Publicly Disclosed
PoC Exploits

đź”´ Alway take caution when working with PoC Exploits đź”´

Discovered just now...

PoC for CVE-2026-23744

McpjamInspector🟣 EPSS 29%9.8CRITICAL
Remote Code Execution Vulnerability in MCPJam Inspector by MCP

MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...

Discovered 3 hours ago

PoC for CVE-2026-4538

PyTorchPytorch4.8MEDIUM
Deserialization Vulnerability in PyTorch 2.10.0

A vulnerability exists in PyTorch 2.10.0 within an unknown function of the pt2 Loading Handler, which can lead to deserialization issues. This flaw is exploitable from a local environment, allowing potential attackers to manipulate the deserialization process. Although the issue was highlighted e...

PoC for CVE-2026-4537

CudyTr12005.1MEDIUM
Command Injection Vulnerability in Cudy TR1200 Router

A command injection vulnerability exists in the Cudy TR1200 router within the 'action_ipsec_conn' function, specifically located in the '/usr/bin/lib/lua/luci/controller/ipsec.lua' file. This flaw allows attackers to execute arbitrary commands remotely by manipulating input parameters, thereby co...

Discovered 4 hours ago

PoC for CVE-2026-4535

TendaFh4518.7HIGH
Stack-Based Buffer Overflow Vulnerability in Tenda FH451 by Tenda

A stack-based buffer overflow vulnerability has been identified in the Tenda FH451 router, specifically within the WrlclientSet function located in the /goform/WrlclientSet file. This issue arises when an attacker manipulates the GO argument, allowing for remote code execution. Given that the exp...

PoC for CVE-2026-4534

TendaFh4518.7HIGH
Stack-based Buffer Overflow in Tenda FH451 Router

A stack-based buffer overflow vulnerability exists in the Tenda FH451 router, specifically within the formWrlExtraSet function located in the /goform/WrlExtraSet file. This flaw arises from improper handling of the GO argument, allowing remote attackers to exploit the device. Successful exploitat...

Discovered 5 hours ago

PoC for CVE-2026-33017

Langflow-aiLangflow9.3CRITICAL
Authentication Bypass in Langflow Tool for AI-Powered Workflows

Langflow, a tool for constructing and deploying AI-driven agents and workflows, is susceptible to a vulnerability in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint in versions before 1.9.0. This vulnerability enables an attacker to build public flows without authentication, leveraging ...

PoC for CVE-2026-4533

Code-projectsSimple Food Ordering S...5.3MEDIUM
SQL Injection Vulnerability in Code-Projects Simple Food Ordering S...

An SQL injection vulnerability has been identified in the Simple Food Ordering System version 1.0, specifically within the all-tickets.php file. The vulnerability arises when the argument 'Status' is manipulated, allowing attackers to execute arbitrary SQL queries against the database. This may r...

Discovered 6 hours ago

PoC for CVE-2026-4532

Code-projectsSimple Food Ordering S...6.9MEDIUM
Database Backup Handler Vulnerability in Simple Food Ordering Syste...

A security vulnerability has been identified in the Simple Food Ordering System, specifically affecting the Database Backup Handler component. This issue arises from a flaw in the file /food/sql/food.sql, allowing unauthorized access to files or directories. The vulnerability can be exploited rem...

Discovered 8 hours ago

PoC for CVE-2026-4530

ApconwAix-db4.8MEDIUM
SQL Injection Vulnerability in apconw Aix-DB Affected by Local Expl...

A security flaw has been identified in the apconw Aix-DB software, specifically affecting the functionality in the file agent/text2sql/rag/terminology_retriever.py. This vulnerability allows for SQL injection through manipulation of the 'Description' argument. The nature of the exploit necessitat...

PoC for CVE-2026-4529

D-linkDHP-13208.7HIGH
Stack-Based Buffer Overflow in D-Link DHP-1320 Router

A vulnerability exists in the D-Link DHP-1320 router, specifically in the SOAP Handler's redirect_count_down_page function. This vulnerability allows for remote exploitation, which could lead to a stack-based buffer overflow. The affected product version is no longer supported by the vendor, incr...

Discovered 9 hours ago

PoC for CVE-2026-1302

WordPressMeta-box Gallerymeta4.4MEDIUM
Stored Cross-Site Scripting Vulnerability in Meta-box GalleryMeta P...

The Meta-box GalleryMeta plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability that affects all versions up to and including 3.0.1. This issue arises from inadequate input sanitization and output escaping within the admin settings. Authenticated attackers with at leas...

PoC for CVE-2026-4528

TrueleafApiflow6.9MEDIUM
Server-Side Request Forgery Vulnerability in Trueleaf ApiFlow Product

A vulnerability has been identified in Trueleaf ApiFlow version 0.9.7 within the URL Validation Handler. The flaw resides in the validateUrlSecurity function found in the http_proxy.service.ts file, enabling malicious users to exploit this vulnerability for server-side request forgery. This could...

Discovered 10 hours ago

PoC for CVE-2026-25769

WazuhWazuh9.1CRITICAL
Remote Code Execution in Wazuh due to Untrusted Data Deserialization

Wazuh, a widely-used open-source platform for threat detection and response, exhibits a vulnerability that allows for Remote Code Execution due to faulty deserialization of untrusted data. This issue affects deployments utilizing cluster mode wherein an attacker can gain full control of the maste...

Discovered 14 hours ago

PoC for CVE-2026-33017

Langflow-aiLangflow9.3CRITICAL
Authentication Bypass in Langflow Tool for AI-Powered Workflows

Langflow, a tool for constructing and deploying AI-driven agents and workflows, is susceptible to a vulnerability in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint in versions before 1.9.0. This vulnerability enables an attacker to build public flows without authentication, leveraging ...

Discovered 16 hours ago

PoC for CVE-2019-25582

I-doitDoit Cmdb7.1HIGH
Arbitrary File Download in i-doit CMDB by i-doit GmbH

The i-doit CMDB version 1.12 contains a vulnerability that permits authenticated attackers to exploit an arbitrary file download issue via the 'file_manager' parameter in index.php. By crafting specific GET requests to index.php, attackers can manipulate the 'file' parameter to access sensitive f...

PoC for CVE-2019-25581

I-doitDoit Cmdb8.8HIGH
SQL Injection Vulnerability in i-doit CMDB by i-doit GmbH

The i-doit CMDB 1.12 software has a serious SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious payloads through the objGroupID parameter. Attackers can manipulate URL GET requests, sending crafted SQL queries...

PoC for CVE-2019-25580

OwndmsOwndms8.8HIGH
SQL Injection Vulnerability in ownDMS 4.7 by ownDMS

ownDMS 4.7 contains a vulnerability that permits unauthorized attackers to execute arbitrary SQL commands through manipulation of the IMG parameter. By sending carefully crafted GET requests to specific PHP files such as pdfstream.php or imagestream.php, attackers can exploit this weakness to ext...

PoC for CVE-2019-25578

PHPtransformerPHPtransformer8.8HIGH
SQL Injection Vulnerability in phpTransformer by phpTransformer

phpTransformer 2016.9 is susceptible to an SQL injection vulnerability that permits remote attackers to execute arbitrary SQL queries. By manipulating the idnews parameter in GET requests to GeneratePDF.php, attackers can craft SQL payloads, potentially leading to unauthorized access to sensitive...

PoC for CVE-2019-25579

PHPtransformerPHPtransformer8.7HIGH
Directory Traversal Vulnerability in phpTransformer by PHP Transformer

The phpTransformer version 2016.9 contains a directory traversal vulnerability, allowing unauthenticated attackers to exploit the path parameter. By manipulating this parameter and utilizing traversal sequences like ../../../../../../, attackers can send crafted requests to the jQueryFileUploadma...

PoC for CVE-2019-25577

SeotoasterSeotoaster Ecommerce6.8MEDIUM
Local File Inclusion Vulnerability in SeoToaster Ecommerce Product

SeoToaster Ecommerce 3.0.0 is susceptible to a local file inclusion flaw that enables authenticated attackers to access arbitrary files on the server. This vulnerability arises from the ability to manipulate path parameters in backend theme endpoints. By sending crafted POST requests to specified...

PoC for CVE-2019-25576

KeplerwallpapersKepler Wallpaper Script8.8HIGH
SQL Injection Vulnerability in Kepler Wallpaper Script by Kepler

The Kepler Wallpaper Script version 1.1 has been identified to contain a SQL injection vulnerability that permits unauthenticated attackers to interact with the database. By manipulating the 'category' parameter through crafted GET requests, attackers can introduce harmful SQL statements. This vu...

PoC for CVE-2019-25575

SourceforgeSimplepress Cms8.8HIGH
SQL Injection Vulnerability in SimplePress CMS by SimplePress

SimplePress CMS version 1.0.7 is vulnerable to SQL injection, enabling attackers to execute arbitrary SQL queries via the 'p' and 's' parameters in GET requests. This exposure allows unauthorized users to craft malicious payloads, potentially leading to the extraction of sensitive information fro...

PoC for CVE-2019-25574

GreencmsGreen Cms7.1HIGH
Path Traversal Vulnerability in Green CMS 2.x by Green CMS

Green CMS 2.x is vulnerable to a path traversal flaw, enabling authenticated attackers to manipulate file download mechanisms. By injecting directory traversal sequences via the theme_name parameter or using base64-encoded file paths, attackers can access and download sensitive files from directo...

PoC for CVE-2019-25573

GreencmsGreen Cms7.1HIGH
SQL Injection Vulnerability in Green CMS 2.x by Green CMS

Green CMS 2.x is vulnerable to SQL injection attacks that can be exploited by authenticated users. By maliciously manipulating the 'cat' parameter in HTTP GET requests directed at index.php with specific parameters, attackers can execute arbitrary SQL queries. This vulnerability allows them to ma...

PoC for CVE-2025-66034

FonttoolsFonttools6.3MEDIUM
Arbitrary File Write Vulnerability in fontTools Affects Remote Code...

The fontTools library, used for font manipulation in Python, contains an arbitrary file write vulnerability affecting versions from 4.33.0 to before 4.60.2. This flaw allows an attacker to execute remote code when a specially crafted .designspace file is processed through the fonttools varLib scr...

PoC for CVE-2026-4516

Foundation AgentsMetagpt5.3MEDIUM
Injection Vulnerability in Foundation Agents MetaGPT by Unknown Vendor

A significant injection vulnerability exists in Foundation Agents' MetaGPT before version 0.8.1, specifically within the unknown code of the file metagpt/actions/di/write_analysis_code.py, related to the DataInterpreter component. This flaw allows remote attackers to manipulate code execution, po...

Discovered 18 hours ago

PoC for CVE-2019-25572

NordvpnNordvpn6.9MEDIUM
Denial of Service Vulnerability in NordVPN by NordVPN

NordVPN version 6.19.6 is liable to a denial of service vulnerability that enables local attackers to disrupt the application by providing an excessively long input in the email field. Specifically, attackers can crash the application by inputting a string of up to 100,000 characters during the l...

PoC for CVE-2019-25570

RealtermRealterm: Serial Terminal6.8MEDIUM
Denial of Service Vulnerability in RealTerm Serial Terminal Software

RealTerm Serial Terminal version 2.0.0.70 is susceptible to a denial of service vulnerability triggered by the Port input field. Local attackers can exploit this flaw by entering an excessively long string, specifically 1000 characters. When the open button is clicked, the application crashes, re...

PoC for CVE-2019-25571

MediamonkeyMediamonkey6.9MEDIUM
Denial of Service Vulnerability in MediaMonkey by Ventis Media

MediaMonkey 4.1.23 has a vulnerability that enables local attackers to crash the application. This originates from a specially crafted MP3 file containing an excessively long URL string. When the malicious file is opened through the File > Open URL dialog, it triggers a crash due to the buffer be...

PoC for CVE-2019-25569

RealtermRealterm: Serial Terminal6.9MEDIUM
Stack-Based Buffer Overflow in RealTerm Serial Terminal by RealTerm

RealTerm Serial Terminal version 2.0.0.70 is susceptible to a stack-based buffer overflow vulnerability within the Echo Port field. This flaw enables local attackers to manipulate the application by injecting a specially crafted input string, which contains 268 bytes of padding and specific overw...

PoC for CVE-2019-25568

MemuplayMemu Play9.3CRITICAL
Insecure File Permissions in Memu Play by Microvirt

Memu Play version 6.0.7 is susceptible to an insecure file permissions vulnerability. This weakness allows low-privileged users to escalate their privileges by replacing the MemuService.exe executable in the installation directory with a malicious version. When the service is restarted after a re...

PoC for CVE-2019-25566

AcutesystemsTransmac6.9MEDIUM
Buffer Overflow Vulnerability in TransMac by Acute Systems

TransMac 12.3 is susceptible to a buffer overflow vulnerability within the volume name field, allowing local attackers to crash the application. By providing an excessively long string, such as a malicious file containing 1000 repeated characters, attackers can trigger the application to fail dur...

PoC for CVE-2019-25567

Valentina-dbValentina Studio6.9MEDIUM
Buffer Overflow Vulnerability in Valentina Studio by Valentina DB

Valentina Studio version 9.0.5 for Linux is susceptible to a buffer overflow vulnerability within the Host field of its connection dialog. This flaw allows local attackers to crash the application by submitting an excessively long input string, specifically one that exceeds 264 bytes. The vulnera...

PoC for CVE-2019-25565

MagicisoMagic Iso Maker6.9MEDIUM
Buffer Overflow Vulnerability in Magic Iso Maker by MagicISO

Magic Iso Maker version 5.5 build 281 is susceptible to a buffer overflow vulnerability located in the Serial Code registration field. This flaw allows local attackers to exploit the application by providing an excessively large input during the registration process. Specifically, an attacker can...

PoC for CVE-2019-25564

UvncPchelpwarev26.8MEDIUM
Denial of Service Vulnerability in PCHelpWareV2 by UVNC

The PCHelpWareV2 1.0.0.5 application is susceptible to a denial of service attack due to improper handling of input in the Group field. Local attackers can leverage this vulnerability by submitting an excessively long string into the Group property field, which can lead to an application crash. T...

PoC for CVE-2019-25563

UvncPchelpwarev26.9MEDIUM
Denial of Service Vulnerability in PCHelpWareV2 by UVNC

PCHelpWareV2 version 1.0.0.5 is susceptible to a denial of service vulnerability that allows local attackers to crash the application. This can be achieved by submitting a specially crafted BMP file with an oversized buffer while using the Create SC feature, leading to application instability. Pr...

PoC for CVE-2019-25562

JetaudioConvert Video Jetaudio6.8MEDIUM
Buffer Overflow Vulnerability in jetAudio by COWON

jetAudio version 8.1.7 has a vulnerability in its video converter component that allows local attackers to exploit a buffer overflow via the File Naming field. By submitting an oversized string, specifically a malicious buffer of 512 bytes, attackers can induce a crash of the application upon cli...

PoC for CVE-2019-25561

JetaudioLyric Maker6.9MEDIUM
Buffer Overflow in Lyric Maker Affects Local Users

Lyric Maker 2.0.1.0 is susceptible to a buffer overflow vulnerability that enables local attackers to create a denial of service condition. By inputting an excessively long string—up to 5000 bytes—in the Title field, an attacker can crash the application, rendering it unusable. This flaw highligh...

PoC for CVE-2019-25560

LyricvideocreatorLyric Video Creator8.7HIGH
Denial of Service Vulnerability in Lyric Video Creator by Lyric Vid...

Lyric Video Creator 2.1 is susceptible to a denial of service vulnerability arising from improper handling of malformed MP3 files. Attackers can exploit this flaw by crafting a specifically designed MP3 file that contains an oversized buffer. When the affected application processes this file, it ...

PoC for CVE-2019-25559

NsauditorSpotpaltalk6.8MEDIUM
Denial of Service Vulnerability in SpotPaltalk by Paltalk

SpotPaltalk 1.1.5 is vulnerable to a denial of service attack due to insufficient input validation in the registration code input field. An attacker can exploit this vulnerability by entering a string that exceeds the expected length, specifically by using a lengthy buffer of 1000 characters in t...

PoC for CVE-2019-25558

PixarraSelfie Studio6.9MEDIUM
Denial of Service Vulnerability in Selfie Studio by Pixarra

Selfie Studio 2.17 is susceptible to a denial of service attack via its Resize Image function. By inputting excessively long strings into the New Width or New Height fields, local attackers can exploit a buffer overflow, leading to a crash of the application. This vulnerability highlights the sig...

PoC for CVE-2019-25557

PixarraTwistedbrush Pro Studio6.9MEDIUM
Denial of Service Vulnerability in TwistedBrush Pro Studio by Pixarra

TwistedBrush Pro Studio 24.06 is susceptible to a denial of service vulnerability, which enables local attackers to crash the application by importing specially crafted .srp script files. An attacker can create a .srp file containing an excessively large buffer and import it through the Script Pl...

PoC for CVE-2019-25556

PixarraTwistedbrush Pro Studio6.9MEDIUM
Denial of Service Vulnerability in TwistedBrush Pro Studio by Pixarra

TwistedBrush Pro Studio 24.06 has a vulnerability in the Resize Image function that enables local attackers to induce a denial of service condition. By entering an excessively long buffer in the New Width or New Height field, attackers can cause a buffer overflow, leading to application crashes. ...

PoC for CVE-2019-25555

PixarraTwistedbrush Pro Studio6.9MEDIUM
Denial of Service Vulnerability in TwistedBrush Pro Studio by Pixarra

TwistedBrush Pro Studio 24.06 features a vulnerability within its Script Recorder component that could allow a local attacker to induce a denial of service. By providing an excessively large input, specifically a string with 500,000 characters, an attacker can effectively crash the application. T...

PoC for CVE-2019-25554

TomaboMp4 Converter6.8MEDIUM
Denial of Service Vulnerability in Tomabo MP4 Converter by Tomabo

Tomabo MP4 Converter version 3.25.22 is susceptible to a denial of service vulnerability that arises from improper handling of user input. Attackers can exploit this issue by entering an excessively long string into the Name field when configuring a preset in the Video/Audio Formats settings. If ...

PoC for CVE-2019-25553

Cewe-photoworldCewe Photo Importer6.9MEDIUM
Denial of Service Vulnerability in CEWE PHOTO IMPORTER by CEWE

CEWE PHOTO IMPORTER version 6.4.3 is susceptible to a denial of service attack, which can be executed by local attackers. By importing a specially crafted image file, an attacker can crash the application. This vulnerability is exploited through the import feature, where a malformed JPG file with...

PoC for CVE-2019-25552

Cewe-photoworldCewe Photo Show8.7HIGH
Denial of Service Vulnerability in CEWE PHOTO SHOW by CEWE

The CEWE PHOTO SHOW version 6.4.3 has a vulnerability that can lead to denial of service. By inputting an excessively lengthy string into the password field during the application upload process, an attacker can cause the application to crash. This vulnerability can be exploited by submitting a l...

PoC for CVE-2019-25551

SandboxieSandboxie6.9MEDIUM
Denial of Service Vulnerability in Sandboxie 5.30 by Sandboxie

Sandboxie 5.30 is vulnerable to a denial of service issue that allows local attackers to crash the application. By inputting an excessively long string—specifically, a buffer of 5000 characters—in the Program Alerts configuration field, an attacker can effectively trigger an application crash. Th...

PoC for CVE-2019-25550

VeryPDFEncrypt PDF6.9MEDIUM
Buffer Overflow Vulnerability in Encrypt PDF 2.3 by VeryPDF

Encrypt PDF 2.3 contains a vulnerability that enables local attackers to crash the application by entering excessively long strings in the password fields. Specifically, by inputting a 1000-byte buffer into either the User Password or Master Password fields in the application’s Settings dialog, a...

PoC for CVE-2019-25549

VeryPDFVeryPDF Pcl Converter6.9MEDIUM
Denial of Service Vulnerability in VeryPDF PCL Converter 2.7

VeryPDF PCL Converter 2.7 is susceptible to a denial of service attack that allows local users to cause the application to crash. This vulnerability is exploited by providing an exceptionally long password, specifically a 3000-byte string, within the PDF Security encryption settings. When process...