Publicly Disclosed
PoC Exploits
🔴 Alway take caution when working with PoC Exploits 🔴
Discovered just now...
PoC for CVE-2024-0070
A vulnerability exists in a WordPress plugin that may allow unauthorized access or manipulation of sensitive data due to inadequate security measures. Users of this plugin should be aware of potential risks and review their configurations to ensure proper security protocols are in place.
PoC for CVE-2022-0847
A vulnerability exists in the Linux kernel related to improper initialization of the 'flags' member of the new pipe buffer structure. This absence of proper initialization in the copy_page_to_iter_pipe and push_pipe functions can result in the presence of stale values. As a consequence, an unpriv...
Discovered 2 hours ago
PoC for CVE-2026-2089
A vulnerability has been identified in the Online Class Record System by SourceCodester, where improper validation allows an attacker to manipulate the argument ID in the file /admin/subject/controller.php. This manipulation can lead to SQL injection, enabling remote exploitation. The details of ...
PoC for CVE-2026-2088
A security flaw has been identified in version 1.1 of PHPGurukul's Beauty Parlour Management System, specifically within the /admin/accepted-appointment.php file. An attacker can exploit this vulnerability by manipulating the 'delid' argument, enabling unauthorized SQL commands to be executed. Th...
Discovered 3 hours ago
PoC for CVE-2026-2087
An SQL injection vulnerability has been identified in the SourceCodester Online Class Record System version 1.0, specifically impacting the /admin/login.php file. This flaw allows an attacker to manipulate the user_email input, which can lead to unauthorized database access. The exploit can be in...
PoC for CVE-2026-2086
A buffer overflow vulnerability exists in the Management Interface of the UTT HiPER 810G product, specifically in the strcpy function of the /goform/formFireWall file. This issue allows an attacker to manipulate the GroupName argument, potentially leading to unauthorized access and control over t...
Discovered 5 hours ago
PoC for CVE-2026-2085
A command injection vulnerability has been identified in the D-Link DWR-M921 router, specifically within the USSD Configuration Endpoint function sub_419F20. This vulnerability is caused by improper handling of the 'ussdValue' argument, allowing attackers to execute arbitrary commands remotely. G...
PoC for CVE-2026-2084
A vulnerability has been detected in the D-Link DIR-823X router, specifically in the file /goform/set_language. This weakness can be exploited through a manipulation of the langSelection argument, enabling remote attackers to inject operating system commands. The public availability of exploit de...
Discovered 6 hours ago
PoC for CVE-2017-7494
Samba versions 3.5.0 up to 4.6.4, along with specific earlier releases, contain a serious vulnerability where a malicious client can upload a shared library to a writable share. This exploit allows the server to load and execute the uploaded file, leading to unauthorized control and potential dam...
PoC for CVE-2026-2083
A security flaw has been identified in version 1.0 of code-projects' Social Networking Site, specifically within the /delete_post.php file. This vulnerability occurs due to improper handling of the ID parameter, which allows remote attackers to execute SQL injection attacks. The exploit can lead ...
PoC for CVE-2017-7494
Samba versions 3.5.0 up to 4.6.4, along with specific earlier releases, contain a serious vulnerability where a malicious client can upload a shared library to a writable share. This exploit allows the server to load and execute the uploaded file, leading to unauthorized control and potential dam...
Discovered 7 hours ago
PoC for CVE-2026-2082
A vulnerability exists in the D-Link DIR-823X 250416 caused by improper handling of arguments in the /goform/set_mac_clone function. This weakness allows an attacker to manipulate the 'mac' argument, resulting in OS command injection. The vulnerability can be exploited remotely, potentially givin...
PoC for CVE-2026-2081
A critical OS command injection vulnerability has been identified in the D-Link DIR-823X router, specifically in the /goform/set_password function. This issue arises when the http_passwd argument is manipulated, allowing an attacker to execute arbitrary commands on the system. The vulnerability c...
Discovered 8 hours ago
PoC for CVE-2026-2080
A command injection vulnerability exists in the UTT HiPER 810 product, specifically affecting the setSysAdm function in the /goform/formUser file. By manipulating the argument passwd1, an attacker can execute arbitrary commands remotely. This exploit has been made public, raising concerns over it...
PoC for CVE-2026-2079
A vulnerability has been identified in the Yeqifu Warehouse application leading to improper authorization within the Menu Management functionality. Specifically, the flaw is located in the addMenu/updateMenu/deleteMenu methods of the MenuController.java file. This security issue allows remote att...
Discovered 9 hours ago
PoC for CVE-2026-2078
A vulnerability exists in the Yeqifu Warehouse's Permission Management component that allows an attacker to manipulate the addPermission, updatePermission, and deletePermission functions. This manipulation enables improper authorization, which attackers could exploit remotely. As the exploit is n...
PoC for CVE-2026-2077
A vulnerability has been identified in the YeQifu Warehouse that allows improper authorization due to weaknesses in the functionality of role management operations (addRole/updateRole/deleteRole) in the RoleController.java file. This issue could permit unauthorized remote access to sensitive func...
Discovered 10 hours ago
PoC for CVE-2026-2076
A vulnerability has been identified in Yeqifu Warehouse affecting its User Management Endpoint. The flaw exists within the addUser/updateUser/deleteUser functions in UserController.java, allowing for improper authorization. This issue can be exploited remotely, enabling unauthorized users to mani...
Discovered 11 hours ago
PoC for CVE-2025-15491
The Post Slides plugin for WordPress, up to version 1.0.1, is susceptible to a Local File Inclusion (LFI) vulnerability, which arises from improper validation of shortcode attributes. This allows authenticated users, including those with contributor roles or higher, to exploit this flaw by contro...
Discovered 12 hours ago
PoC for CVE-2026-2075
A security flaw exists in the Yeqifu Warehouse within the Role-Permission Binding Handler, specifically in the saveRolePermission function of RoleController.java. This vulnerability allows for improper access controls, making it possible for attackers to take advantage of this flaw remotely. The ...
Discovered 13 hours ago
PoC for CVE-2026-2074
A notable vulnerability exists in O2OA versions up to 9.0.0, specifically concerning a function within the HTTP POST Request Handler. This flaw allows for XML external entity reference, potentially enabling attackers to exploit the vulnerability remotely. With the exploit already available public...
PoC for CVE-2026-2073
A security flaw exists in the itsourcecode School Management System version 1.0, specifically within the file located at /ramonsys/user/index.php. This vulnerability arises from inadequate validation of the argument ID, which allows attackers to execute SQL injection attacks remotely. The exploit...
Discovered 14 hours ago
PoC for CVE-2026-25050
The Vendure open-source headless commerce platform has a vulnerability in the `NativeAuthenticationStrategy.authenticate()` method, which is susceptible to timing attacks. This flaw allows malicious actors to differentiate between valid and invalid usernames by exploiting the timing discrepancies...
Discovered 15 hours ago
PoC for CVE-2026-24061
The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...
Discovered 18 hours ago
PoC for CVE-2020-37079
Wing FTP Server versions prior to 6.2.7 are susceptible to a cross-site request forgery (CSRF) vulnerability within its web administration interface. This security flaw enables an attacker to create a malicious HTML page that triggers unintended actions, such as deleting administrative user accou...
PoC for CVE-2020-37171
The application TapinRadio 2.12.3 is vulnerable to a denial of service attack due to improper handling of the proxy username configuration. Local attackers may exploit this vulnerability by inputting 10,000 bytes of arbitrary data into the username field, leading to an application crash and disru...
PoC for CVE-2020-37170
In TapinRadio version 2.12.3, a denial of service vulnerability exists due to improper validation of the application proxy address configuration. Local attackers can exploit this weakness by injecting 3000 bytes of arbitrary data into the address field, which may lead to a crash of the applicatio...
PoC for CVE-2020-37165
AbsoluteTelnet 11.12 is vulnerable to a denial of service attack that can be exploited by a local attacker. By supplying an oversized license name, specifically a payload of up to 2500 characters, an attacker can trigger an application crash, leading to service disruption. This vulnerability high...
PoC for CVE-2020-37166
AbsoluteTelnet 11.12 is susceptible to a denial of service vulnerability in the SSH2 username input field. This flaw allows local attackers to exploit the application by overwriting the username field with a 1000-byte buffer, leading to application crashes and unresponsiveness. It is critical for...
PoC for CVE-2020-37164
AbsoluteTelnet 11.12 is susceptible to a denial of service vulnerability, allowing local attackers to crash the application. By inputting an oversized license name, attackers can send a payload of up to 2500 characters into the license entry field, leading to application instability and crashes. ...
PoC for CVE-2020-37163
QuickDate version 1.3.2 is susceptible to a SQL injection vulnerability that enables remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. This flaw permits the injection of UNION-based SQL queries, potentially giving attackers access to se...
PoC for CVE-2020-37162
Wedding Slideshow Studio 1.36 contains a vulnerability that allows an attacker to exploit a buffer overflow via the registration key input. This can be achieved by crafting a malicious payload of 1608 bytes that targets the application's stack memory, enabling the execution of arbitrary code. The...
PoC for CVE-2020-37159
Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability in its alarm scheduling feature, which can be exploited by attackers to execute arbitrary code by manipulating memory registers. By crafting a payload larger than 260 bytes, an attacker can overwrite critical registers, such as ...
PoC for CVE-2020-37161
Wedding Slideshow Studio version 1.36 is susceptible to a buffer overflow vulnerability that enables attackers to execute arbitrary code. By manipulating the registration name field with specially crafted input, an attacker can overwrite critical memory locations, which could lead to unauthorized...
PoC for CVE-2020-37160
SprintWork 2.3.1 presents multiple local privilege escalation vulnerabilities due to improper file, service, and folder permissions in Windows environments. Unprivileged local users can exploit these weaknesses, including missing executable files and misconfigured services, enabling them to creat...
PoC for CVE-2020-37157
The DBPower C300 HD Camera is susceptible to a configuration disclosure vulnerability that enables unauthorized users to access sensitive information. The flaw arises from an exposed configuration backup endpoint that can be accessed without authentication. By targeting the /tmpfs/config_backup.b...
PoC for CVE-2020-37155
Core FTP Lite 1.3 is susceptible to a buffer overflow vulnerability in the username input field. By supplying an oversized payload, such as a 7000-byte string of repeated 'A' characters, attackers can exploit this flaw to crash the application. This vulnerability does not require any additional i...
PoC for CVE-2020-37157
The DBPower C300 HD Camera is susceptible to a configuration disclosure vulnerability that enables unauthorized users to access sensitive information. The flaw arises from an exposed configuration backup endpoint that can be accessed without authentication. By targeting the /tmpfs/config_backup.b...
PoC for CVE-2020-37154
eLection 2.0 contains an authenticated SQL injection vulnerability within its candidate management endpoint. By manipulating the 'id' parameter, attackers can execute arbitrary SQL commands, potentially resulting in unauthorized data access or alterations. This flaw can be exploited using tools l...
PoC for CVE-2020-37154
eLection 2.0 contains an authenticated SQL injection vulnerability within its candidate management endpoint. By manipulating the 'id' parameter, attackers can execute arbitrary SQL commands, potentially resulting in unauthorized data access or alterations. This flaw can be exploited using tools l...
PoC for CVE-2020-37147
ATutor version 2.2.4 features a SQL injection vulnerability that exists within the admin user deletion page. This flaw permits authenticated users to manipulate SQL queries via the 'id' parameter in the admin_delete.php script. Attackers can leverage this vulnerability to inject harmful SQL comma...
PoC for CVE-2020-37146
The ACE Security WiP-90113 HD Camera is affected by a configuration disclosure vulnerability that enables attackers, without authentication, to access sensitive configuration files. By exploiting an endpoint vulnerability, attackers can send a GET request to /config_backup.bin, which allows them ...
PoC for CVE-2020-37135
AMSS++ 4.7 is vulnerable to an authentication bypass, enabling attackers to gain unauthorized access to administrative accounts by exploiting hardcoded credentials. Specifically, the default admin login details, ‘1234’ as both username and password, allow unauthorized users to access sensitive ad...
PoC for CVE-2020-37141
The AMSS++ application version 4.31 contains a SQL injection vulnerability within the mail module's maildetail.php script. This vulnerability arises due to improper handling of the 'id' parameter, allowing attackers to craft malicious SQL queries. By exploiting this flaw, attackers could gain una...
PoC for CVE-2020-37109
aSc TimeTables 2020.11.4 is vulnerable to a Denial of Service attack that can be exploited by an attacker through the manipulation of the Subject title field. By inputting an excessively long 1000-character string into this field, the attacker can cause the application to crash, resulting in pote...
PoC for CVE-2020-37122
SpotFTP-FTP Password Recover version 2.4.8 is susceptible to a denial of service attack due to a buffer overflow vulnerability. Attackers can exploit this weakness by providing a specially crafted registration code comprising 1000 'Z' characters, leading the application to crash. This vulnerabili...
PoC for CVE-2020-37106
The Business Live Chat Software 1.0 is susceptible to a cross-site request forgery (CSRF) vulnerability that permits attackers to alter user account roles without the need for proper authentication. By crafting a malicious HTML form, an attacker can send a POST request to modify user privileges, ...
PoC for CVE-2020-37107
Core FTP LE 2.2 is susceptible to a denial of service attack that can render the application inoperable. By exploiting this vulnerability, an attacker can enter an excessively large buffer into the account field, causing the application to freeze and necessitate reinstallation to restore function...
PoC for CVE-2020-37095
The Cyberoam Authentication Client version 2.1.2.7 is susceptible to a buffer overflow vulnerability, enabling remote attackers to exploit the 'Cyberoam Server Address' input field. By crafting malicious input, attackers can overwrite memory associated with the Structured Exception Handler (SEH),...
PoC for CVE-2026-2070
A buffer overflow vulnerability exists in the UTT 进取 520W router, specifically in the strcpy function located in the /goform/formPolicyRouteConf file. This flaw allows an attacker to manipulate the GroupName argument, potentially leading to unauthorized access and exploitation. The vulnerability ...