bypass capa...

PoC for CVE-2026-11869

WordPressWP Dsgvo Tools (gdpr)5.3MEDIUM
Data Exposure in WP DSGVO Tools Plugin for WordPress

The WP DSGVO Tools (GDPR) plugin for WordPress, prior to version 3.1.40, contains a security flaw that lacks proper authorization checks in its data subject access request processing. This vulnerability enables unauthenticated attackers to generate and download full personal data exports, which m...

Discovered 16 hours ago

PoC for CVE-2023-0386

LinuxKernel7.8HIGH
Privilege Escalation Vulnerability in Linux Kernel’s OverlayFS System

A vulnerability exists in the Linux kernel's OverlayFS subsystem that enables a local user to gain unauthorized access to a setuid file with capabilities. This issue arises when a user copies a capable file from a nosuid mount to another mount, leading to potential privilege escalation. The uid m...

Discovered 17 hours ago

PoC for CVE-2025-27636

ApacheApache Camel🟣 EPSS 80%5.6MEDIUM
Bypass/Injection Vulnerability in Apache Camel by Apache

A bypass and injection vulnerability exists in Apache Camel stemming from a flaw in its default header filtering mechanism. This flaw allows attackers to circumvent protective measures by manipulating the casing of header names. As a result, they can inject malicious headers which may invoke arbi...

Discovered 18 hours ago

PoC for CVE-2026-44825

ApacheApache Solr8.1HIGH
Basic Authentication Flaw in Apache Solr Affects User Security

A vulnerability in Apache Solr allows for remote unauthorized access due to hardcoded default credentials in the Basic Authentication setup tool. Versions 9.4.0 through 9.10.1 and 10.0.0 are particularly exposed, as attackers can leverage these known credentials to gain full control over the Solr...

Discovered 19 hours ago

PoC for CVE-2026-40048

ApacheApache Camel Pqc7.8HIGH
Deserialization Vulnerability in Apache Camel's File-Based Key Manager

The FileBasedKeyLifecycleManager class in Apache Camel allows deserialization of `<keyId>.key` files using java.io.ObjectInputStream without implementing ObjectInputFilter or restricting class loading. This flaw can lead to arbitrary code execution due to unsanitized deserialization methods being...

Discovered 20 hours ago

PoC for CVE-2021-40346

HaproxyHaproxy🟣 EPSS 58%7.5HIGH
Integer Overflow Vulnerability in HAProxy Versions 2.0 to 2.5

An integer overflow vulnerability is present in HAProxy versions 2.0 through 2.5. This flaw is associated with the htx_add_header function, enabling attackers to exploit the vulnerability to conduct an HTTP request smuggling attack. By bypassing all configured HTTP request Access Control Lists (A...

PoC for CVE-2026-15138

TumfMcp-text-editor5.3MEDIUM
Path Traversal Vulnerability in Tumf MCP Text Editor Affects Versio...

A security vulnerability has been identified in Tumf's MCP Text Editor, specifically in the _validate_file_path function found in text_editor.py. This vulnerability allows an attacker to perform path traversal by manipulating the 'file_path' argument, potentially gaining unauthorized access to se...

PoC for CVE-2026-15137

Code-projectsInterview Management S...6.9MEDIUM
SQL Injection Vulnerability in Code-Projects Interview Management S...

A vulnerability has been discovered in the Code-Projects Interview Management System version 1.0, specifically affecting the View.php file located in the inc/classes directory. This weakness facilitates SQL injection through manipulated argument IDs. Attackers can exploit this vulnerability remot...

Discovered 21 hours ago

PoC for CVE-2026-15135

Code-projectsOnline Food Order System6.9MEDIUM
SQL Injection Vulnerability in Code-Projects Online Food Order System

A security vulnerability has been identified in the Online Food Order System by Code-Projects, specifically in the edit_food_items.php file. This flaw allows for SQL injection through manipulated inputs in the 'update' argument. Attackers can exploit this vulnerability remotely, potentially leadi...

PoC for CVE-2026-15134

CodeastroSimple Online Leave Ma...6.9MEDIUM
SQL Injection Vulnerability in CodeAstro Simple Online Leave Manage...

A vulnerability exists in the CodeAstro Simple Online Leave Management System version 1.0, specifically related to inadequate input validation in the /SimpleOnlineLeave/index.php file. By manipulating the 'email' parameter, an attacker may execute SQL injection attacks, potentially accessing sens...

Discovered 22 hours ago

PoC for CVE-2026-15105

DavenardellaSnap75.3MEDIUM
Deserialization Vulnerability in davenardella Snap7 Product

A deserialization flaw exists in davenardella's Snap7 product, impacting the TS7Worker::PerformFunctionRead function within the ReadVar Request Handler component. This vulnerability allows for manipulation of data structures, which can lead to remote exploitation on local networks. The problem ha...

Discovered 23 hours ago

PoC for CVE-2026-35204

HelmHelm8.4HIGH
Arbitrary File Write Vulnerability in Helm Package Manager

A security issue has been identified in Helm, the package manager for Kubernetes Charts. Versions 4.0.0 through 4.1.3 are impacted by a flaw that allows a specially crafted Helm plugin to write files to arbitrary locations on the filesystem when installed or updated. To mitigate this risk, it is ...

Discovered 1 day ago

PoC for CVE-2026-40047

ApacheApache Camel9.1CRITICAL
Command Injection Vulnerability in Apache Camel Docling Component

A command injection vulnerability exists in the Apache Camel Docling component due to improper validation of custom CLI arguments. The vulnerability arises when the DoclingProducer constructs an argument list for the external 'docling' command-line tool, where insufficient validation may allow an...

PoC for CVE-2026-59807

ComposiohqComposio8.9HIGH
Path Validation Bypass in Composio SDK Enables Sensitive File Exposure

The Composio SDK is affected by a path validation bypass vulnerability that allows malicious actors to read and exfiltrate sensitive files. This issue arises from the missing assertSafeFileUploadPath check in the readFileFromDisk function located in tool-file-uploads.ts. By exploiting prompt inje...

PoC for CVE-2026-59806

Gradio-appGradio4.9MEDIUM
Open Redirect and Server-Side Request Forgery in Gradio by Gradio App

Gradio, an application developed by Gradio App, contains a vulnerability that impacts versions prior to 6.20.0. This security issue involves an open redirect and server-side request forgery that can be exploited by attackers. By manipulating the file_fetch() function in the /gradio_api/file= endp...

PoC for CVE-2026-59804

Web-infra-devMidscene7.6HIGH
Unauthenticated Remote Attack Risk in Midscene Bridge Server by Web...

The Midscene Bridge Server, up to version 1.10.3, is susceptible to a vulnerability that enables unauthenticated remote attackers to hijack active bridge sessions. This exploit works by opening a cross-origin WebSocket connection to the local Socket.IO server, which fails to validate the Origin h...

PoC for CVE-2026-59803

SmallnestRpcx8.7HIGH
Denial-of-Service Vulnerability in rpcx by Smallnest

The rpcx library, prior to version 1.9.3, is susceptible to a denial-of-service attack due to inadequate controls in the message decoding process. When handling messages with a compression flag, the payload is decompressed without restrictions on size, which can result in significant heap allocat...

PoC for CVE-2026-60104

BitwardenServer9.3CRITICAL
Authorization Bypass in Bitwarden Server Exposes Vault Keys

A vulnerability in Bitwarden Server prior to version 2026.6.0 allows a low-privileged member of an organization to exploit the authentication request process. By creating a Trusted Device Encryption request using an attacker-controlled public key, the malicious actor can obtain another user's vau...

PoC for CVE-2025-54136

CursorCursor7.2HIGH
Remote Code Execution Vulnerability in Cursor Code Editor by Cursor

In Cursor Code Editor versions prior to 1.3, a significant vulnerability exists allowing attackers to execute arbitrary code remotely. This occurs through manipulation of a trusted MCP configuration file either within a shared GitHub repository or on the target machine. If an attacker can alter t...

PoC for CVE-2021-21974

VmwareVmware Esxi🟣 EPSS 45%8.8HIGH
Heap Overflow Vulnerability in ESXi by VMware

The OpenSLP service in VMware ESXi contains a heap overflow vulnerability that could allow an attacker within the same network segment to execute arbitrary code. By sending specially crafted packets to port 427, an unauthorized actor may exploit this flaw, potentially compromising the entire syst...

PoC for CVE-2026-43499

LinuxLinux7.8HIGH
Linux Kernel Vulnerability in rtmutex Component Affecting Multiple ...

A vulnerability exists in the Linux kernel's rtmutex component where the remove_waiter() function incorrectly utilizes current instead of waiter::task during a dequeue operation within various mutex handling paths. This mismanagement leads to multiple issues, including potential use-after-free vu...

PoC for CVE-2026-15036

HarnessHarness5.3MEDIUM
Authorization Bypass in Harness Gitspaces Component

A vulnerability exists in the Harness platform, specifically within the gitspaces component, affecting versions up to 2.28.2. The issue is located in the getAuthorizedSpaces function of the app/api/controller/gitspace/list_all.go file. It allows unauthorized users to bypass authorization, potenti...

PoC for CVE-2026-15035

BentomlOpenllm4.8MEDIUM
Command Injection in OpenLLM Model Repository by Bentoml

A command injection vulnerability has been identified in the OpenLLM 0.6.30, specifically within the async_run_command function located in src/openllm/common.py. This flaw allows an attacker to manipulate the cmd argument, potentially leading to unauthorized command execution on affected systems....

PoC for CVE-2026-56290

Joomlack.frJoomlack.fr Page Build...10CRITICAL
Unauthenticated Arbitrary File Upload Vulnerability in Joomla Exten...

The Joomla extension Page Builder CK contains a vulnerability that allows unauthenticated attackers to upload arbitrary files. This weakness can be exploited to upload executable files, resulting in remote code execution on the server. The implications of this vulnerability are severe, as it may ...

PoC for CVE-2026-15034

Flask-dashboardFlask-monitoringdashboard5.3MEDIUM
Cross-Site Request Forgery Vulnerability in Flask-MonitoringDashboa...

A vulnerability identified in Flask-MonitoringDashboard, up to version 5.0.2, facilitates cross-site request forgery attacks. This issue allows attackers to exploit certain functions without proper authorization, potentially leading to unauthorized actions performed on behalf of legitimate users....

PoC for CVE-2026-46242

LinuxLinux7.8HIGH
Eventpoll Memory Management Flaw in Linux Kernel

A memory management vulnerability in the Linux kernel's eventpoll subsystem allows for a misuse of freed memory, resulting from improper handling of file structures during critical operations. The flaw occurs when an ep_remove operation clears a file pointer under lock while allowing concurrent o...

Discovered 2 days ago

PoC for CVE-2026-12378

WordPressAppointment Booking Ca...8.1HIGH
PHP Deserialization Vulnerability in Appointment Booking Calendar P...

The Appointment Booking Calendar Plugin for WordPress, up to version 1.1.28, fails to validate user input before it is processed by a PHP deserialization function. This flaw exposes the plugin to attacks from unauthenticated users, who could exploit the vulnerability to inject arbitrary PHP objec...

PoC for CVE-2026-12277

WordPressFrontend File Manager ...8.7HIGH
Unauthorized File Deletion in Frontend File Manager Plugin by WordP...

The Frontend File Manager Plugin for WordPress, version 23.6, is susceptible to a vulnerability that allows unauthenticated users to delete arbitrary files on the server without proper validation of file paths derived from user input. This issue is particularly concerning when guest upload mode i...