security research · proof-of-concept archive
A reproducible archive of security research PoCs.
A curated archive of security research proof-of-concept exploits. Reproducible writeups across web, network, binary, crypto, cloud, hardware, and social-engineering categories.
Total PoCs
131
patched
56
unpatched
75
By severity
Recent additions
view all →High
7-Zip RAR5 Mark-of-the-Web / ADS Full-Chain Bypass
None assigned as of 2026-07-03·
7-Zip 26.01 x64 for Windows
unpatched
High
AnyDesk Printer Pipe COM Impersonation Local Privilege Escalation
None assigned as of 2026-07-03·
AnyDesk for Windows 9.7.6
unpatched
High
c-ares TCP ares_getaddrinfo() Use-After-Free Code Execution
None assigned as of 2026-07-03·
c-ares (async DNS resolver library)
unpatched
High
Citrix NetScaler ADC/Gateway Pre-Auth SAML Memory Overread — "CitrixBleed"-style Leak (CVE-2026-8451)
CVE-2026-8451·
Citrix NetScaler ADC and NetScaler Gateway
unpatched
Medium
curl SMTP EXPN Recipient CRLF Command Injection
None assigned as of 2026-07-03·
curl / libcurl (SMTP support)
unpatched
High
Discourse Scoped API Key Pre-Route Authorization Bypass
None assigned as of 2026-07-03·
Discourse (forum platform)
unpatched
Medium
Docker cp Copy-Out Destination Escape via Symlink Race
None assigned as of 2026-07-03·
Docker Engine / CLI
unpatched
Critical
FFmpeg RASC Decoder DLTA Heap Out-of-Bounds Write
None assigned as of 2026-07-03·
FFmpeg, libavcodec RASC decoder (AV_CODEC_ID_RASC)
unpatched
High
Firefox Smart Window Private URL Exfiltration
None assigned as of 2026-07-03·
Firefox Smart Window (AI browsing assistant feature)
unpatched
Critical
Floci API Gateway VTL RCE + IAM Scope Bypass
None assigned as of 2026-07-03·
Floci (AWS-compatible local cloud emulator)
unpatched