Publicly Disclosed
PoC Exploits
🔴 Alway take caution when working with PoC Exploits 🔴
Discovered 2 hours ago
PoC for CVE-2022-36804
The Atlassian Bitbucket Server and Data Center is susceptible to remote code execution via multiple API endpoints. This vulnerability allows remote attackers with read permissions to either public or private repositories to execute arbitrary code by sending carefully crafted HTTP requests. The is...
Discovered 5 hours ago
PoC for CVE-2025-71275
The Zimbra Collaboration Suite (ZCS) version 8.8.15 has a command injection vulnerability in the PostJournal service. This flaw allows unauthenticated attackers to execute arbitrary system commands through improper sanitization of the RCPT TO parameter, which can be exploited via SMTP injection. ...
Discovered 8 hours ago
PoC for CVE-2021-33044
A vulnerability affecting various Dahua security devices allows attackers to bypass the authentication mechanism during the login process. By crafting malicious data packets, attackers can exploit this flaw to gain unauthorized access to sensitive device functionalities, potentially compromising ...
PoC for CVE-2025-55182
A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...
Discovered 9 hours ago
PoC for CVE-2019-25647
In PhreeBooks ERP version 5.2.3, a security flaw in the image manager allows authenticated users to bypass file extension controls and upload arbitrary PHP files. This vulnerability can be exploited to execute malicious scripts on the server, enabling attackers to establish reverse shell connecti...
PoC for CVE-2019-25646
Tabs Mail Carrier version 2.5.1 is susceptible to a buffer overflow vulnerability that arises from the MAIL FROM SMTP command. By sending a specially crafted MAIL FROM parameter, remote attackers could gain control of the affected system. This is accomplished through connecting to the SMTP servic...
PoC for CVE-2019-25645
The WinAVI iPod/3GP/MP4/PSP Converter version 4.4.2 is susceptible to a denial of service issue. Local attackers can exploit this vulnerability by crafting malformed AVI files that trigger an application crash when processed. By using an oversized buffer loaded through the Convert to iPhone funct...
PoC for CVE-2019-25644
WinMPG Video Convert versions 9.3.5 and earlier are susceptible to a buffer overflow vulnerability within the registration dialog. This flaw allows local attackers to disrupt the application's functionality by entering excessively large inputs, specifically exceeding 6000 bytes, into the Name and...
PoC for CVE-2019-25643
The eNdonesia Portal version 8.7 is susceptible to multiple SQL injection vulnerabilities, which can be exploited by unauthenticated attackers. By crafting specific GET requests that include malicious code injected through the 'bid' parameter in the 'banners.php' script, malicious users can execu...
PoC for CVE-2019-25642
Bootstrapy CMS is susceptible to multiple SQL injection vulnerabilities, enabling unauthenticated attackers to run arbitrary SQL queries by exploiting vulnerabilities in various POST parameters. Key areas of concern include the thread_id parameter in 'forum-thread.php', the subject parameter in '...
PoC for CVE-2019-25641
The Vlog System developed by Netartmedia is susceptible to an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL code through the email parameter in the forgotten_password module. By sending specially crafted POST requests to index.php, an attacker can extr...
PoC for CVE-2019-25640
Inout Article Base CMS is affected by SQL injection vulnerabilities that permit unauthenticated attackers to manipulate database queries by leveraging the 'p' and 'u' parameters. By injecting specifically crafted XOR-based payloads via GET requests to portalLogin.php, attackers can extract sensit...
PoC for CVE-2019-25639
Matrimony Website Script M-Plus is susceptible to multiple SQL injection vulnerabilities that can be exploited by unauthenticated attackers. By injecting malicious SQL code through various POST parameters such as txtGender, religion, Fage, and cboCountry, attackers can exploit various pages inclu...
PoC for CVE-2019-25637
X-NetStat Pro 5.63 is susceptible to a local buffer overflow vulnerability that enables local attackers to execute arbitrary code. By manipulating a 264-byte buffer, an attacker could overwrite the EIP register, allowing them to inject and execute shellcode within the application. This vulnerabil...
PoC for CVE-2019-25638
The Meeplace Business Review Script is vulnerable to SQL injection through the 'id' parameter in the addclick.php endpoint. This security flaw allows attackers, without authentication, to craft GET requests that exploit the SQL logic processing, potentially enabling them to execute arbitrary SQL ...
PoC for CVE-2019-25636
Zeeways Jobsite CMS has a vulnerability that allows unauthenticated attackers to exploit SQL injection through the 'id' GET parameter. By manipulating this parameter in requests to specified pages like news_details.php, jobs_details.php, or job_cmp_details.php, attackers can execute malicious SQL...
PoC for CVE-2019-25635
Zeeways Matrimony CMS presents multiple SQL injection vulnerabilities that could be exploited by unauthenticated attackers through the profile_list endpoint. By manipulating input parameters such as up_cast, s_mother, and s_religion, attackers can execute arbitrary SQL code. This may lead to unau...
PoC for CVE-2019-25633
AIDA64 Extreme version 5.99.4900 is vulnerable to a structured exception handling buffer overflow, allowing local attackers to execute arbitrary code. This vulnerability can be exploited by providing malicious input through the application's email preferences and report wizard. Attackers can inje...
PoC for CVE-2019-25634
The Base64 Decoder version 1.1.2 exhibits a stack-based buffer overflow vulnerability that can be exploited by local attackers. By crafting a malicious input file, an attacker can trigger an overwrite of the structured exception handler (SEH) chain. This leads to the possibility of executing arbi...
PoC for CVE-2019-25632
phpFileManager version 1.7.8 is susceptible to a local file inclusion (LFI) vulnerability. This security flaw allows unauthenticated attackers to gain access to sensitive files on the server by exploiting the 'action', 'fm_current_dir', and 'filename' parameters in GET requests to 'index.php'. By...
PoC for CVE-2019-25631
AIDA64 Business 5.99.4900 is susceptible to a structured exception handling (SEH) buffer overflow vulnerability. This flaw allows local attackers to potentially execute arbitrary code by manipulating SEH pointers through crafted input. Attackers can exploit this issue via the SMTP display name fi...
PoC for CVE-2019-25630
PhreeBooks ERP version 5.2.3 has a vulnerability in the Image Manager component, which allows authenticated users to exploit an arbitrary file upload fault. By manipulating the requests sent to the image upload endpoint, attackers can upload malicious files, such as PHP scripts, through the 'imgF...
PoC for CVE-2019-25628
Download Accelerator Plus version 10.0.6.0 contains a serious buffer overflow vulnerability in its structured exception handler. This security flaw permits remote attackers to execute arbitrary code by exploiting crafted URLs designed to overflow the application's buffer. When a user imports such...
PoC for CVE-2019-25629
The AIDA64 Extreme 5.99.4900 version contains a vulnerability in its logging functionality, which is susceptible to a structured exception handler buffer overflow. This allows local attackers to execute arbitrary code by supplying a malicious path to a CSV log file. By leveraging the Hardware Mon...
PoC for CVE-2019-25627
FlexHEX 2.71 has a local buffer overflow vulnerability in the Stream Name field, allowing local attackers to exploit it by triggering a structured exception handler (SEH) overflow. By crafting a specially formatted text file that includes aligned shellcode and SEH chain pointers, attackers can ex...
PoC for CVE-2019-25626
The local buffer overflow vulnerability in River Past Cam Do 3.7.6 allows local attackers to execute arbitrary code. By supplying a crafted activation code string, an attacker can manipulate a buffer that leads to code execution through the activation dialog. Specifically, attackers can provide a...
Discovered 16 hours ago
PoC for CVE-2026-4632
A security flaw has been discovered in the itsourcecode Online Enrollment System version 1.0. This vulnerability resides in the /sms/user/index.php?view=add file, specifically affecting the parameter handling mechanism. By manipulating the 'Name' argument, an attacker could execute a SQL injectio...
Discovered 17 hours ago
PoC for CVE-2024-46879
A Reflected Cross-Site Scripting (XSS) vulnerability is present in the POST request data zipPath of tiki-admin_system.php in Tiki version 21.2. This flaw permits attackers to inject and execute arbitrary JavaScript code through specially crafted input, which can lead to unauthorized interactions ...
PoC for CVE-2024-46878
A Cross-Site Scripting (XSS) vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier, enabling attackers to execute arbitrary JavaScript code. This exploit can lead to unauthorized access to sensitive information or unauthorized actions, posing significant...
PoC for CVE-2026-23744
MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...
Discovered 18 hours ago
PoC for CVE-2026-4626
A Cross Site Scripting (XSS) vulnerability has been identified in the projectworlds Lawyer Management System version 1.0, affecting an unspecified function within the file /lawyer_booking.php. The vulnerability arises from improper handling of the 'Description' parameter, which allows attackers t...
PoC for CVE-2026-4625
A vulnerability has been identified in the SourceCodester Online Admission System version 1.0, specifically in the 'programmes.php' file. This flaw allows an attacker to manipulate the 'program' argument, leading to a SQL injection scenario. This issue can be exploited remotely, allowing unauthor...
PoC for CVE-2026-4624
A SQL injection vulnerability has been identified in the SourceCodester Online Library Management System version 1.0. The issue arises from an insufficiently validated input within an unspecified function of the file /home.php related to the Parameter Handler component. Attackers can manipulate t...
Discovered 19 hours ago
PoC for CVE-2026-4623
A vulnerability has been discovered in the DefaultFuction Jeson-Customer-Relationship-Management-System, specifically within the API Module located at /api/System.php. This vulnerability allows an attacker to manipulate the 'url' parameter, potentially leading to server-side request forgery (SSRF...
Discovered 20 hours ago
PoC for CVE-2026-4617
A security weakness has been identified in the SourceCodester Patients Waiting Area Queue Management System version 1.0, specifically within the ValidateToken function located in /php/api_patient_checkin.php. This vulnerability allows unauthorized manipulation of the Patient Check-In Module, maki...
Discovered 21 hours ago
PoC for CVE-2026-4615
A SQL injection vulnerability exists in the SourceCodester Online Catering Reservation 1.0 application, specifically within the /search.php file. The flaw allows attackers to manipulate the 'rcode' argument, potentially leading to unauthorized database access and data manipulation. This vulnerabi...
PoC for CVE-2026-4614
A vulnerability has been identified in the itsourcecode 'sanitize or validate this input' product, specifically within the Parameter Handler component located in the /admin/subjects.php file. This privilege can be exploited through manipulation of the argument subject_code, which results in SQL i...
PoC for CVE-2026-4613
A security issue has been identified in SourceCodester E-Commerce Site version 1.0, specifically within the /products.php file. This vulnerability allows for SQL injection via the manipulation of the Search argument, which can be exploited remotely by attackers. The public disclosure of this expl...
Discovered 23 hours ago
PoC for CVE-2026-4612
A SQL injection vulnerability exists in the itsourcecode Free Hotel Reservation System version 1.0, specifically within the file /hotel/admin/mod_users/index.php?view=edit&id=8. This vulnerability arises when the argument account_id is manipulated, allowing attackers to execute arbitrary SQL quer...
Discovered 1 day ago
PoC for CVE-2026-4597
A security flaw has been identified in the Stream Proxy Query Handler of the wvp-GB28181-pro product, specifically involving the selectAll function in StreamProxyProvider.java. This vulnerability enables SQL injection attacks, which can be executed remotely, providing attackers the ability to man...
PoC for CVE-2026-25253
An identified vulnerability in OpenClaw products before version 2026.1.29 allows the software to retrieve a gateway URL from a query string. This triggers an automatic WebSocket connection, which then sends a sensitive token value without user interaction. This flaw may expose users to unauthoriz...
PoC for CVE-2026-4596
A cross-site scripting (XSS) vulnerability has been identified in Projectworlds Lawyer Management System version 1.0, specifically affecting the processing of parameters in the /lawyers.php file. This vulnerability allows remote attackers to inject malicious scripts via the 'first_Name' argument,...
PoC for CVE-2026-32852
A reflected cross-site scripting vulnerability exists in MailEnable versions prior to 10.55, affecting its webmail interface. This security flaw allows remote attackers to execute arbitrary JavaScript in a victim's browser. By crafting a malicious URL with an exploited StartDate parameter in the ...
PoC for CVE-2026-4595
A cross-site scripting (XSS) vulnerability has been identified within the Exam Form Submission 1.0 product from Code-Projects. This vulnerability is related to improper handling of the 'sname' argument within the /admin/update_s6.php file, potentially allowing remote attackers to inject malicious...
PoC for CVE-2026-25075
strongSwan versions ranging from 4.5.0 up to 6.0.4 are impacted by an integer underflow vulnerability in the EAP-TTLS AVP parser. This flaw enables unauthenticated remote attackers to disrupt service by submitting specially crafted AVP data with erroneous length fields during IKEv2 authentication...
PoC for CVE-2026-4594
A vulnerability has been identified in the Erupt Framework's EruptJpaUtils.java file, specifically within the geneEruptHqlOrderBy function. This flaw allows attackers to manipulate the sort.field argument, potentially leading to SQL injection attacks through an improperly validated input. The vul...
PoC for CVE-2026-4593
A significant vulnerability has been identified in the Erupt MCP Tool Interface, specifically within the EruptDataQuery function located in EruptDataQuery.java. This flaw allows for SQL injection via improper input validation, enabling remote attackers to manipulate database queries. The exploit ...
PoC for CVE-2019-25625
Blob Studio version 2.17 is susceptible to a denial of service vulnerability, which can be exploited by local attackers. By supplying malformed input through the key entry mechanism, an attacker can create a text file filled with excessively repeated characters. When this file is accessed by the ...
PoC for CVE-2019-25624
Liquid Studio 2.17 is affected by a denial of service vulnerability that enables local attackers to crash the application through malformed input via the keyboard interface. When arbitrary characters are entered during the application's runtime, it can lead to the application becoming unresponsiv...
PoC for CVE-2019-25622
Paint Studio version 2.17 is susceptible to a denial of service vulnerability that allows local attackers to crash the application. By providing malformed input through the key entry mechanism, attackers can create a specially crafted text file that causes the application to consume excessive res...