Publicly Disclosed
PoC Exploits
🔴 Alway take caution when working with PoC Exploits 🔴
Discovered just now...
PoC for CVE-2025-29927
A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...
Discovered 1 hour ago
PoC for CVE-2025-2752
A vulnerability has been identified in Open Asset Import Library Assimp, specifically in version 5.4.3, under the function fast_atoreal_move located in include/assimp/fast_atof.h. This flaw permits an out-of-bounds read, which can potentially be exploited through remote attacks. Public disclosure...
Discovered 2 hours ago
PoC for CVE-2025-2751
A vulnerability has been identified in the Open Asset Import Library (Assimp) version 5.4.3, specifically in the CSM File Handler component's InternReadFile function. This vulnerability arises from improper handling of the 'na' argument, leading to an out-of-bounds read condition. The flaw can be...
PoC for CVE-2025-2750
A vulnerability exists in Open Asset Import Library Assimp version 5.4.3, specifically within the Assimp::CSMImporter::InternReadFile function located in CSM File Handler's CSMLoader.cpp. This flaw allows for out-of-bounds write operations that could be exploited remotely, potentially leading to ...
PoC for CVE-2025-2744
A vulnerability has been identified in the Material Upload Interface of zhijiantianya Ruoyi-Vue-Pro version 2.4.1, specifically within the file /admin-api/mp/material/upload-news-image. This flaw allows attackers to manipulate the File argument, leading to potential path traversal exploits. The n...
PoC for CVE-2025-2743
A path traversal vulnerability exists in the Material Upload Interface of the ruoyi-vue-pro version 2.4.1. The flaw allows attackers to manipulate the File argument in the /admin-api/mp/material/upload-temporary endpoint, potentially leading to unauthorized file access or deletion. This attack ca...
PoC for CVE-2025-1974
A security issue in the Kubernetes platform allows an unauthenticated attacker with access to the pod network to execute arbitrary code within the context of the ingress-nginx controller. This vulnerability poses serious security risks, as it can potentially expose sensitive secrets accessible to...
PoC for CVE-2025-29927
A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...
Discovered 3 hours ago
PoC for CVE-2025-2742
A vulnerability discovered in the zhijiantianya ruoyi-vue-pro product allows remote attackers to manipulate the argument 'File' in the Material Upload Interface. This manipulation may lead to unauthorized access and path traversal, potentially enabling attackers to access sensitive files on the s...
PoC for CVE-2025-2740
A security vulnerability has been identified in the PHPGurukul Old Age Home Management System version 1.0, specifically in the file /admin/eligibility.php. This vulnerability arises from improper handling of user input in the argument 'pagetitle', which can be exploited via a SQL injection attack...
PoC for CVE-2025-0717
This vulnerability allows attackers to inject malicious scripts into web pages viewed by users, exploiting weaknesses in the input validation within the eCommerce plugin for WordPress. If exploited, this could lead to the execution of arbitrary JavaScript code in the context of the user's session...
PoC for CVE-2025-1452
The Favorites WordPress plugin versions prior to 2.3.5 are vulnerable due to insufficient sanitization and escaping of certain settings. This flaw allows high privilege users, including administrators, to execute Stored Cross-Site Scripting (XSS) attacks, regardless of the unfiltered_html capabil...
PoC for CVE-2025-1798
This vulnerability arises from insufficient sanitization and escaping of certain parameters during page output, which could allow unauthenticated users to execute stored Cross-Site Scripting (XSS) attacks. If exploited, attackers can manipulate user sessions, deliver malicious payloads, or intera...
PoC for CVE-2024-13618
The AOA Downloadable plugin for WordPress versions up to 0.1.0 has a security weakness due to improper authorization and authentication on its download.php endpoint. This vulnerability enables malicious actors to send requests to arbitrary URLs without the need for user authentication, potentiall...
PoC for CVE-2024-9770
The WP-Recall plugin for WordPress prior to version 16.26.12 contains a vulnerability that allows attackers to execute SQL injection attacks. This occurs due to a failure to properly sanitize and escape user-supplied input in SQL statements. Consequently, administrators could be manipulated into ...
PoC for CVE-2024-13617
The aoa-downloadable WordPress plugin versions up to 0.1.0 contains a security flaw that fails to properly validate parameters in its download function. This lack of validation allows unauthenticated attackers to exploit the vulnerability and download arbitrary files from the server, potentially ...
PoC for CVE-2024-13863
The Stylish Google Sheet Reader plugin for WordPress versions prior to 4.1 contains a vulnerability where user-supplied input is not properly sanitized or escaped before being rendered on the web page. This oversight can lead to Reflected Cross-Site Scripting (XSS) attacks, allowing malicious act...
PoC for CVE-2024-13122
The AFI WordPress plugin prior to version 1.100.0 lacks proper sanitization and escaping measures for certain settings, which may permit high privilege users, including administrators, to execute Stored Cross-Site Scripting (XSS) attacks. This vulnerability poses a risk even in environments where...
PoC for CVE-2024-13123
The AFI WordPress plugin fails to adequately sanitize and escape certain settings, enabling users with elevated privileges, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks. This vulnerability poses a significant risk in configurations where the unfiltered_html capabil...
PoC for CVE-2024-12769
The Simple Banner plugin for WordPress, versions prior to 3.0.4, fails to properly sanitize and escape certain configuration settings. This oversight permits users with elevated privileges, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks. Even in multisite environment...
PoC for CVE-2024-13118
The IP Based Login plugin for WordPress, prior to version 2.4.1, is susceptible to Cross-Site Request Forgery (CSRF) attacks. This vulnerability arises from the absence of adequate CSRF checks, allowing attackers to exploit legitimate user sessions and perform unauthorized actions on behalf of lo...
PoC for CVE-2024-12682
The Smart Maintenance Mode plugin for WordPress, prior to version 1.5.2, has a security flaw that allows high privilege users, such as administrators, to execute stored cross-site scripting (XSS) attacks. This vulnerability arises from the plugin's failure to properly sanitize and escape certain ...
PoC for CVE-2024-12109
A vulnerability exists in the Product Labels for Woocommerce (Sale Badges) plugin, where it fails to properly sanitize and escape a specific parameter used in SQL statements. This oversight can be exploited by administrators to conduct SQL injection attacks, potentially leading to unauthorized da...
PoC for CVE-2025-2739
A vulnerability exists in PHPGurukul's Old Age Home Management System, version 1.0, specifically in the processing of the file /admin/manage-services.php. An attacker can exploit this weakness by manipulating the 'sertitle' parameter, leading to unauthorized SQL injection attacks. This allows for...
PoC for CVE-2024-11273
The Contact Form & SMTP Plugin for WordPress by PirateForms versions earlier than 2.6.0 does not adequately sanitize and escape certain settings. This lack of proper validation enables high privilege users, like administrators, to execute Stored Cross-Site Scripting (XSS) attacks, compromising se...
PoC for CVE-2024-11503
The WP Tabs WordPress plugin, prior to version 2.2.7, fails to adequately sanitize and escape certain settings. This shortcoming enables high privilege users, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks, even in scenarios where the unfiltered_html capability is re...
PoC for CVE-2024-10679
The Quiz and Survey Master plugin for WordPress, prior to version 9.2.1, fails to properly sanitize and escape certain settings. This oversight enables users with elevated privileges, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks, even if the unfiltered_html capabil...
PoC for CVE-2024-10703
A security vulnerability exists in the Events Calendar plugin for WordPress, where insufficient sanitization and escaping of certain settings allow high privilege users, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks. This vulnerability can compromise the security of...
PoC for CVE-2024-11272
The Contact Form & SMTP Plugin for WordPress by PirateForms prior to version 2.6.0 is susceptible to stored cross-site scripting attacks. The vulnerability arises due to the failure to properly sanitize and escape certain settings, allowing high-privilege users, such as administrators, to exploit...
PoC for CVE-2024-10638
The Product Labels For Woocommerce (Sale Badges) plugin for WordPress prior to version 1.5.11 is susceptible to SQL injection due to improper sanitization and escaping of input parameters in SQL statements. This vulnerability enables an attacker with administrative privileges to execute arbitrary...
PoC for CVE-2024-10566
The Slider by 10Web WordPress plugin prior to version 1.2.62 has a vulnerability due to improper sanitization and escaping of certain settings. This flaw permits high privilege users, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks. Even in configurations where the un...
PoC for CVE-2025-2738
A vulnerability has been discovered in PHPGurukul's Old Age Home Management System version 1.0, which allows remote attackers to manipulate the 'namesc' parameter within the file '/admin/manage-scdetails.php'. This manipulation can lead to SQL injection, potentially compromising the database and ...
PoC for CVE-2024-10565
The Slider by 10Web plugin for WordPress prior to version 1.2.62 contains a vulnerability due to insufficient sanitization and escaping of certain settings. This flaw allows users with high privileges, such as administrators, to exploit the vulnerability and launch Stored Cross-Site Scripting (XS...
PoC for CVE-2024-10560
The Form Maker plugin developed by 10Web for WordPress prior to version 1.15.30 contains a serious vulnerability due to inadequate sanitization and escaping of certain settings. This oversight permits high-privilege users, such as administrators, to carry out Stored Cross-Site Scripting (XSS) att...
PoC for CVE-2024-10554
The WP-Advanced-Search plugin for WordPress versions prior to 3.3.9.3 contains a vulnerability where it fails to properly sanitize and escape certain settings. This oversight could result in high privilege users, specifically admins, being able to execute Stored Cross-Site Scripting (XSS) attacks...
PoC for CVE-2024-10472
The Stylish Price List plugin for WordPress prior to version 7.1.12 has a serious security flaw that fails to properly sanitize and escape certain settings. This vulnerability may allow high privilege users, such as contributors, to execute Stored Cross-Site Scripting (XSS) attacks, even when the...
PoC for CVE-2024-10105
The Job Postings plugin for WordPress, specifically versions prior to 2.7.11, is susceptible to a stored cross-site scripting vulnerability. This arises due to insufficient sanitization and escaping of certain settings, allowing high privilege users, such as contributors, to execute harmful scrip...
Discovered 4 hours ago
PoC for CVE-2025-2737
A significant SQL injection vulnerability has been identified in the PHPGurukul Old Age Home Management System version 1.0. The flaw resides in the 'pagetitle' parameter within the '/admin/contactus.php' file, allowing attackers to manipulate this argument to execute arbitrary SQL commands. This ...
PoC for CVE-2025-2736
A vulnerability exists in the PHPGurukul Old Age Home Management System version 1.0, specifically within the /admin/bwdates-report-details.php file. This vulnerability allows for SQL injection through the manipulation of the 'fromdate' argument, which could lead to unauthorized access to the data...
PoC for CVE-2025-2735
An SQL injection vulnerability has been identified in the PHPGurukul Old Age Home Management System version 1.0. This issue arises from the manipulation of the 'sertitle' argument within the /admin/add-services.php file. As a result, unauthorized users could execute remote attacks by exploiting t...
Discovered 5 hours ago
PoC for CVE-2025-2734
An SQL injection vulnerability has been identified in the PHPGurukul Old Age Home Management System, specifically in the '/admin/aboutus.php' file. This vulnerability arises from improper handling of user input in the 'pagetitle' parameter, allowing attackers to execute malicious SQL queries remo...
PoC for CVE-2025-2733
A significant OS command injection vulnerability exists in the OpenManus application, specifically affecting the Prompt Handler component within the python_execute.py file. This flaw may be exploited remotely, allowing attackers to execute arbitrary commands on the host system. Despite attempts t...
PoC for CVE-2025-29927
A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...
PoC for CVE-2025-2732
A security vulnerability exists in several H3C Magic devices that allows an attacker to execute arbitrary commands through improper handling of HTTP POST requests in the /api/wizard/getWifiNeighbour endpoint. This could allow unauthorized remote control, potentially leading to various malicious a...
PoC for CVE-2025-24813
Apache Tomcat is affected by a security vulnerability that allows attackers to exploit path equivalence issues. If certain conditions are met, such as having write permissions enabled for the default servlet and supporting partial PUT uploads, attackers can potentially execute remote code or disc...
Discovered 6 hours ago
PoC for CVE-2025-2731
A command injection vulnerability exists in the H3C Magic product line, including models NX15, NX30 Pro, NX400, R3010, and BE18000, up to version V100R014. The issue is associated with the /api/wizard/getDualbandSync endpoint of the HTTP POST Request Handler component. This weakness allows attack...
PoC for CVE-2025-2730
A command injection vulnerability exists in the H3C Magic NX15, NX30 Pro, NX400, R3010, and BE18000 devices through the /api/wizard/getssidname endpoint of the HTTP POST Request Handler. This flaw allows an unauthorized user to execute arbitrary commands remotely. Public disclosure of this exploi...
PoC for CVE-2025-2729
A vulnerability exists within the HTTP POST Request Handler of certain H3C Magic routers, specifically affecting networkSetup API calls. This flaw allows an attacker to execute arbitrary commands on the devices remotely, potentially compromising network integrity and confidentiality. The vendor h...
Discovered 7 hours ago
PoC for CVE-2025-2727
A significant vulnerability in the H3C Magic NX30 Pro router allows attackers to exploit the HTTP POST Request Handler within the /api/wizard/getNetworkStatus endpoint. This vulnerability enables remote attackers to execute arbitrary commands on the device, potentially compromising its integrity ...
PoC for CVE-2025-2726
A command injection vulnerability exists in specific H3C Magic products, which involves the HTTP POST Request Handler component's file /api/esps. This flaw can be exploited remotely, allowing attackers to execute arbitrary commands. The issue affects multiple models, including NX15, NX30 Pro, NX4...