### Summary OpenClaw's QQBot channel can deliver native approval buttons for exec and plugin approvals. In affected releases, the button callback path resolved approvals without enforcing the configured QQBot approver identity. The text command approval path used the authorization check; the issue was specific to native QQBot approval buttons. ### Affected configurations This affects deployments where QQBot native approval buttons are enabled and an approval message is visible to a QQ user who is not configured as an approver. ### Impact A non-approver who could see the approval message could click an approval button and resolve the pending request. Depending on the pending approval, this could allow an exec or plugin action that should have required an authorized approver. ### Patched Versions The first stable patched version is `2026.5.18`. ### Mitigations Upgrade to `openclaw@2026.5.18` or later. Before upgrading, avoid delivering native approval buttons into QQ conversations that include users who should not be able to approve.
PoC: redtail-ioc
IOCs and a read-only triage checklist from a real Linux root compromise: RedTail miner, XorDDoS persistence, MoneroOcean miner, DirtyFrag LPE (CVE-2026-43284/43500). CC0.
PoC: CVE-2025-20720
CVE-2025-20720 — PolyShell: Magento 2 Unauthenticated Arbitrary File Upload RCE | GIF89a polyglot bypass | guest-cart REST API | 79.5% stores targeted
PoC: oppo-ghostlock
OPPO Find N2 GhostLock (CVE-2026-43499) exploit adaptation
PoC: yellowkey-bitlocker
yellow key bitlocker yellow screen bitlocker bitlocker recovery key CVE-2026-45585 microsoft account secure boot bypass command prompt windows 11 windows 10 surface pro uefi firmware encryption key data recovery troubleshoot boot loop cmd unlock drive setup guide tutorial
PoC: CVE-2026-53571
CVE-2026-53571 `server.fs.deny` bypass on Windows alternate paths PoC.
PoC: CVE-2026-54520
CVE-2026-54520 / GHSA-cm8g-8jfq-887p: ai-agent-automation workflow path traversal advisory landing page
PoC: CVE-2026-54519
CVE-2026-54519 / GHSA-qv97-83w4-ff86: ai-agent-automation memory authorization advisory landing page
PoC: CVE-2026-50181
CVE-2026-50181 / GHSA-fg23-3346-88f5: Langroid path traversal advisory landing page
PoC: CVE-2026-50131
CVE-2026-50131 / GHSA-xw9q-2mv6-9fr8: Fedify incomplete SSRF mitigation advisory landing page
PoC: CVE-2026-53359-Kernel-Fix
Linux 内核升级指南 - 修复 CVE-2026-53359
PoC: Apache-CVE-2021-41773
WHS 4기 이희수. kr-vulhub 과제 제출물
PoC: CVE-2026-23744
CVE-2026-23744 MCPJam Inspector unauthenticated RCE PoC
PoC: CVE-2026-38526-PoC-htb-nexus
A PoC script for CVE-2026-38526, RCE via a file upload vulnerability in the /admin/tinymce/upload endpoint of webkul krayin 2.2.x
PoC: CVE-2026-15282
Instant Appointment <= 1.2 — Unauthenticated Arbitrary File Upload to RCE via add_service_front AJAX | CVSS 9.8
PoC: CVE-2026-59734-POC
OS Command Injection in Health Check → Remote Code Execution
PoC: CVE-2026-46331
CVE-2026-46331 act_pedit page-cache corruption exploit, with Alpine PIE fix
PoC: CVE-2024-13985
Dahua CVE-2024-13985
PoC: CVE-2026-29114
Dahua CVE-2026-29114
PoC: CVE-2026-29115
Dahua CVE-2026-29115
PoC: CVE-2026-29116
Dahua CVE-2026-29116
PoC: cybermeowfia-termux
Termux Privilege Escalation Tool & Root Manager - CVE-2026-43501
PoC: CVE-2026-46242
CVE-2026-46242
PoC: lenovo-a1000g-mt8317-A412_01_09_130907-kernel-3.4.0-root-cve-2016-5195
[AI-assisted] Root method for Lenovo IdeaTab A1000G (MT8317, kernel 3.4.0, Android 4.1) via CVE-2016-5195 (Dirty COW)
PoC: CVE-2026-40887
An unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query string parameter is interpolated directly into a raw SQL expression without parameterization or validation, allowing an attacker to execute arbitrary SQL against the database.
PoC: IOHIDFamily-PoC-Research
CVE-2026-28992 IOHIDFamily FastPathUserClient race condition PoC — security research
PoC: CVE-2021-28235
CVE-2021-28235 PoC
PoC: CVE-2025-60787
CVE-2025-60787 motionEye authenticated command injection RCE PoC
PoC: Cups-RCE-Exploit
C++ exploit for unauthenticated remote code execution on CUPS via CVE-2024-47176 chain.
PoC: Abyssal
Abyssal is a high-performance Telnet vulnerability scanner for CVE-2026-24061, delivering root shells on vulnerable systems with false-positive detection.
PoC: cve-2026-9558-poc
Exploitability PoC for CVE-2026-9558 (SSTI Mautic Theme)
PoC: CVE-2026-54390
CVE-2026-54390 — JTL Shop Smarty SSTI RCE | Pre-Auth Template Injection via fetch('string:' . ) | 5.2.0-5.7.1
PoC: CVE-2022-26134
Exploit for CVE-2022-26134
PoC: CVE-2026-40860
Reproducer for CVE-2026-40860 — Apache Camel camel-jms/sjms/amqp JMS ObjectMessage unsafe deserialization (RCE)
PoC: openclaw-hardening-check
Offline, read-only hardening check for a self-hosted OpenClaw install — gateway exposure, auth, CVE-2026-25253. Never prints secrets, makes no network calls.
PoC: CVE-2026-40859
Reproducer for CVE-2026-40859 — Apache Camel camel-netty-http / camel-vertx-http producer-side unsafe deserialization of HTTP response bodies (RCE)
PoC: CVE-2024-51482
CVE-2025-51482 POC, Dump Credentials From zm.Users
PoC: CVE-2026-40858
Reproducer for CVE-2026-40858 — Apache Camel camel-infinispan remote aggregation repository unsafe deserialization (RCE)
PoC: CVE-2026-50980
oPnael DNS-Based Cross-Site Scripting (XSS) & Session Hijacking
PoC: CVE-2026-50979
oPanel Authanticated Remote Code Execution via 'advenced/curl' Component
PoC: reactorwatch-pentest
☢️ ReactorWatch v3.2.1 — Nuclear Reactor Core Monitoring System Pentest | CVE-2025-55182 (React2Shell) Unauthenticated RCE → SQLite Exfil → MD5 Crack → SSH Pivot → CDP Root Escalation | CVSS 10.0 | AMN SECURITY
PoC: CVE-2026-46331
A Proof of Concept (PoC) exploit for CVE-2026-46331
PoC: CVE-2026-56423-MISP-deleteSelection-BrokenAccessControl
PoC for CVE-2026-56423: MISP deleteSelection broken access control (CWE-862, contributor hard-deletes other orgs' Event Reports/Sharing Groups, CVSS 8.8)
PoC: ghostlink-writeup
Ghostlink HTB — Full Chain AD + Gogs Exploitation | MQTT → NTLM Relay → Path Traversal → CVE-2025-8110 → ADCS ESC11 → DCSync | AMN SECURITY
PoC: cve-2025-22457
Altay takımı haftalık sunumu için yaptığım cve-2025-22457 zafiyeti demo uygulaması
PoC: CVE-2026-41089-LongLogon
CVE-2026-41089 checker: unauthenticated, non-destructive detection for the Netlogon CLDAP stack buffer overflow (CVSS 9.8). Reports whether a domain controller's domain is long enough to crash, without sending the overflow. The binary-verified analysis the public PoCs got wrong.
PoC: CVE-2026-29519-Lucee-Reflected-XSS
Proof of Concept for Reflected XSS in Lucee CFML (CVE-2026-29519)
PoC: CVE-2026-49230-APISIX-jwe-decrypt-Auth-Bypass
PoC for CVE-2026-49230: Apache APISIX jwe-decrypt authentication bypass (missing AES-GCM tag validation, CWE-354, CVSS 9.1)
PoC: CVE-2026-48908-joomla-sp-page-builder-detection
Laboratory validation of CVE-2026-48908 in Joomla SP Page Builder, covering unauthorized icon upload, PHP file write, code execution as www-data, auditd and PCAP evidence, event timeline reconstruction, and SOC detection recommendations. Includes Polish and English reports.
PoC: CVE-2026-61343-poc-librebooking-rce
Librebooking Admin RCE PoC CVE-2026-61343
PoC: CVE-2025-43782
OpenSSL TLS handshake buffer overflow
PoC: LVM-Januscape
CVE-2026-53359漏洞补丁
PoC: CVE-2026-57517-CWP
Control Web Panel (CWP) vulnerability scenario related to CVE-2026-57517
PoC: react2shell
PoC for CVE-2025-55182 React2Shell
PoC: CVE-2026-56876-POC
Offical PoC for this cve
PoC: CVE-2017-15715-httpd
whs 4기 컨테이너 과제
PoC: CVE-2026-8037-POC
包括能执行的命令探测和一键getshell(需要服务器部署服务)
PoC: WHS4_CVE-2021-4034
Whitehat School 4기 CVE-2021-4034 분석 및 POC 작성
PoC: CVE-2026-40473
Reproducer for CVE-2026-40473: Apache Camel camel-mina MinaConverter.toObjectInput unsafe deserialization (RCE over TCP/UDP)
PoC: -linx-server-vulnerability-report
Public disclosure for CVE-2026-52100 (CSRF) & CVE-2026-52101 (SSRF) in linx-server. MITRE assigned the CVEs; this repo provides a public reference and helps affected users understand the risk.
PoC: CVE-2026-4257
CVE-2026-4257 - Contact Form by Supsystic <= 1.7.36 # SSTI to RCE
PoC: CentOS7_CVE-2021-3712_Remediation
Production Ready Steps for Remediating a openssl CVE(https://nvd.nist.gov/vuln/detail/cve-2021-3712) on EOL CentOS7 box
PoC: H2-database-CVE-2022-23221
vulhub/H2-database/CVE-2022-23221
PoC: Ubiquiti-CVE
CVE-2026-50746... - Draft
PoC: CVE-2026-43499
CVE-2026-43499
PoC: TwoMillion-HTB-Write-up
Write-up completo de la máquina TwoMillion de Hack The Box. Enumeración web, explotación de API, escalada a admin, inyección de comandos (RCE), reverse shell y escalada a root mediante CVE-2023-0386 (OverlayFS + FUSE). Técnicas de pentesting aplicadas en un entorno controlado.
PoC: CVE-2026-40453
Reproducer for CVE-2026-40453: Apache Camel case-variant Camel header injection (incomplete fix of CVE-2025-27636)
PoC: CVE-2026-44825-Apache-Solr-Scanner
Apache Solr instances that may be affected by CVE-2026-44825, related to Velocity Template Remote Code Execution (RCE) conditions.
PoC: CVE-2026-40048
Reproducer for CVE-2026-40048: Apache Camel camel-pqc FileBasedKeyLifecycleManager unsafe deserialization (RCE)
PoC: CVE-2026-38526
Automated exploit for Krayin CRM ≤ 2.2.x.
PoC: CVE-2021-40346
WHS CVE-2021-40346 분석
PoC: CVE-2026-27495
Proof-of-concept exploit and lab environment for CVE-2026-27495
PoC: CVE-2026-35204
CVE-2026-35204 PoC
PoC: tetragon-dirtyfrag
Blocking the DirtyFrag Linux LPE chain (CVE-2026-43284 / CVE-2026-43500) at runtime with a Cilium Tetragon TracingPolicy | kills the exploit at the kernel-module autoload step. Tested on RHEL 9.8 (kernel 5.14) and Ubuntu 24.04 (kernel 6.8). Policy, lab notes, and evidence.
PoC: CVE-2026-35204
CVE-2026-35204 PoC
PoC: CVE-2026-34197
Poc for CVE-2026-34197
PoC: CVE-2026-40047
Reproducer for CVE-2026-40047: Apache Camel camel-docling CLI argument injection / path traversal
PoC: cve-2026-25262-sm8450-research
CVE-2026-25262 applicability to Snapdragon 8 Gen 1 — experimental results
PoC: mcp-doorman
A lightweight mcp to prevent poisoning CVE (CVE-2025-54136), researchers hijacking Claude Code/Copilot/Gemini via prompt injection, and hundreds of MCP servers exposed with zero auth, this mcp protects the individual developer's laptop, where most MCP servers actually run.
PoC: CVE-2025-55182
Exploit for CVE-2025-55182
PoC: CVE-2021-21974
自研针对ESXI 堆栈溢出的CVE-2021-21974 POC,只支持项目给出的的目标和环境,用于学习和研究
PoC: CVE-2026-43499
CVE-2026-43499 - Draft
PoC: CVE-2026-56290
CVE-2026-56290 - Mass Exploit for Joomla Com_pagebuilderck component (Unrestricted File Upload → RCE). Multi-threaded, automatic CSRF bypass, PHP shell uploader.
PoC: ScannerBadEpoll
Verificador de Vulnerabilidad: Bad Epoll (CVE-2026-46242)
PoC: CVE-2026-0257-GlobalProtect-Bypass
CVE-2026-0257 - Palo Alto PAN-OS GlobalProtect Auth Override Cookie Forgery - PoC & Analysis | CVSS 9.1 CRITICAL CISA KEV | AMN SECURITY
PoC: CVE-2026-49777-WooCommerce-RCE
CVE-2026-49777 - WooCommerce Product Slider Pro Malicious Software Implantation RCE - PoC & Analysis | CVSS 10.0 CRITICAL | AMN SECURITY
PoC: CVE-2026-8206-Kirki-WP
CVE-2026-8206 - Kirki WordPress Plugin Unauthenticated Account Takeover - PoC & Analysis | CVSS 9.8 CRITICAL | AMN SECURITY
PoC: CVE-2026-42271-LiteLLM-RCE
CVE-2026-42271 - LiteLLM AI Gateway MCP Command Injection RCE - PoC & Analysis | CVSS 8.8 | AMN SECURITY
PoC: CVE-2026-45659-SharePoint-RCE
CVE-2026-45659 - Microsoft SharePoint Deserialization RCE - PoC & Analysis | CVSS 8.8 | AMN SECURITY
PoC: CVE-2026-8451-CitrixBleed
CVE-2026-8451 - Citrix NetScaler SAML Memory Overread (CitrixBleed) - PoC & Analysis | CVSS 8.8 | AMN SECURITY
PoC: cve-2026-48282-coldfusion-rds-detection
Laboratory validation of CVE-2026-48282 in Adobe ColdFusion RDS, covering arbitrary CFM file write, code execution as the ColdFusion service user, auditd and PCAP evidence, event timeline reconstruction, and SOC detection recommendations. Includes Polish and English reports.
PoC: cve-2026-20896-gitea-poc
CVE-2026-20896 Gitea Docker X-WEBAUTH-USER auth bypass checker
PoC: CVE-2026-12277
Frontend File Manager Plugin (WordPress) <= 23.6 - Unauthenticated Arbitrary File Deletion to RCE
PoC: CVE-2019-9978-Social-Warfare-WordPress-RCE
A complete walkthrough and exploit for CVE-2019-9978 - Unauthenticated Remote Code Execution in Social Warfare WordPress plugin ≤ 3.5.2. Includes vulnerable code analysis and payload examples.
PoC: CVE-2026-36214
Stored Cross-Site Scripting (XSS) in osTicket via Vulnerable Bootstrap Tooltip Component
PoC: VTIGER-CRM-RCE-CVE-2026-23698
Vtiger CRM 8.3.0, 8.4.0 Module Import Authenticated RCE PoC
PoC: VTIGER-CRM-RCE-CVE-2026-23697
Vtiger CRM 8.3.0 Authenticated RCE via .phar Upload
PoC: Whisper_Bully
Two-stage Bluetooth DoS attack on Fast Pair devices via CVE-2025-36911
PoC: CVE-2022-46364
Python POC, Exploit for CVE-2022-46364
PoC: RedTeamBrasil-CVE-2025-64459
NEO-SQLi — exploit Django _connector SQL Injection (CVE-2025-64459) | canal RedTeam Brasil
PoC: dasel-cve-exercise
Melange packaging and apko image for Dasel v3.3.1 with a backported fix for CVE-2026-33320.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free