### Summary QQBot pre-dispatch slash commands could skip allowFrom checks. In affected versions, a QQBot sender able to invoke slash commands could dispatch the command before applying the configured allowFrom policy. This advisory is scoped to the named feature and configuration. It does not change OpenClaw's trusted-operator model: authenticated Gateway operators, installed plugins, and intentional local execution surfaces remain trusted unless a separate policy, approval, allowlist, sandbox, or auth boundary is crossed. ### Impact When the affected feature is enabled and reachable, this could trigger command handling from a sender that policy should have blocked. Practical impact depends on the operator's configuration and whether lower-trust input can reach that path. ### Patched Versions The first stable patched version is `2026.4.27`. ### Mitigations restrict QQBot slash command exposure until patched. As general hardening, keep channel and tool allowlists narrow, avoid sharing one Gateway between mutually untrusted users, and disable the affected feature when it is not needed.
PoC: redtail-ioc
IOCs and a read-only triage checklist from a real Linux root compromise: RedTail miner, XorDDoS persistence, MoneroOcean miner, DirtyFrag LPE (CVE-2026-43284/43500). CC0.
PoC: CVE-2023-4861-PoC
Proof of Concept for CVE-2023-4861 in Filester
PoC: oppo-ghostlock
OPPO Find N2 GhostLock (CVE-2026-43499) exploit adaptation
PoC: yellowkey-bitlocker
yellow key bitlocker yellow screen bitlocker bitlocker recovery key CVE-2026-45585 microsoft account secure boot bypass command prompt windows 11 windows 10 surface pro uefi firmware encryption key data recovery troubleshoot boot loop cmd unlock drive setup guide tutorial
PoC: CVE-2026-53571
CVE-2026-53571 `server.fs.deny` bypass on Windows alternate paths PoC.
PoC: CVE-2026-54520
CVE-2026-54520 / GHSA-cm8g-8jfq-887p: ai-agent-automation workflow path traversal advisory landing page
PoC: CVE-2026-54519
CVE-2026-54519 / GHSA-qv97-83w4-ff86: ai-agent-automation memory authorization advisory landing page
PoC: CVE-2026-50181
CVE-2026-50181 / GHSA-fg23-3346-88f5: Langroid path traversal advisory landing page
PoC: CVE-2026-50131
CVE-2026-50131 / GHSA-xw9q-2mv6-9fr8: Fedify incomplete SSRF mitigation advisory landing page
PoC: CVE-2026-53359-Kernel-Fix
Linux 内核升级指南 - 修复 CVE-2026-53359
PoC: cisco-CVE-2023-31488
Cisco Email Security Appliance: Email to zero-click RCE as root - Remote Code Execution/Memory Corruption/ROP-chain
PoC: cisco-CVE-2023-20075
Cisco Email Security Appliance: Local Privilege Escalation and Shell Escape
PoC: cisco-CVE-2023-20009
Cisco Email Security Appliance: Remote Code Execution - RCE from config file
PoC: proofpoint-CVE-2023-0090
Proofpoint Email Gateway: Unauthenticated RCE
PoC: proofpoint-CVE-2023-0089
Proofpoint Email Gateway: Low level authenticated user to admin RCE
PoC: CVE-2026-42980-POC
CVE-2026-42980 PUBLIC EXPLOIT + RESEARCH
PoC: CVE-2026-50980
oPnael DNS-Based Cross-Site Scripting (XSS) & Session Hijacking
PoC: CVE-2026-50979
oPanel Authanticated Remote Code Execution via 'advenced/curl' Component
PoC: reactorwatch-pentest
☢️ ReactorWatch v3.2.1 — Nuclear Reactor Core Monitoring System Pentest | CVE-2025-55182 (React2Shell) Unauthenticated RCE → SQLite Exfil → MD5 Crack → SSH Pivot → CDP Root Escalation | CVSS 10.0 | AMN SECURITY
PoC: CVE-2026-46331
A Proof of Concept (PoC) exploit for CVE-2026-46331
PoC: CVE-2026-56423-MISP-deleteSelection-BrokenAccessControl
PoC for CVE-2026-56423: MISP deleteSelection broken access control (CWE-862, contributor hard-deletes other orgs' Event Reports/Sharing Groups, CVSS 8.8)
PoC: ghostlink-writeup
Ghostlink HTB — Full Chain AD + Gogs Exploitation | MQTT → NTLM Relay → Path Traversal → CVE-2025-8110 → ADCS ESC11 → DCSync | AMN SECURITY
PoC: cve-2025-22457
Altay takımı haftalık sunumu için yaptığım cve-2025-22457 zafiyeti demo uygulaması
PoC: CVE-2026-41089-LongLogon
CVE-2026-41089 checker: unauthenticated, non-destructive detection for the Netlogon CLDAP stack buffer overflow (CVSS 9.8). Reports whether a domain controller's domain is long enough to crash, without sending the overflow. The binary-verified analysis the public PoCs got wrong.
PoC: CVE-2026-29519-Lucee-Reflected-XSS
Proof of Concept for Reflected XSS in Lucee CFML (CVE-2026-29519)
PoC: CVE-2026-49230-APISIX-jwe-decrypt-Auth-Bypass
PoC for CVE-2026-49230: Apache APISIX jwe-decrypt authentication bypass (missing AES-GCM tag validation, CWE-354, CVSS 9.1)
PoC: CVE-2026-48908-joomla-sp-page-builder-detection
Laboratory validation of CVE-2026-48908 in Joomla SP Page Builder, covering unauthorized icon upload, PHP file write, code execution as www-data, auditd and PCAP evidence, event timeline reconstruction, and SOC detection recommendations. Includes Polish and English reports.
PoC: CVE-2026-61343-poc-librebooking-rce
Librebooking Admin RCE PoC CVE-2026-61343
PoC: CVE-2025-43782
OpenSSL TLS handshake buffer overflow
PoC: LVM-Januscape
CVE-2026-53359漏洞补丁
PoC: CVE-2026-57517-CWP
Control Web Panel (CWP) vulnerability scenario related to CVE-2026-57517
PoC: react2shell
PoC for CVE-2025-55182 React2Shell
PoC: CVE-2026-56876-POC
Offical PoC for this cve
PoC: CVE-2017-15715-httpd
whs 4기 컨테이너 과제
PoC: CVE-2026-8037-POC
包括能执行的命令探测和一键getshell(需要服务器部署服务)
PoC: WHS4_CVE-2021-4034
Whitehat School 4기 CVE-2021-4034 분석 및 POC 작성
PoC: CVE-2026-40473
Reproducer for CVE-2026-40473: Apache Camel camel-mina MinaConverter.toObjectInput unsafe deserialization (RCE over TCP/UDP)
PoC: -linx-server-vulnerability-report
Public disclosure for CVE-2026-52100 (CSRF) & CVE-2026-52101 (SSRF) in linx-server. MITRE assigned the CVEs; this repo provides a public reference and helps affected users understand the risk.
PoC: CVE-2026-4257
CVE-2026-4257 - Contact Form by Supsystic <= 1.7.36 # SSTI to RCE
PoC: CentOS7_CVE-2021-3712_Remediation
Production Ready Steps for Remediating a openssl CVE(https://nvd.nist.gov/vuln/detail/cve-2021-3712) on EOL CentOS7 box
PoC: H2-database-CVE-2022-23221
vulhub/H2-database/CVE-2022-23221
PoC: Ubiquiti-CVE
CVE-2026-50746... - Draft
PoC: CVE-2026-43499
CVE-2026-43499
PoC: TwoMillion-HTB-Write-up
Write-up completo de la máquina TwoMillion de Hack The Box. Enumeración web, explotación de API, escalada a admin, inyección de comandos (RCE), reverse shell y escalada a root mediante CVE-2023-0386 (OverlayFS + FUSE). Técnicas de pentesting aplicadas en un entorno controlado.
PoC: CVE-2026-40453
Reproducer for CVE-2026-40453: Apache Camel case-variant Camel header injection (incomplete fix of CVE-2025-27636)
PoC: CVE-2026-44825-Apache-Solr-Scanner
Apache Solr instances that may be affected by CVE-2026-44825, related to Velocity Template Remote Code Execution (RCE) conditions.
PoC: CVE-2026-40048
Reproducer for CVE-2026-40048: Apache Camel camel-pqc FileBasedKeyLifecycleManager unsafe deserialization (RCE)
PoC: CVE-2026-38526
Automated exploit for Krayin CRM ≤ 2.2.x.
PoC: CVE-2021-40346
WHS CVE-2021-40346 분석
PoC: CVE-2026-27495
Proof-of-concept exploit and lab environment for CVE-2026-27495
PoC: CVE-2026-35204
CVE-2026-35204 PoC
PoC: tetragon-dirtyfrag
Blocking the DirtyFrag Linux LPE chain (CVE-2026-43284 / CVE-2026-43500) at runtime with a Cilium Tetragon TracingPolicy | kills the exploit at the kernel-module autoload step. Tested on RHEL 9.8 (kernel 5.14) and Ubuntu 24.04 (kernel 6.8). Policy, lab notes, and evidence.
PoC: CVE-2026-35204
CVE-2026-35204 PoC
PoC: CVE-2026-34197
Poc for CVE-2026-34197
PoC: CVE-2026-40047
Reproducer for CVE-2026-40047: Apache Camel camel-docling CLI argument injection / path traversal
PoC: cve-2026-25262-sm8450-research
CVE-2026-25262 applicability to Snapdragon 8 Gen 1 — experimental results
PoC: mcp-doorman
A lightweight mcp to prevent poisoning CVE (CVE-2025-54136), researchers hijacking Claude Code/Copilot/Gemini via prompt injection, and hundreds of MCP servers exposed with zero auth, this mcp protects the individual developer's laptop, where most MCP servers actually run.
PoC: CVE-2025-55182
Exploit for CVE-2025-55182
PoC: CVE-2021-21974
自研针对ESXI 堆栈溢出的CVE-2021-21974 POC,只支持项目给出的的目标和环境,用于学习和研究
PoC: CVE-2026-43499
CVE-2026-43499 - Draft
PoC: CVE-2026-56290
CVE-2026-56290 - Mass Exploit for Joomla Com_pagebuilderck component (Unrestricted File Upload → RCE). Multi-threaded, automatic CSRF bypass, PHP shell uploader.
PoC: ScannerBadEpoll
Verificador de Vulnerabilidad: Bad Epoll (CVE-2026-46242)
PoC: CVE-2026-0257-GlobalProtect-Bypass
CVE-2026-0257 - Palo Alto PAN-OS GlobalProtect Auth Override Cookie Forgery - PoC & Analysis | CVSS 9.1 CRITICAL CISA KEV | AMN SECURITY
PoC: CVE-2026-49777-WooCommerce-RCE
CVE-2026-49777 - WooCommerce Product Slider Pro Malicious Software Implantation RCE - PoC & Analysis | CVSS 10.0 CRITICAL | AMN SECURITY
PoC: CVE-2026-8206-Kirki-WP
CVE-2026-8206 - Kirki WordPress Plugin Unauthenticated Account Takeover - PoC & Analysis | CVSS 9.8 CRITICAL | AMN SECURITY
PoC: CVE-2026-42271-LiteLLM-RCE
CVE-2026-42271 - LiteLLM AI Gateway MCP Command Injection RCE - PoC & Analysis | CVSS 8.8 | AMN SECURITY
PoC: CVE-2026-45659-SharePoint-RCE
CVE-2026-45659 - Microsoft SharePoint Deserialization RCE - PoC & Analysis | CVSS 8.8 | AMN SECURITY
PoC: CVE-2026-8451-CitrixBleed
CVE-2026-8451 - Citrix NetScaler SAML Memory Overread (CitrixBleed) - PoC & Analysis | CVSS 8.8 | AMN SECURITY
PoC: cve-2026-48282-coldfusion-rds-detection
Laboratory validation of CVE-2026-48282 in Adobe ColdFusion RDS, covering arbitrary CFM file write, code execution as the ColdFusion service user, auditd and PCAP evidence, event timeline reconstruction, and SOC detection recommendations. Includes Polish and English reports.
PoC: cve-2026-20896-gitea-poc
CVE-2026-20896 Gitea Docker X-WEBAUTH-USER auth bypass checker
PoC: CVE-2026-12277
Frontend File Manager Plugin (WordPress) <= 23.6 - Unauthenticated Arbitrary File Deletion to RCE
PoC: CVE-2019-9978-Social-Warfare-WordPress-RCE
A complete walkthrough and exploit for CVE-2019-9978 - Unauthenticated Remote Code Execution in Social Warfare WordPress plugin ≤ 3.5.2. Includes vulnerable code analysis and payload examples.
PoC: CVE-2026-36214
Stored Cross-Site Scripting (XSS) in osTicket via Vulnerable Bootstrap Tooltip Component
PoC: VTIGER-CRM-RCE-CVE-2026-23698
Vtiger CRM 8.3.0, 8.4.0 Module Import Authenticated RCE PoC
PoC: VTIGER-CRM-RCE-CVE-2026-23697
Vtiger CRM 8.3.0 Authenticated RCE via .phar Upload
PoC: Whisper_Bully
Two-stage Bluetooth DoS attack on Fast Pair devices via CVE-2025-36911
PoC: CVE-2022-46364
Python POC, Exploit for CVE-2022-46364
PoC: RedTeamBrasil-CVE-2025-64459
NEO-SQLi — exploit Django _connector SQL Injection (CVE-2025-64459) | canal RedTeam Brasil
PoC: dasel-cve-exercise
Melange packaging and apko image for Dasel v3.3.1 with a backported fix for CVE-2026-33320.
PoC: CVE-2026-48611-phpBB
Bypass Authentication
PoC: CVE-2026-6300-PoC
This is a Proof-of-Concept for the Blink CSS UAF vulnerability tracked as CVE-2026-6300.
PoC: CVE-2026-39492
CVE-2026-39492 — WP Maps (wp-google-map-plugin) <= 4.9.1 Unauthenticated Blind SQL Injection Mass Scanner | sqlmap-style detection | backtick bypass esc_sql() | 100K+ installs
PoC: CVE-2026-14762-PoC-Exploit
CVE-2026-14762 exploit for Hotel & Tourism Reservation 1.0. Time-based blind SQL injection via /admin/rooms.php?delete. Dumps DB, tables, columns, reads files, writes webshells. Multi-threaded, proxy support, interactive shell. CVSS 7.3. Authorized testing only. By| @tc4dy
PoC: Januscape-Hotfix
Zero-downtime livepatch for CVE-2026-53359 (Januscape), a guest-to-host escape vulnerability in the KVM/x86 shadow MMU.
PoC: CVE-2026-14191
CVE-2026-14191 - Draft
PoC: CVE-2024-36401
Remix of Chokapikk's CVE-2024-36401 to allow webshell-like behaviour on limited environments
PoC: CVE-2022-22965
CVE-2022-22965
PoC: CVE-2021-41773
whs-homework
PoC: CVE-2026-11405
CVE-2026-11405 - Draft
PoC: CVE-2026-53359
CVE-2026-53359
PoC: CVE-2026-40519
🐳 docker-compose 를 활용한 취약한 환경 구성 및 검증 (vulhub 한글판)
PoC: CVE-2026-53359
CVE-2026-53359 - Draft
PoC: cve-2026-25262-sm8450-research
Experimental verification of CVE-2026-25262 (Write-What-Where in Sahara protocol) on SM8450 platform, enabling Firehose authentication bypass without server-side token.
PoC: noPac
Go implementation of NoPac, exploiting CVE-2021-42278 and CVE-2021-42287
PoC: CVE-2026-48908
CVE-2026-48908 — PoC exploit for unauthenticated RCE in SP Page Builder (Joomla) via arbitrary file upload. Multi‑threaded, case‑bypass, shell verification. For authorized security testing only.
PoC: CVE-2026-54350-Budibase-NoSQL-Injection
PoC for CVE-2026-54350 — Budibase unauthenticated NoSQL operator injection (CVSS 10.0). Read/mass-write any document collection via a PUBLIC query.
PoC: Shellshock_CVE-2014-6271
Shellshock
PoC: React2shell-CVE-2025-55182-Exploit
Next.js / RSC - Unauthenticated RCE (React2Shell) (CVE-2025-55182)
PoC: CVE-2026-38526-Exploit
Exploit for Authenticated Remote Code Execution (RCE) in Krayin CRM v2.2.x (CVE-2026-38526)
PoC: recon-test-livewire
Test target: fresh Laravel 12 app with Livewire pinned to vulnerable 3.6.3 (CVE-2025-54068) for recon scanning
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free