Publicly Disclosed
PoC Exploits

🔴 Alway take caution when working with PoC Exploits 🔴

Discovered just now...

PoC for CVE-2026-40897

JosdejongMathjs8.8HIGH
JavaScript Math Library Vulnerability in Math.js Affects Users

A significant vulnerability has been identified in Math.js, a popular library for mathematics in JavaScript and Node.js. From versions 13.1.1 to earlier than 15.2.0, this vulnerability enables attackers to execute arbitrary JavaScript through the library's expression parser. Applications utilizin...

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

PoC for CVE-2025-0133

Palo Alto NetworksCloud Ngfw2.7LOW
Reflected XSS Vulnerability in Palo Alto Networks GlobalProtect PAN-OS

A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks' GlobalProtect gateway and portal features allows attackers to execute malicious JavaScript in the authenticated browser session of Captive Portal users. When users click on specifically crafted links, they may unknowingly...

Discovered 34 minutes ago

PoC for CVE-2026-0073

GoogleAndroid8.8HIGH
Logic Error in Wireless ADB Authentication in Android Products

A significant logic error in the adbd_tls_verify_cert function of auth.cpp in various Android versions permits a bypass of the wireless ADB mutual authentication process. This flaw can lead to unauthorized remote code execution by exploiting the vulnerability as the shell user without requiring a...

Discovered 46 minutes ago

PoC for CVE-2026-27944

0xjackyNginx-ui9.8CRITICAL
Authentication Bypass in Nginx UI Affects Nginx Web Server

Nginx UI, a web interface for the Nginx web server, has a critical security flaw where the /api/backup endpoint is accessible without authentication. This vulnerability allows unauthenticated attackers to retrieve a complete system backup that includes sensitive information such as user credentia...

Discovered 2 hours ago

PoC for CVE-2026-41940

WebprosCpanel🟣 EPSS 27%9.3CRITICAL
Authentication Bypass Vulnerability in cPanel and WHM

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

PoC for CVE-2026-0300

Palo Alto NetworksCloud Ngfw8.7HIGH
Buffer Overflow Vulnerability in Palo Alto Networks User-ID™ Authen...

A buffer overflow vulnerability exists within the User-ID™ Authentication Portal of Palo Alto Networks PAN-OS software. This flaw allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by manipulating specially crafted packets. To miti...

Discovered 5 hours ago

PoC for CVE-2026-23918

ApacheApache Http Server8.8HIGH
Double Free and Remote Code Execution Vulnerability in Apache HTTP ...

A double free vulnerability has been identified in Apache HTTP Server that may lead to remote code execution, particularly concerning the HTTP/2 protocol. This issue affects version 2.4.66, and it is crucial for users to upgrade to version 2.4.67 to mitigate any potential security risks associate...

Discovered 6 hours ago

PoC for CVE-2026-0073

GoogleAndroid8.8HIGH
Logic Error in Wireless ADB Authentication in Android Products

A significant logic error in the adbd_tls_verify_cert function of auth.cpp in various Android versions permits a bypass of the wireless ADB mutual authentication process. This flaw can lead to unauthorized remote code execution by exploiting the vulnerability as the shell user without requiring a...

Discovered 8 hours ago

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

Discovered 9 hours ago

PoC for CVE-2026-23918

ApacheApache Http Server8.8HIGH
Double Free and Remote Code Execution Vulnerability in Apache HTTP ...

A double free vulnerability has been identified in Apache HTTP Server that may lead to remote code execution, particularly concerning the HTTP/2 protocol. This issue affects version 2.4.66, and it is crucial for users to upgrade to version 2.4.67 to mitigate any potential security risks associate...

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

Discovered 13 hours ago

PoC for CVE-2026-8033

PicotronicaE-clinic Healthcare Sy...6.9MEDIUM
Information Disclosure Vulnerability in PicoTronica e-Clinic Health...

A vulnerability in the PicoTronica e-Clinic Healthcare System ECHS 5.7 has been identified, specifically affecting an undisclosed function of the file /cdemos/echs/api/v2/ within the Response Header Handler component. This flaw allows attackers to exploit the system remotely, leading to unauthori...

PoC for CVE-2026-32710

MariadbServer8.6HIGH
Unauthorized Access Vulnerability in MariaDB Server

An issue has been identified in the JSON_SCHEMA_VALID() function of MariaDB Server, which is derived from MySQL. This vulnerability allows authenticated users to crash versions 11.4 prior to 11.4.10 and 11.8 prior to 11.8.6 of MariaDB server. While under specific conditions, it could lead to remo...

PoC for CVE-2025-70149

CodeAstroMembership Management ...9.8CRITICAL
SQL Injection Vulnerability in CodeAstro Membership Management System

The CodeAstro Membership Management System version 1.0 is prone to an SQL Injection vulnerability via the ID parameter in print_membership_card.php. This flaw allows attackers to manipulate database queries by injecting arbitrary SQL code, potentially leading to unauthorized data access and manip...

Discovered 14 hours ago

PoC for CVE-2026-8032

PicotronicaE-clinic Healthcare Sy...6.9MEDIUM
Remote Credential Exposure in PicoTronica e-Clinic Healthcare System

A significant security flaw has been identified in the PicoTronica e-Clinic Healthcare System ECHS version 5.7, specifically linked to the /cdemos/echs/priv/echs.js file. This vulnerability allows an attacker to manipulate the ADMIN_KEY argument, leading to the exposure of hard-coded credentials....

PoC for CVE-2011-1249

MicrosoftWindows Server 2008
Privilege Escalation Vulnerability in Microsoft Windows Products

The Ancillary Function Driver (AFD) in various versions of Microsoft Windows does not execute proper validation of user-mode input. This flaw enables local users to escalate their privileges via specially crafted applications, potentially leading to unauthorized access to system resources. Affect...

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

Discovered 15 hours ago

PoC for CVE-2026-8031

PicotronicaE-clinic Healthcare Sy...6.9MEDIUM
Authentication Flaw in PicoTronica e-Clinic Healthcare System

A vulnerability exists in the PicoTronica e-Clinic Healthcare System ECHS 5.7 due to a flaw in the API Endpoint's patient records functionality. This security issue allows for missing authentication, which can be exploited remotely by an attacker. The vulnerability allows unauthorized access to s...

Discovered 16 hours ago

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

Discovered 17 hours ago

PoC for CVE-2020-1938

ApacheApache Tomcat🟣 EPSS 94%9.8CRITICAL
Apache Tomcat AJP Connector Insecure Configuration Vulnerability

The Apache JServ Protocol (AJP) Connector in Apache Tomcat allowed for misconfigured connections that could be exploited by attackers. By default, the AJP Connector is enabled, listening on all configured IP addresses. This elevated trust can lead to unauthorized access and manipulation of files ...

Discovered 18 hours ago

PoC for CVE-2026-41940

WebprosCpanel🟣 EPSS 27%9.3CRITICAL
Authentication Bypass Vulnerability in cPanel and WHM

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

PoC for CVE-2026-8028

FlowiseaiFlowise6.3MEDIUM
Information Disclosure Vulnerability in FlowiseAI Flowise by Flowise

A vulnerability exists in FlowiseAI Flowise versions up to 3.0.12 that impacts the 'verify' function located in the account.service.ts file within the Endpoint component. This flaw enables attackers to manipulate requests, potentially leading to unauthorized access to sensitive information. The c...

Discovered 19 hours ago

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

Discovered 20 hours ago

PoC for CVE-2026-23918

ApacheApache Http Server8.8HIGH
Double Free and Remote Code Execution Vulnerability in Apache HTTP ...

A double free vulnerability has been identified in Apache HTTP Server that may lead to remote code execution, particularly concerning the HTTP/2 protocol. This issue affects version 2.4.66, and it is crucial for users to upgrade to version 2.4.67 to mitigate any potential security risks associate...

PoC for CVE-2026-39363

VitejsVite8.2HIGH
WebSocket Vulnerability in Vite Frontend Framework

A vulnerability in the Vite frontend tooling framework allows unauthorized access to arbitrary files on the server. If an attacker connects to the Vite development server's WebSocket without an Origin header, they can exploit the custom WebSocket event 'vite:invoke' to retrieve file contents as J...

Discovered 22 hours ago

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

Discovered 1 day ago

PoC for CVE-2026-41940

WebprosCpanel🟣 EPSS 27%9.3CRITICAL
Authentication Bypass Vulnerability in cPanel and WHM

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

PoC for CVE-2026-29000

Pac4jPac4j-jwt9.3CRITICAL
Authentication Bypass in JwtAuthenticator of pac4j-jwt by pac4j

The pac4j-jwt library's JwtAuthenticator prior to versions 4.5.9, 5.7.9, and 6.3.3 is susceptible to an authentication bypass that could allow remote adversaries to create forged authentication tokens. By leveraging the server's RSA public key, attackers are able to craft a JWE-wrapped PlainJWT w...

PoC for CVE-2026-0073

GoogleAndroid8.8HIGH
Logic Error in Wireless ADB Authentication in Android Products

A significant logic error in the adbd_tls_verify_cert function of auth.cpp in various Android versions permits a bypass of the wireless ADB mutual authentication process. This flaw can lead to unauthorized remote code execution by exploiting the vulnerability as the shell user without requiring a...

PoC for CVE-2025-21333

MicrosoftWindows 10 Version 21h2🟣 EPSS 82%7.8HIGH
Elevated Privilege Exposure in Windows Hyper-V by Microsoft

A vulnerability has been identified in Windows Hyper-V, specifically related to the NT Kernel Integration Virtual Service Provider (VSP). This flaw allows an attacker to gain elevated privileges through carefully crafted input, potentially leading to unauthorized access and control over the host ...

PoC for CVE-2026-26128

MicrosoftWindows 10 Version 16077.8HIGH
Improper Authentication in Windows SMB Server by Microsoft

A vulnerability in Windows SMB Server allows authorized attackers to exploit improper authentication mechanisms, enabling them to elevate their privileges locally. This weakness can be leveraged to gain unauthorized access and control over sensitive resources within the affected system, presentin...

PoC for CVE-2026-7482

OllamaOllama8.8HIGH
Heap Out-of-Bounds Read Vulnerability in Ollama by Ollama

The Ollama application is susceptible to a heap out-of-bounds read vulnerability within its GGUF model loader. This issue arises when the /api/create endpoint processes an attacker-defined GGUF file where the tensor offset and size exceed the file’s actual length. During quantization, the server ...

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

PoC for CVE-2022-22963

VmwareSpring Cloud Function🟣 EPSS 94%9.8CRITICAL
Remote Code Execution Vulnerability in Spring Cloud Function by VMware

In certain versions of Spring Cloud Function, an attacker can exploit the routing functionality through a specially crafted Spring Expression Language (SpEL) as a routing-expression. This misconfiguration may allow unauthorized access to local resources and the execution of arbitrary code, posing...

Discovered 2 days ago

PoC for CVE-2026-41950

LanggeniusDify6MEDIUM
Authorization Bypass Vulnerability in Dify by LangGenius

An authorization bypass vulnerability exists in Dify prior to version 1.14.0, enabling authenticated users to read files uploaded by other users within the same tenant. By supplying arbitrary file UUIDs in a chat-messages request, attackers can exploit inadequate permission checks in the chat-mes...

PoC for CVE-2026-23918

ApacheApache Http Server8.8HIGH
Double Free and Remote Code Execution Vulnerability in Apache HTTP ...

A double free vulnerability has been identified in Apache HTTP Server that may lead to remote code execution, particularly concerning the HTTP/2 protocol. This issue affects version 2.4.66, and it is crucial for users to upgrade to version 2.4.67 to mitigate any potential security risks associate...

PoC for CVE-2026-31431

LinuxLinux7.8HIGH
Vulnerability in Linux Kernel Affecting Crypto Operations

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

PoC for CVE-2026-7857

D-linkDi-81008.6HIGH
Buffer Overflow Vulnerability in D-Link DI-8100 Router

The D-Link DI-8100 router contains a vulnerability in the sprintf function located within the /user_group.asp file of the CGI Handler component. This vulnerability allows an attacker to execute a buffer overflow, potentially leading to unauthorized actions on the device. The attack can be initiat...

PoC for CVE-2026-7856

D-linkDi-81008.6HIGH
Buffer Overflow Vulnerability in D-Link DI-8100 Web Management Inte...

A flaw in D-Link DI-8100 version 16.07.26A1 has been identified within the web management interface at /url_member.asp. A vulnerability exists that allows remote attackers to manipulate the 'Name' argument, resulting in a buffer overflow. This may enable unauthorized access and exploitation, maki...

PoC for CVE-2026-23918

ApacheApache Http Server8.8HIGH
Double Free and Remote Code Execution Vulnerability in Apache HTTP ...

A double free vulnerability has been identified in Apache HTTP Server that may lead to remote code execution, particularly concerning the HTTP/2 protocol. This issue affects version 2.4.66, and it is crucial for users to upgrade to version 2.4.67 to mitigate any potential security risks associate...

PoC for CVE-2026-7855

D-linkDi-81008.7HIGH
Buffer Overflow Vulnerability in D-Link DI-8100 HTTP Request Handler

A buffer overflow vulnerability exists in the D-Link DI-8100, particularly within the tggl_asp function of the /tggl.asp file in the HTTP Request Handler. Attackers can manipulate the argument 'Name' to trigger this overflow, potentially leading to remote exploitation. The exploit has been made p...

PoC for CVE-2026-7854

D-linkDi-81009.3CRITICAL
Buffer Overflow Vulnerability in D-Link DI-8100 Router

A buffer overflow vulnerability has been identified in the D-Link DI-8100 router, specifically within the url_rule_asp function located in the /url_rule.asp file of the POST Parameter Handler. This vulnerability allows attackers to manipulate input parameters that could potentially lead to unauth...

PoC for CVE-2026-7853

D-linkDi-81009.3CRITICAL
Buffer Overflow in D-Link DI-8100 Affects HTTP Handler Functionality

A vulnerability exists in the D-Link DI-8100 router's HTTP handler, specifically in the 'sprintf' function within the '/auto_reboot.asp' file. The flaw arises from improper handling of input parameters, which can lead to a buffer overflow condition. An attacker can exploit this vulnerability remo...

PoC for CVE-2026-7851

D-linkDi-81008.6HIGH
Stack-based Buffer Overflow in D-Link DI-8100 Router

A stack-based buffer overflow vulnerability has been identified in the D-Link DI-8100 router, specifically in the sprintf function within the yyxz.asp file. This vulnerability arises from improper handling of the ID argument, allowing an attacker to execute arbitrary code remotely. Exploits for t...

PoC for CVE-2026-7847

Chatchat-spaceLangchain-chatchat2.1LOW
Insufficient Randomness in File Upload Handler of Langchain-Chatcha...

A vulnerability exists in the Uploaded File Handler of Langchain-Chatchat, impacting versions up to 0.3.1.3. Specifically, the issue lies within the _get_file_id function in the openai_routes.py file, where manipulation can lead to the use of insufficiently random values. This flaw necessitates a...