PoC Archive PoC Archive
security research · proof-of-concept archive

A reproducible archive of security research PoCs.

A curated archive of security research proof-of-concept exploits. Reproducible writeups across web, network, binary, crypto, cloud, hardware, and social-engineering categories.

Total PoCs

131

patched 56
unpatched 75

Recent additions

view all →
High
7-Zip RAR5 Mark-of-the-Web / ADS Full-Chain Bypass
None assigned as of 2026-07-03· 7-Zip 26.01 x64 for Windows unpatched
High
AnyDesk Printer Pipe COM Impersonation Local Privilege Escalation
None assigned as of 2026-07-03· AnyDesk for Windows 9.7.6 unpatched
High
c-ares TCP ares_getaddrinfo() Use-After-Free Code Execution
None assigned as of 2026-07-03· c-ares (async DNS resolver library) unpatched
High
Citrix NetScaler ADC/Gateway Pre-Auth SAML Memory Overread — "CitrixBleed"-style Leak (CVE-2026-8451)
CVE-2026-8451· Citrix NetScaler ADC and NetScaler Gateway unpatched
Medium
curl SMTP EXPN Recipient CRLF Command Injection
None assigned as of 2026-07-03· curl / libcurl (SMTP support) unpatched
High
Discourse Scoped API Key Pre-Route Authorization Bypass
None assigned as of 2026-07-03· Discourse (forum platform) unpatched
Medium
Docker cp Copy-Out Destination Escape via Symlink Race
None assigned as of 2026-07-03· Docker Engine / CLI unpatched
Critical
FFmpeg RASC Decoder DLTA Heap Out-of-Bounds Write
None assigned as of 2026-07-03· FFmpeg, libavcodec RASC decoder (AV_CODEC_ID_RASC) unpatched
High
Firefox Smart Window Private URL Exfiltration
None assigned as of 2026-07-03· Firefox Smart Window (AI browsing assistant feature) unpatched
Critical
Floci API Gateway VTL RCE + IAM Scope Bypass
None assigned as of 2026-07-03· Floci (AWS-compatible local cloud emulator) unpatched