Publicly Disclosed
PoC Exploits
đź”´ Alway take caution when working with PoC Exploits đź”´
Discovered 2 hours ago
PoC for CVE-2025-4915
The PHPGurukul Auto Taxi Stand Management System 1.0 has been identified as vulnerable to an SQL injection flaw affecting the handling of input parameters in the file /admin/auto-taxi-entry-detail.php. This vulnerability enables remote attackers to manipulate the price argument to execute arbitra...
Discovered 3 hours ago
PoC for CVE-2025-4914
The PHPGurukul Auto Taxi Stand Management System 1.0 contains a vulnerability that allows for SQL injection through the 'email' parameter in the /admin/forgot-password.php file. This flaw enables attackers to manipulate SQL queries, potentially leading to unauthorized data access or alteration. A...
PoC for CVE-2025-2560
The Ninja Forms WordPress plugin prior to version 3.10.1 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. The plugin fails to properly sanitize and escape certain settings, allowing high privilege users, such as administrators, to execute malicious scripts. This risk persists ...
PoC for CVE-2025-2524
The Ninja Forms plugin for WordPress is vulnerable to stored cross-site scripting due to inadequate sanitization and escaping of specific settings. This vulnerability affects high privilege users, such as administrators, especially within multisite configurations, allowing them to inject maliciou...
PoC for CVE-2025-2561
The Ninja Forms plugin for WordPress is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability in versions prior to 3.10.1. This flaw arises due to insufficient sanitization and escaping of certain settings, potentially allowing high privilege users, such as administrators, to execute X...
PoC for CVE-2025-1626
The Qi Blocks WordPress plugin, prior to version 1.4, is vulnerable to stored cross-site scripting (XSS) due to inadequate validation and escaping of certain Countdown block options. This flaw could be exploited by users with contributor roles and higher, allowing them to inject malicious scripts...
PoC for CVE-2025-1627
The Qi Blocks WordPress plugin, prior to version 1.4, fails to validate and escape certain block options before rendering them in pages or posts. This oversight can lead to stored cross-site scripting (XSS) vulnerabilities, allowing users with contributor roles and above to inject malicious scrip...
PoC for CVE-2025-1625
The Qi Blocks plugin for WordPress, up to version 1.4, contains a security flaw that fails to properly validate and escape certain Counter block options. This vulnerability allows users with contributor roles and above to manipulate the output, potentially leading to stored cross-site scripting a...
PoC for CVE-2025-4913
A SQL injection vulnerability exists in the PHPGurukul Auto Taxi Stand Management System 1.0, specifically in the file /admin/index.php. An attacker can manipulate the 'Username' argument to execute arbitrary SQL code, potentially compromising the database. This vulnerability allows for remote ex...
Discovered 4 hours ago
PoC for CVE-2025-4912
A path traversal vulnerability exists in the SourceCodester Student Result Management System 1.0, specifically in the /admin/core/update_student.php file related to the Image File Handler component. This vulnerability arises from improper validation of input, allowing attackers to manipulate the ...
PoC for CVE-2025-4911
A SQL injection vulnerability has been identified in the PHPGurukul Zoo Management System 2.1. This flaw resides in the /admin/view-foreigner-ticket.php file, where the manipulation of the 'viewid' argument allows an attacker to execute arbitrary SQL queries. The vulnerability can be exploited re...
Discovered 5 hours ago
PoC for CVE-2025-4910
A security flaw has been identified in version 2.1 of the PHPGurukul Zoo Management System, specifically within the /admin/edit-animal-details.php file. This vulnerability allows for SQL injection through the manipulation of the 'aname' argument, potentially enabling remote attackers to execute u...
PoC for CVE-2025-4909
A vulnerability was identified within the SourceCodester Client Database Management System 1.0 that allows for unauthorized information exposure via directory listing. This issue can be exploited remotely, potentially allowing attackers to gain access to sensitive data that should be protected. T...
Discovered 6 hours ago
PoC for CVE-2025-4908
A SQL Injection vulnerability has been identified in PHPGurukul's Daily Expense Tracker System version 1.1, specifically affecting the /expense-datewise-reports-detailed.php file. This flaw arises from improper handling of input parameters such as 'fromdate' and 'todate', allowing remote attacker...
PoC for CVE-2025-4907
A vulnerability exists in the PHPGurukul Daily Expense Tracker System, specifically in the forgot-password.php file. This security flaw allows an attacker to manipulate the email argument, leading to potential SQL injection attacks. Such vulnerabilities can be exploited remotely, enabling unautho...
Discovered 7 hours ago
PoC for CVE-2025-4906
The PHPGurukul Notice Board System version 1.0 is susceptible to a SQL injection vulnerability via the /login.php file. An attacker can exploit this weakness by manipulating the Username parameter, allowing for remote execution of unauthorized SQL commands. This vulnerability exposes sensitive da...
PoC for CVE-2025-4905
A local deserialization vulnerability exists in the iop-apl-uw basestation3 that affects the function load_qc_pickl within the file basestation3/QC.py. By manipulating the qc_file argument, an attacker can exploit this vulnerability. Although the issue has been reported and publicly disclosed, th...
Discovered 8 hours ago
PoC for CVE-2025-4904
A vulnerability in the D-Link DI-7003GV2 router allows remote attackers to manipulate the function sub_41F0FC in the webgl.data file, leading to unauthorized access to sensitive system information. This flaw could potentially expose confidential data to attackers, emphasizing the need for immedia...
PoC for CVE-2025-4903
A significant vulnerability has been identified in the D-Link DI-7003GV2 router's remote management capabilities. The flaw allows unauthorized users to change the router's password without verification, potentially giving them control over the device. This issue arises from improper access contro...
Discovered 10 hours ago
PoC for CVE-2025-4899
A security flaw has been identified in Campcodes Sales and Inventory System version 1.0, where improper handling of the 'ID' argument in the /pages/transaction_update.php file allows for SQL injection. This vulnerability can potentially enable remote attackers to manipulate database queries, posi...
Discovered 11 hours ago
PoC for CVE-2025-4898
A security flaw has been identified in the SourceCodester Student Result Management System version 1.0, specifically within the unlink function of the update_system.php file related to the Logo File Handler. This vulnerability allows an attacker to manipulate the old_logo argument, leading to una...
Discovered 12 hours ago
PoC for CVE-2025-4895
A security vulnerability has been identified in the SourceCodester Doctors Appointment System version 1.0, specifically in the handling of the /admin/delete-session.php file. This issue arises from improper validation of the ID argument, allowing an attacker to execute SQL injection attacks remot...
Discovered 13 hours ago
PoC for CVE-2025-4893
A path traversal vulnerability has been identified in the CoinExchange CryptoExchange Java application that affects its file upload functionality. The vulnerability lies within the uploadLocalImage method located in UploadFileUtil.java. An attacker can manipulate the 'filename' argument, allowing...
Discovered 14 hours ago
PoC for CVE-2025-4892
A buffer overflow vulnerability has been identified in the function criminal::remove of the Police Station Management System (version 1.0). This flaw, which resides in the source.cpp file, allows manipulation of the No argument, leading to a stack-based overflow. The attack must be conducted loca...
PoC for CVE-2025-32756
A stack-based buffer overflow vulnerability exists within Fortinet FortiVoice, FortiRecorder, FortiMail, FortiNDR, and FortiCamera products, allowing remote, unauthenticated attackers to execute arbitrary code or commands. This security flaw is triggered by sending specially crafted HTTP requests...
PoC for CVE-2025-4891
A buffer overflow vulnerability exists in the display function of the Police Station Management System's source code. This issue arises from improper handling of user-supplied input, specifically the argument N within the criminal::display function located in source.cpp. An attacker can exploit t...
Discovered 15 hours ago
PoC for CVE-2025-4890
A stack-based buffer overflow vulnerability exists in the LoginUser function of the Tourism Management System version 1.0, developed by Code-Projects. The flaw allows an attacker to manipulate the username and password input parameters, potentially leading to unauthorized access. This vulnerabili...
PoC for CVE-2025-4889
A buffer overflow vulnerability was discovered in the User Registration component of the Tourism Management System version 1.0. This issue arises from improper handling of user inputs, specifically in the AddUser function, where the manipulation of the username and password arguments can lead to ...
Discovered 16 hours ago
PoC for CVE-2025-4888
The Pharmacy Management System 1.0 from Code-Projects contains a buffer overflow vulnerability in the take_order function of the Add Order Details component. This issue allows local attackers to manipulate input, potentially leading to unexpected behaviors or system crashes, as the exploit is pub...
PoC for CVE-2025-4887
A cross-site request forgery vulnerability has been identified in the SourceCodester Online Student Clearance System version 1.0. This vulnerability allows attackers to manipulate requests made by users, potentially compromising user data and actions without their consent. Remote exploitation of ...
Discovered 17 hours ago
PoC for CVE-2025-4886
A vulnerability has been identified in the itsourcecode Sales and Inventory System version 1.0. This vulnerability arises from improper handling of input parameters in the /pages/product_update.php file, specifically targeting the 'serial' argument. By exploiting this flaw, attackers can execute ...
PoC for CVE-2025-4885
A significant SQL injection vulnerability has been identified in itsourcecode's Sales and Inventory System version 1.0. This vulnerability resides within the '/pages/product_add.php' file, where an attacker can manipulate the 'serial' parameter to execute arbitrary SQL commands. The exploitation ...
Discovered 18 hours ago
PoC for CVE-2025-4884
A vulnerability exists within the itSourceCode Restaurant Management System 1.0 that allows for SQL injection through the manipulation of parameters in the /admin/assign_save.php file. This security flaw enables attackers to execute unauthorized SQL code, potentially compromising the database and...
PoC for CVE-2025-4883
A stack-based buffer overflow vulnerability exists in the D-Link DI-8100 router within the ctxz_asp function of the /ctxz.asp file. The vulnerability can be exploited through manipulation of certain arguments, such as def, defTcp, defUdp, defIcmp, and defOther. This flaw enables an attacker to ex...
Discovered 19 hours ago
PoC for CVE-2025-4882
A SQL injection vulnerability has been identified in the itsourcecode Restaurant Management System version 1.0. The issue arises specifically in the file /admin/team_update.php, where improper handling of the 'team' argument allows an attacker to manipulate SQL queries. This vulnerability can be ...
PoC for CVE-2025-4881
A critical SQL injection vulnerability has been identified in the itsourcecode Restaurant Management System 1.0, specifically in the /admin/user_save.php file. By manipulating the username or name parameter, an attacker could execute arbitrary SQL queries, potentially compromising the integrity o...
Discovered 20 hours ago
PoC for CVE-2025-4880
A security vulnerability exists in PHPGurukul News Portal version 4.1, specifically involving the file /admin/aboutus.php. The vulnerability arises from improper handling of user-supplied input in the 'pagetitle' parameter, allowing an attacker to manipulate SQL queries executed by the applicatio...
PoC for CVE-2025-4875
A security flaw has been identified in the Campcodes Online Shopping Portal 1.0, particularly affecting the /forgot-password.php file. This vulnerability allows an attacker to manipulate the 'email' parameter, enabling SQL injection attacks. Such attacks can be executed remotely, posing a signifi...
Discovered 21 hours ago
PoC for CVE-2025-4874
A vulnerability exists in the PHPGurukul News Portal Project version 4.1, characterized by SQL injection in the /admin/contactus.php file. By manipulating the pagetitle argument, an attacker can execute unauthorized SQL commands, potentially leading to data exposure or unauthorized access to sens...
PoC for CVE-2025-4873
A vulnerability exists in the PHPGurukul News Portal 4.1 within the login component located at /admin/index.php. This flaw allows an attacker to manipulate the 'Username' argument, leading to a SQL injection attack. The issue can be exploited remotely, posing significant risks to the application'...
Discovered 22 hours ago
PoC for CVE-2025-4872
A remote buffer overflow vulnerability exists in the FreeFloat FTP Server 1.0, specifically within the CCC Command Handler component. This flaw can be exploited by attackers to execute arbitrary code, potentially leading to a complete compromise of the affected system. The exploit has been public...
PoC for CVE-2025-4871
A buffer overflow vulnerability has been identified in PCMan FTP Server version 2.0.7, specifically within the REST Command Handler component. This flaw permits attackers to manipulate processing details to execute crashes or arbitrary code execution. Remote exploitation of this vulnerability is ...
Discovered 23 hours ago
PoC for CVE-2025-4870
A vulnerability in itsourcecode Restaurant Management System 1.0 allows for potential SQL injection through manipulation of the 'menu' argument in the /admin/menu_save.php file. This flaw can be exploited remotely, posing a significant risk to the integrity of the underlying database. Attackers c...
PoC for CVE-2025-4869
A SQL injection vulnerability has been identified in the itsourcecode Restaurant Management System version 1.0. This issue arises from improper validation of the menu argument in the '/admin/member_update.php' file, allowing attackers to manipulate SQL queries. As a result, it is feasible for cyb...
Discovered 1 day ago
PoC for CVE-2025-4868
A vulnerability has been identified in the merikbest ecommerce-spring-reactjs product, specifically within the File Upload Endpoint at /api/v1/admin/. An attacker can exploit this flaw by manipulating the 'filename' parameter, potentially leading to unauthorized access to the file system and expo...
PoC for CVE-2025-4867
A denial of service vulnerability has been identified in the Tenda A15 router at the function formArpNerworkSet within the /goform/ArpNerworkSet file. This vulnerability can be exploited remotely, potentially causing disruptions to the router's service. The exploit details are publicly available,...
PoC for CVE-2025-4866
A significant code injection vulnerability has been identified in the weibocom rill-flow, specifically within its Management Console component. This flaw allows attackers to manipulate the application remotely, potentially leading to unauthorized code execution. Given that the exploit has been di...
PoC for CVE-2025-4865
A significant SQL injection vulnerability exists in the itsourcecode Restaurant Management System 1.0, specifically in the /admin/member_save.php file. This flaw allows attackers to manipulate the 'last' parameter, potentially leading to unauthorized access to sensitive data. Exploitation can be ...
PoC for CVE-2025-4864
A security flaw exists in the itsourcecode Restaurant Management System version 1.0 that allows remote attackers to exploit an SQL injection vulnerability via manipulated arguments in the /admin/finished.php file, potentially exposing sensitive data and compromising database integrity.
PoC for CVE-2025-4863
A SQL injection vulnerability exists in Advaya Softech's GEMS ERP Portal 2.1 that affects the /studentLogin/studentLogin.action endpoint. This weakness allows an attacker to manipulate the userId parameter, potentially leading to unauthorized access and data manipulation. The exploit can be execu...