Publicly Disclosed
PoC Exploits
🔴 Alway take caution when working with PoC Exploits 🔴
Discovered just now...
PoC for CVE-2025-55182
A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...
PoC for CVE-2025-66680
A vulnerability exists in the WiseDelfile64.sys component of WiseCleaner Wise Force Deleter versions 7.3.2 and earlier, which allows attackers to execute crafted requests that can lead to unauthorized deletion of arbitrary files from the system. This issue poses a significant risk as it can compr...
PoC for CVE-2026-24418
OpenSTAManager, an open source tool for managing technical support and invoicing, contains a vulnerability in its Payment Schedule module. The application improperly validates array entries used in SQL queries, enabling attackers to execute malicious SQL commands. This could lead to unauthorized ...
PoC for CVE-2026-23918
A double free vulnerability has been identified in Apache HTTP Server that may lead to remote code execution, particularly concerning the HTTP/2 protocol. This issue affects version 2.4.66, and it is crucial for users to upgrade to version 2.4.67 to mitigate any potential security risks associate...
Discovered 32 minutes ago
PoC for CVE-2023-0386
A vulnerability exists in the Linux kernel's OverlayFS subsystem that enables a local user to gain unauthorized access to a setuid file with capabilities. This issue arises when a user copies a capable file from a nosuid mount to another mount, leading to potential privilege escalation. The uid m...
Discovered 3 hours ago
PoC for CVE-2026-13526
A security flaw exists within the SourceCodester Class and Exam Timetabling System version 1.0, specifically in the /edit_class.php file. This vulnerability allows an attacker to manipulate the argument ID, resulting in a SQL injection that can be exploited remotely. The risk of unauthorized acce...
PoC for CVE-2026-13525
A SQL injection vulnerability has been identified in the CodeAstro Human Resource Management System, specifically in the emselectByCode function located in the application/models/Employee_model.php file. This vulnerability permits an attacker to manipulate the emid argument, enabling remote explo...
Discovered 4 hours ago
PoC for CVE-2026-13524
A security vulnerability has been identified in CherryHQ's cherry-studio, specifically in the MCP OAuth Local Callback Server's handling of the OAuth callback. This issue affects versions up to 1.9.6, allowing remote attackers to manipulate authorization arguments. Exploiting this vulnerability p...
PoC for CVE-2026-13523
A vulnerability exists in the ISOBMFF Parser component of GPAC that can be exploited through local manipulation of highly compressed data. This issue, identified in the file src/utils/base_encoding.c, allows an attacker to execute an attack that may lead to uncontrolled resource consumption. The ...
PoC for CVE-2026-13521
A SQL injection vulnerability has been detected in the SourceCodester Class and Exam Timetabling System, specifically within the /preview5.php file. This vulnerability stems from improper handling of the 'course_year_section' argument, allowing remote attackers to manipulate SQL queries. As a res...
Discovered 5 hours ago
PoC for CVE-2026-13520
A SQL injection vulnerability exists in the itsourcecode Hospital Management System 1.0, specifically within the /appointmentapproval.php file of the Appointment Handler component. This issue arises due to improper handling of the 'editid' argument, allowing an attacker to manipulate SQL queries ...
PoC for CVE-2026-13519
A vulnerability exists in the Tenda JD12L router within the fromNatStaticSetting functionality of the /goform/NatStaticSetting file. The issue arises from improper handling of the argument 'page', which can lead to a stack-based buffer overflow. This vulnerability can be exploited remotely, allow...
Discovered 6 hours ago
PoC for CVE-2026-13516
A stack-based buffer overflow vulnerability has been identified in the Tenda JD12L router, specifically within the fromSetWifiGusetBasic function located in the /goform/WifiGuestSet file. An attacker can remotely execute this exploit by manipulating the 'shareSpeed' argument. The exploit is now p...
PoC for CVE-2026-13515
A security vulnerability has been identified in the Tenda JD12L router, specifically within the function formSetPPTPServer located in the /goform/SetPptpServerCfg file. This vulnerability arises from improper handling of the argument startIp, resulting in a stack-based buffer overflow. Attackers ...
PoC for CVE-2026-13514
A vulnerability has been identified in the Chess Play and Learn App on Android, specifically affecting versions up to 4.9.42. This issue arises from improper handling of the AndroidManifest.xml file within the application's component com.chess. Exploiting this vulnerability could lead to unauthor...
PoC for CVE-2026-13513
A security flaw has been identified in MyScaleDB, specifically in the SegmentId::getCacheKey function within the src/VectorIndex/Common/SegmentId.h library. This vulnerability leads to insufficient verification of data authenticity, allowing remote attackers to potentially exploit affected system...
Discovered 7 hours ago
PoC for CVE-2026-13512
A security flaw has been discovered in the Tenant Handler component of Databend, specifically within the ClientSessionManager::state_key function. This vulnerability enables unauthorized access by manipulating session states, effectively bypassing authorization checks. The issue is present in Dat...
PoC for CVE-2026-13511
An improper authorization vulnerability exists in the VoltAgent Memory REST API, specifically in the handleGetMemoryConversation function found in packages/server-core/src/handlers/memory.handlers.ts. By manipulating the conversationId argument, an attacker may exploit this issue remotely. Althou...
PoC for CVE-2026-13510
A vulnerability in the SimStudioAI sim product exposes an issue within the Password Protection Handler found in the library apps/sim/lib/core/security/deployment.ts. This weakness allows for manipulation that leads to the utilization of a weak hash for password protection. Remotely exploitable, t...
PoC for CVE-2026-13509
A path traversal vulnerability exists in the RAGapp Knowledge File Handler, affecting versions up to 0.1.5. The flaw resides in the 'FileHandler.upload_file' and 'FileHandler.remove_file' functions within the 'src/ragapp/backend/controllers/files.py' file. This vulnerability allows attackers to m...
Discovered 8 hours ago
PoC for CVE-2026-13508
A security flaw exists in the khoj-ai Khoj product affecting its conversation sharing handler. An issue has been identified in the file src/khoj/routers/api_chat.py, specifically within the handling of the argument conversation.agent. This vulnerability may allow unauthorized access and manipulat...
Discovered 10 hours ago
PoC for CVE-2026-27654
A vulnerability exists within the ngx_http_dav_module of NGINX Open Source and NGINX Plus that can be exploited to trigger a buffer overflow in the NGINX worker process. This scenario is possible when configuration files utilize the DAV module's MOVE or COPY methods combined with specific prefix ...
Discovered 13 hours ago
PoC for CVE-2026-41940
The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...
Discovered 14 hours ago
PoC for CVE-2026-13504
A cross site scripting vulnerability exists in code-projects Project Management System version 1.0, specifically within the /mail.php file used for the Mail Compose Page. This flaw allows attackers to manipulate the code remotely, potentially injecting malicious scripts that could compromise user...
PoC for CVE-2026-13503
A path traversal vulnerability exists in the getImportedVocabFile function of ANTLR4's TokenVocabParser.java, allowing attackers to manipulate file paths. This can potentially lead to unauthorized access to system files. The issue has been publicly disclosed, and remediation is crucial as it can ...
Discovered 15 hours ago
PoC for CVE-2026-13502
A time-of-check time-of-use vulnerability was discovered in the antlr ANTLR4 Maven Plugin, affecting versions up to 4.13.2. This flaw is located in the ObjectInputStream.readObject function within the GrammarDependencies.java file. It allows for potential local execution exploits due to improper ...
PoC for CVE-2026-13501
A security vulnerability has been identified in the antlr ANTLR4 tool, specifically within the GoTarget function found in the GoTarget.java file. This vulnerability is categorized as a command injection risk, allowing an attacker to execute arbitrary commands on the host system. The attack must o...
PoC for CVE-2026-13500
A vulnerability has been discovered in ANTLR4, specifically within the Grammar Action Block Handler component. The weakness resides in an unspecified function of the OutputFile.java file, allowing for potential code injection through manipulated input. This flaw can be exploited remotely, and fol...
Discovered 16 hours ago
PoC for CVE-2026-13499
A security flaw has been identified in the registration component of the yashpokharna2555 restaurant management system. An issue resides within the login_register.php file, where improper handling of the Username argument can lead to a Cross Site Scripting (XSS) vulnerability. This allows attacke...
PoC for CVE-2026-13498
A vulnerability has been detected in the Yashpokharna2555 Restaurant Management System, specifically within the forgotpassword.php file. This flaw in the POST Parameter Handler allows attackers to manipulate the 'email' parameter, leading to SQL injection vulnerabilities that can be exploited rem...
Discovered 17 hours ago
PoC for CVE-2026-13497
A vulnerability exists in the itsourcecode Hospital Management System version 1.0 that allows remote attackers to exploit an unknown function in the file /appointment.php. By manipulating the 'editid' argument, attackers can execute SQL injection attacks, potentially compromising the underlying d...
PoC for CVE-2026-13496
A significant SQL injection vulnerability exists in the itsourcecode Hospital Management System version 1.0, specifically within the /ajaxmedicine.php file. The issue arises from improper handling of the 'medicineid' parameter, allowing attackers to craft malicious SQL queries. This vulnerability...
PoC for CVE-2026-43503
A vulnerability has been identified in the Linux kernel's handling of shared fragment markers within the networking stack. Specifically, two functions responsible for fragment transfers fail to correctly propagate fragment flags when moving data between source and destination sockets. This oversi...
PoC for CVE-2026-13495
A vulnerability in the itsourcecode Hospital Management System allows for SQL injection through the manipulation of the 'loginid' parameter in the /adminprofile.php file. This issue can be exploited remotely, potentially compromising the integrity of the database and exposing sensitive informatio...
PoC for CVE-2026-13493
A vulnerability has been identified in AIDC-AI ComfyUI-Copilot versions up to 2.0.28, located in the Workflow Checkpoint Restore Handler's conversation_api.py file. This flaw enables an attacker to manipulate and improperly control resource identifiers, potentially leading to unauthorized access ...
Discovered 18 hours ago
PoC for CVE-2026-13491
A vulnerability has been identified in the 78 xiaozhi-esp32 product regarding the MQTT Goodbye Handler. It allows for remote exploitation, where manipulated arguments to the GetInstance function can lead to a denial of service. This exploit presents a significant risk as it is publicly available ...
Discovered 19 hours ago
PoC for CVE-2026-13489
A vulnerability has been identified in version 2.2.6 and earlier of the Xiaozhi-ESP32 product, specifically within the MCP Response Handler's ParseMessage function located in the main/mcp_server.cc file. This vulnerability leads to improper synchronization, which could be exploited remotely. Due ...
PoC for CVE-2026-13488
A notable security flaw has been identified in the SourceCodester Class and Exam Timetabling System, specifically within the /preview7.php file. This vulnerability allows for SQL injection through manipulation of the 'course_year_section' argument. Attackers can exploit this weakness remotely, le...
PoC for CVE-2026-13487
A vulnerability exists in the SourceCodester Class and Exam Timetabling System 1.0, specifically affecting an unprotected function in the /archive.php file. This flaw allows attackers to manipulate parameters, resulting in SQL injection exploits that can be initiated remotely. The potential for u...
Discovered 20 hours ago
PoC for CVE-2026-13486
A vulnerability exists in the SourceCodester Class and Exam Timetabling System that allows for SQL injection via the '/preview6.php' file. An attacker can exploit this by manipulating the 'course_year_section' parameter, enabling unauthorized database queries leading to the potential exposure of ...
PoC for CVE-2026-13485
A vulnerability exists in the SourceCodester Class and Exam Timetabling System 1.0 that allows remote attackers to execute SQL injection through the manipulation of the 'course_year_section' argument in the /preview.php file. This flaw can lead to unauthorized access to the database, potentially ...
Discovered 21 hours ago
PoC for CVE-2026-38751
OpenSTAManager versions up to and including 2.10 contain a vulnerability that allows an attacker to upload arbitrary files via the module update functionality. This flaw exists in the 'upload_modules.php' script, which does not adequately validate file uploads, potentially enabling unauthorized a...
PoC for CVE-2026-13484
A vulnerability exists in the MLflow's Experiment-scoped Label Schema CRUD API, allowing attackers to manipulate its functionality due to missing authorization checks. This issue can be exploited remotely, posing risks to data integrity. Despite the high complexity associated with the attack, the...
Discovered 1 day ago
PoC for CVE-2026-13483
A significant flaw has been identified in arc53's DocsGPT, specifically within the Credential Storage component. The vulnerability arises from the encrypt_credentials function in the application/security/encryption.py file. This issue permits insufficient verification of data authenticity, allowi...
PoC for CVE-2025-32432
Craft CMS, a customizable content management system, has a remote code execution vulnerability present in specific versions. Attackers could exploit this flaw to execute arbitrary code on the server, posing a significant security risk. The affected versions span from 3.0.0-RC1 to just before 3.9....
Discovered 2 days ago
PoC for CVE-2026-48907
A flaw in the JCE editor extension for Joomla permits unauthorized users to create new editor profiles. This malicious capability exposes the site to risks, including the ability to upload PHP code and execute it, potentially leading to a full compromise of the website security. Site administrato...
PoC for CVE-2026-43499
A vulnerability exists in the Linux kernel's rtmutex component where the remove_waiter() function incorrectly utilizes current instead of waiter::task during a dequeue operation within various mutex handling paths. This mismanagement leads to multiple issues, including potential use-after-free vu...
PoC for CVE-2026-46331
An issue exists in the Linux Kernel where improper handling of copy-on-write (COW) operations can lead to page cache corruption. This is due to the tcf_pedit_act() function, which computes the COW range without considering runtime header offsets added by typed keys. As a result, portions of the w...
PoC for CVE-2026-20251
A vulnerability exists in multiple versions of Splunk Enterprise and Cloud Platform, where low-privileged users can execute arbitrary code remotely via the Splunk Secure Gateway app. This flaw is due to unsafe deserialization of App Key Value Store (KV Store) data facilitated by the 'jsonpickle' ...
PoC for CVE-2026-10820
The Paid Membership Plugin for WordPress prior to version 4.16.17 is affected by an Insecure Direct Object Reference vulnerability. This flaw allows any authenticated user with Subscriber role or higher to cancel active subscriptions of other users without verifying ownership of the subscription....