PoC Archive PoC Archive

Archive by year

Every proof-of-concept grouped by CVE year. Entries without an assigned CVE are grouped by disclosure year.

2026

61 entries
Critical
libssh2 Unchecked SSH packet_length Integer Wrap to RCE (CVE-2026-55200)
CVE-2026-55200· libssh2, ssh2_transport_read() in src/transport.c patched
Critical
Fortinet FortiClient EMS Pre-Auth Bypass — "FortiBleed" (CVE-2026-35616)
CVE-2026-35616· Fortinet FortiClient Endpoint Management Server (EMS) unpatched
High
Citrix NetScaler ADC/Gateway Pre-Auth SAML Memory Overread — "CitrixBleed"-style Leak (CVE-2026-8451)
CVE-2026-8451· Citrix NetScaler ADC and NetScaler Gateway unpatched
Critical
Unauthenticated RCE in Mirasvit Full Page Cache Warmer for Magento 2 (CVE-2026-45247)
CVE-2026-45247· Mirasvit Full Page Cache Warmer extension for Magento 2 unpatched
Critical
Unauthenticated RCE in Joomla Content Editor (JCE) Profile Import (CVE-2026-48907)
CVE-2026-48907· Joomla Content Editor (JCE) extension by Widget Factory unpatched
Medium
Squidbleed — Squid Proxy FTP Gateway Out-of-Bounds Heap Read (CVE-2026-47729)
CVE-2026-47729· Squid Proxy — FTP gateway / directory-listing parser patched
High
PAN-OS GlobalProtect Authentication Bypass via Forged Cookie (CVE-2026-0257)
CVE-2026-0257· Palo Alto Networks PAN-OS — GlobalProtect portal and gateway (also affects certain Prisma Access deployments) unpatched
High
Google Chromium V8 Out-of-Bounds Read/Write — Crash PoC (CVE-2026-11645)
CVE-2026-11645· Google Chrome / Chromium — V8 JavaScript and WebAssembly engine unpatched
Critical
Cisco Unified CM WebDialer SSRF to Arbitrary File Write / RCE (CVE-2026-20230)
CVE-2026-20230· Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (SME) unpatched
Medium
Cisco Catalyst SD-WAN Manager Arbitrary File Write (CVE-2026-20262)
CVE-2026-20262· Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) unpatched
High
Authenticated Command Injection in LiteLLM MCP Test Endpoints (CVE-2026-42271)
CVE-2026-42271· BerriAI LiteLLM (proxy) — MCP preview/test endpoints patched
Critical
SP Page Builder (Joomla) Unauthenticated File Upload RCE (CVE-2026-48908)
CVE-2026-48908· SP Page Builder extension for Joomla (joomshaper.net) patched
High
Linux Kernel act_pedit Partial COW Page-Cache LPE (CVE-2026-46331)
CVE-2026-46331· Linux Kernel — net/sched/act_pedit (traffic control packet editing) unpatched
Critical
libssh2 SSH Packet Length OOB Heap Write / Unauthenticated RCE (CVE-2026-55200)
CVE-2026-55200· libssh2 (SSH client library) patched
Low
libcurl mTLS Connection Reuse Authentication Bypass (CVE-2026-8932)
CVE-2026-8932· libcurl (embedded library; standalone curl CLI unaffected) patched
Critical
GNU Inetutils telnetd Unauthenticated Root RCE via NEW-ENVIRON (CVE-2026-24061)
CVE-2026-24061· GNU Inetutils telnetd patched
Critical
GeoVision GV-I/O Box 4E DVRSearch Unauthenticated Stack Buffer Overflow RCE (CVE-2026-12485)
CVE-2026-12485· GeoVision GV-I/O Box 4E (Linux-based smart embedded I/O device) patched
High
FFmpeg MagicYUV Decoder Out-of-Bounds Write / RCE — PixelSmash (CVE-2026-8461)
CVE-2026-8461· FFmpeg libavcodec — MagicYUV video decoder patched
High
Claude Desktop Cowork VM Image Integrity Bypass / Local Persistence (CVE-2026-7574)
CVE-2026-7574· Anthropic Claude Desktop — Cowork feature unpatched
High
Windows CTFMON Arbitrary Section Object EoP — GreenPlasma (CVE-2026-45586)
CVE-2026-45586· Windows Collaborative Translation Framework (CTFMON service) patched
Critical
Ubiquiti UniFi OS Unauthenticated RCE Chain (CVE-2026-34908 / CVE-2026-34909 / CVE-2026-34910)
CVE-2026-34908, CVE-2026-34909, CVE-2026-34910· Ubiquiti UniFi OS Server patched
Critical
Splunk Enterprise Pre-Auth RCE via PostgreSQL Sidecar (CVE-2026-20253)
CVE-2026-20253· Splunk Enterprise patched
Critical
Ivanti Sentry Pre-Auth RCE + Auth Bypass (CVE-2026-10520 / CVE-2026-10523)
CVE-2026-10520, CVE-2026-10523· Ivanti Sentry (formerly MobileIron Sentry) patched
High
DirtyClone — Linux Kernel LPE via Cloned Packet Page-Cache Overwrite (CVE-2026-43503)
CVE-2026-43503· Linux kernel (netfilter TEE / __pskb_copy_fclone()) patched
High
Cisco Catalyst SD-WAN Manager Privilege Escalation (CVE-2026-20245)
CVE-2026-20245· Cisco Catalyst SD-WAN Manager (vManage), SD-WAN Controller (vSmart), SD-WAN Validator (vBond) unpatched
Critical
Check Point Remote Access VPN IKEv1 Auth Bypass (CVE-2026-50751)
CVE-2026-50751· Check Point Remote Access VPN / Mobile Access / Spark Firewall patched
Medium
YellowKey — BitLocker Bypass via WinRE autofstx.exe (CVE-2026-45585)
CVE-2026-45585· Windows BitLocker / WinRE (autofstx.exe) patched
High
CVE-2026-50656 RoguePlanet — Safe Vulnerability Checker (Resurface)
CVE-2026-50656· Microsoft Malware Protection Engine (mpengine.dll, MsMpEng.exe) patched
High
RoguePlanet — Windows Defender LPE via ISO Mount + Task Scheduler Race Condition
CVE-2026-50656· Microsoft Windows Defender / Windows Error Reporting Task Scheduler unpatched
Critical
FirefUXSS: Universal XSS in Firefox Focus for iOS via Redirect-Scheme Validation Race Condition
Firefox Focus for iOS unpatched
High
ssh-keysign-pwn: pidfd_getfd FD Theft via mm-NULL Exit Window (CVE-2026-46333)
CVE-2026-46333· Linux kernel plus privileged userland binaries (ssh-keysign, chage) patched
Critical
Netlogon CLDAP Stack Buffer Overflow (CVE-2026-41089)
CVE-2026-41089· Microsoft Windows Netlogon (Domain Controller CLDAP path) patched
High
LiteSpeed User-End cPanel Plugin Local Privilege Escalation (CVE-2026-48172)
CVE-2026-48172· LiteSpeed cPanel Plugin unpatched
Critical
Drupal Core PostgreSQL SQL Injection (CVE-2026-9082)
CVE-2026-9082 / SA-CORE-2026-004· Drupal Core unpatched
High
Notepad++ <= 8.9.6 Multiple Vulnerabilities (CVE-2026-48770, CVE-2026-48778, CVE-2026-48800)
CVE-2026-48770, CVE-2026-48778, CVE-2026-48800· Notepad++ unpatched
High
PinTheft: RDS Double-Free → LPE
Linux kernel (RDS subsystem + io_uring) unpatched
High
Chrome WebGPU Use-After-Free (CVE-2026-5281)
CVE-2026-5281· Google Chrome / Chromium WebGPU (Dawn backend) unpatched
Low
Next.js x-nextjs-data Cache Poisoning (CVE-2026-44572)
CVE-2026-44572· Next.js Pages Router (redirect handling via middleware or next.config.js) patched
High
Next.js WebSocket Upgrade SSRF (Self-Hosted) (CVE-2026-44578)
CVE-2026-44578· Next.js standalone router server (next start) unpatched
High
Next.js RSC Server-Action DoS via Flight Deserialization (CVE-2026-23870)
CVE-2026-23870· Next.js App Router (React server-action / RSC reply parser) unpatched
Medium
Next.js RSC Response Cache Poisoning (CVE-2026-44576)
CVE-2026-44576· Next.js App Router deployments using React Server Components (RSC) behind shared caches patched
Low
Next.js RSC Cache-Busting Weak Hash Collision (CVE-2026-44582)
CVE-2026-44582· Next.js App Router patched
Medium
Next.js Image Optimization API OOM DoS (Self-Hosted) (CVE-2026-44577)
CVE-2026-44577· Next.js Image Optimization API (/_next/image) on self-hosted deployments unpatched
High
Next.js i18n Middleware Bypass (CVE-2026-44573)
CVE-2026-44573· Next.js Pages Router with i18n configuration unpatched
High
Next.js Dynamic Route Injection Auth Bypass (CVE-2026-44574)
CVE-2026-44574· Next.js App Router with dynamic route segments and middleware-based access control unpatched
Medium
Next.js CSP Nonce Cache-Poisoned XSS (CVE-2026-44581)
CVE-2026-44581· Next.js App Router applications using CSP nonces patched
High
Next.js Cache Components Connection Exhaustion DoS (CVE-2026-44579)
CVE-2026-44579· Next.js applications using Cache Components / Partial Prerendering (PPR) patched
Medium
Next.js beforeInteractive Script XSS (CVE-2026-44580)
CVE-2026-44580· Next.js applications using next/script with strategy="beforeInteractive" patched
High
Next.js App Router Segment-Prefetch Middleware Bypass (CVE-2026-44575)
CVE-2026-44575· Next.js App Router applications that rely on middleware.ts matchers to protect routes patched
High
Copy Fail Linux Kernel Local Privilege Escalation (CVE-2026-31431)
CVE-2026-31431· Linux kernel (crypto / AF_ALG AEAD path) unpatched
Critical
Apache httpd mod_http2 Double-Free Pre-Auth RCE - CVE-2026-23918
CVE-2026-23918· Apache HTTP Server (httpd) with mod_http2 patched
Critical
QEMUtiny - QEMU CXL Type-3 Memory Corruption Chain
QEMU CXL Type-3 device emulation (hw/cxl/cxl-mailbox-utils.c) unpatched
Critical
cPanel & WHM Authentication Bypass via Session-File CRLF Injection (CVE-2026-41940)
CVE-2026-41940· cPanel & WHM patched
High
Chrome CSSFontFeatureValuesMap Use-After-Free (CVE-2026-2441)
CVE-2026-2441· Google Chrome / Chromium-based browsers (Blink CSS engine) unpatched
Critical
Adobe Acrobat/Reader Prototype Pollution Sandbox Escape (CVE-2026-34621)
CVE-2026-34621· Adobe Acrobat DC / Adobe Acrobat Reader DC / Adobe Acrobat 2024 JavaScript engine sandbox boundary unpatched
High
RedSun Privileged File Write (CVE-2026-33825)
CVE-2026-33825· Microsoft Defender Antivirus (real-time protection) on Windows with Cloud Files APIs patched
Medium
Exchange Health Checker Outbound Rule Blind Spot (CVE-2026-42897)
CVE-2026-42897· Microsoft CSS-Exchange Health Checker (HealthChecker.ps1) unpatched
High
BlueHammer Defender Local Privilege Escalation (CVE-2026-33825)
CVE-2026-33825· Microsoft Defender Antivirus update/scan workflow on Windows patched
Critical
NGINX Rift — Heap Buffer Overflow RCE (CVE-2026-42945)
CVE-2026-42945· NGINX Open Source / NGINX Plus unpatched
High
Linux XFRM ESP-in-TCP Local Privilege Escalation (Fragnesia)
CVE-2026-46300· Linux kernel (XFRM ESP-in-TCP subsystem) unpatched
Critical
Dirty Frag: Linux XFRM/RxRPC Page Cache Write Chain LPE
CVE-2026-43500, CVE-2026-43284· Linux kernel patched

2025

19 entries
Critical
Langflow Missing-Authentication Remote Code Execution (CVE-2025-3248)
CVE-2025-3248· Langflow (open-source AI/LLM workflow builder) patched
High
WinRAR Windows Path Traversal via NTFS Alternate Data Streams (CVE-2025-8088)
CVE-2025-8088· WinRAR (Windows) patched
Medium
Windows NTLM Hash Disclosure via File Explorer - CVE-2025-24054
CVE-2025-24054· Windows File Explorer (Windows Shell) patched
High
Windows MMC MSC EvilTwin - CVE-2025-26633
CVE-2025-26633· Microsoft Management Console (MMC), Windows patched
High
Windows Kernel Elevation of Privilege - Race Condition / Double-Free (CVE-2025-62215)
CVE-2025-62215· Windows Kernel (ntoskrnl.exe / kernel resource synchronization) patched
Critical
ToolShell - SharePoint Unauthenticated RCE Chain
CVE-2025-53770, CVE-2025-53771, CVE-2025-49704, CVE-2025-49706· Microsoft SharePoint Server patched
Critical
React2Shell - Next.js RSC Unauthenticated RCE
CVE-2025-55182· Next.js (App Router with React Server Components), React patched
High
Linux vsock Use-After-Free VM Escape (CVE-2025-21756)
CVE-2025-21756· Linux kernel (vsock / virtual socket subsystem) patched
Critical
Ivanti Connect Secure Pre-Auth RCE (Stack Overflow)
CVE-2025-0282· Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateways unpatched
Critical
IngressNightmare - Kubernetes Ingress-NGINX Unauthenticated RCE
CVE-2025-1974 (primary); also CVE-2025-1097, CVE-2025-1098, CVE-2025-24514· Kubernetes Ingress-NGINX Controller (ingress-nginx) unpatched
Critical
Fortinet FortiCloud SSO Authentication Bypass
CVE-2025-59718, CVE-2025-59719 (Advisory: FG-IR-25-647)· Fortinet FortiOS, FortiProxy, FortiSwitchManager (FortiCloud SSO feature) unpatched
Critical
Erlang/OTP SSH Pre-Auth RCE - CVE-2025-32433
CVE-2025-32433· Erlang/OTP SSH server daemon patched
Critical
Azure Networking Privilege Escalation via Missing Privilege Check
CVE-2025-54914· Microsoft Azure Networking service (GetRouteTable API) patched
Critical
Windows OLE Zero-Click RCE via Outlook RTF (CVE-2025-21298)
CVE-2025-21298· Microsoft Windows OLE (ole32.dll) as reached by Outlook/Word RTF parsing patched
Critical
Palo Alto PAN-OS Management Interface Authentication Bypass (CVE-2025-0108)
CVE-2025-0108· Palo Alto Networks PAN-OS management web interface patched
Critical
Citrix NetScaler CitrixBleed 2 Session Token Disclosure (CVE-2025-5777)
CVE-2025-5777· Citrix NetScaler ADC / NetScaler Gateway login interface patched
Critical
Apache Parquet Java Unsafe Deserialization RCE (CVE-2025-30065)
CVE-2025-30065· Apache Parquet Java (parquet-avro) schema parsing consumers unpatched
High
WinRAR Archive Extraction Path Traversal (CVE-2025-6218)
CVE-2025-6218· WinRAR archive extraction workflow unpatched
Critical
Next.js Corrupt Middleware Auth Bypass (CVE-2025-29927)
CVE-2025-29927· Next.js (Vercel) patched

2024

12 entries
Critical
Palo Alto PAN-OS GlobalProtect Unauthenticated RCE (CVE-2024-3400)
CVE-2024-3400· Palo Alto Networks PAN-OS GlobalProtect gateway patched
High
Linux nf_tables Use-After-Free Local Privilege Escalation (CVE-2024-1086)
CVE-2024-1086· Linux kernel (netfilter nf_tables subsystem) patched
Critical
Jenkins CLI Arbitrary File Read to RCE (CVE-2024-23897)
CVE-2024-23897· Jenkins controller (CLI endpoint) unpatched
Critical
Fortinet FortiManager FortiJump Unauthenticated RCE (CVE-2024-47575)
CVE-2024-47575· Fortinet FortiManager / FortiManager Cloud (fgfmd daemon) unpatched
High
Confluence Post-Auth RCE - CVE-2024-21683
CVE-2024-21683· Atlassian Confluence Data Center and Server unpatched
Critical
VMware vCenter Server DCE/RPC Heap Overflow RCE (CVE-2024-37079)
CVE-2024-37079· VMware vCenter Server patched
Medium
VMware ESXi Active Directory Authentication Bypass (CVE-2024-37085)
CVE-2024-37085· VMware ESXi hosts joined to Microsoft Active Directory unpatched
High
OpenSSH regreSSHion Signal-Handler Race Unauthenticated RCE (CVE-2024-6387)
CVE-2024-6387· OpenSSH server daemon (sshd) on glibc-based Linux patched
Critical
Fortinet FortiOS SSL VPN Unauthenticated RCE (CVE-2024-21762)
CVE-2024-21762· Fortinet FortiOS SSL VPN (sslvpnd) patched
Critical
Fortinet FortiOS / FortiProxy Authentication Bypass (CVE-2024-55591)
CVE-2024-55591· Fortinet FortiOS/FortiProxy management interfaces unpatched
Critical
LDAP Nightmare — Windows LDAP Client RCE/DoS (CVE-2024-49113)
CVE-2024-49113· Microsoft Windows LDAP client / Netlogon interaction path patched
High
CVE-2024-21338 — Local Privilege Escalation from Admin to Kernel
CVE-2024-21338· Microsoft Windows AppLocker driver path (\\Device\\AppID) patched

2023

2 entries

2021

1 entry

2020

1 entry

(ven

1 entry

(rep

1 entry

ass

33 entries
Medium
VLC Bundled FFmpeg VP9 Decoder Resolution-Change Heap Crash
None assigned as of 2026-07-03· VLC media player, bundled FFmpeg VP9 decoder (plugins/codec/libavcodec_plugin.dll) unpatched
High
System Informer phsvc Trusted-Host Confused Deputy LPE
None assigned as of 2026-07-03· System Informer (Process Hacker successor), phsvc helper process unpatched
High
RustDesk Relay Session Downgrade and FileTransfer Authorization Scope Bypass
None assigned as of 2026-07-03· RustDesk (rustdesk/rustdesk) — client relay/session setup and server-side connection dispatcher unpatched
Critical
Redis Vector Set Duplicate HNSW Node ID RCE
None assigned as of 2026-07-03· Redis server, Vector Set module (modules/vector-sets) unpatched
Critical
QEMU CXL Type-3 Mailbox Guest-to-Host Escape
None assigned as of 2026-07-03· QEMU (CXL Type-3 device emulation, hw/cxl/cxl-mailbox-utils.c) unpatched
High
Pillow ImageCms Mutable output_mode Heap OOB Write
None assigned as of 2026-07-03· Pillow (Python Imaging Library fork), PIL.ImageCms module unpatched
Critical
PHP 8.5.7 StreamBucket-to-SOAP Numeric Cookie Remote Code Execution
None assigned as of 2026-07-03· PHP CLI (Zend Engine) — ArrayIterator, StreamBucket, SoapClient internals unpatched
High
OpenVPN Connect Server-Pushed Option Current-User Command Execution
None assigned as of 2026-07-03· OpenVPN Connect for Windows unpatched
Medium
objdump DLX ELF Backend Out-of-Bounds Write (Crash-to-Calc)
None assigned as of 2026-07-03· GNU Binutils objdump — DLX ELF backend (elf32-dlx) unpatched
High
NodeBB ActivityPub attributedTo Local UID Spoof
None assigned as of 2026-07-03· NodeBB — ActivityPub server-to-server inbox unpatched
Low
Nmap IPv6 Extension-Header Length Wrap
None assigned as of 2026-07-03· Nmap — shared packet parsing code (libnetutil/netutil.cc, tcpip.cc) unpatched
High
nghttpx HTTP/1.1 Upgrade Request Body Response Queue Poisoning
None assigned as of 2026-07-03· nghttp2's nghttpx reverse proxy patched
High
Nextcloud Federated Share OCM Bearer Token Scope Escalation to Sender WebDAV Access
None assigned as of 2026-07-03· Nextcloud Server — federated file sharing, OCM token exchange, WebDAV bearer authentication unpatched
High
Next.js unstable_cache Object-Argument Cache-Key Collision
None assigned as of 2026-07-03· Next.js (App Router, Data Cache) unpatched
High
MyBB 1.8.40 Limited Admin CP User-Manager to Full Administrator Privilege Escalation
None assigned as of 2026-07-03 (see Notes — CVE-2026-45115 identifies a separate, already-patched MyBB issue)· MyBB forum software, Admin CP add-user flow unpatched
Critical
Lunar Client Modrinth Explore Raw-HTML to Local Launcher Execution Chain
None assigned as of 2026-07-03· Lunar Client (Electron desktop application), Modrinth Explore integration unpatched
Critical
libssh2 Publickey Subsystem List Parser Heap Corruption to Code Execution
None assigned as of 2026-07-03· libssh2, publickey subsystem list parser (src/publickey.c) unpatched
Medium
libarchive ZIP Declared-Size Boundary Bypass via debuginfod
None assigned as of 2026-07-03· libarchive (ZIP reader) and elfutils debuginfod unpatched
Critical
Ladybird Browser WebAssembly ESM Host-Function Use-After-Free RCE
None assigned as of 2026-07-03· Ladybird web browser (WebContent process, LibWeb / LibWasm) unpatched
High
ImageMagick Ghostscript Delegate Search Path Hijack
None assigned as of 2026-07-03· ImageMagick (Ghostscript delegate for PDF/PS/EPS conversion) on Windows unpatched
Critical
Gogs Admin User Edit CSRF to Git Hook RCE
None assigned as of 2026-07-03· Gogs (self-hosted Git service) unpatched
High
Gitea act_runner container.options Host Namespace Escape
None assigned as of 2026-07-03· Gitea Actions act_runner (Docker-backed) unpatched
Medium
Ghidra 12.1.2 Conditional Swift Demangler ACE (plus TraceRMI RCE and SevenZipJBinding Reachability)
None assigned as of 2026-07-03· Ghidra (NSA reverse-engineering suite) unpatched
High
Flowise Custom MCP Environment Variable Case Bypass
None assigned as of 2026-07-03· Flowise / flowise-components unpatched
Critical
Floci API Gateway VTL RCE + IAM Scope Bypass
None assigned as of 2026-07-03· Floci (AWS-compatible local cloud emulator) unpatched
High
Firefox Smart Window Private URL Exfiltration
None assigned as of 2026-07-03· Firefox Smart Window (AI browsing assistant feature) unpatched
Critical
FFmpeg RASC Decoder DLTA Heap Out-of-Bounds Write
None assigned as of 2026-07-03· FFmpeg, libavcodec RASC decoder (AV_CODEC_ID_RASC) unpatched
Medium
Docker cp Copy-Out Destination Escape via Symlink Race
None assigned as of 2026-07-03· Docker Engine / CLI unpatched
High
Discourse Scoped API Key Pre-Route Authorization Bypass
None assigned as of 2026-07-03· Discourse (forum platform) unpatched
Medium
curl SMTP EXPN Recipient CRLF Command Injection
None assigned as of 2026-07-03· curl / libcurl (SMTP support) unpatched
High
c-ares TCP ares_getaddrinfo() Use-After-Free Code Execution
None assigned as of 2026-07-03· c-ares (async DNS resolver library) unpatched
High
AnyDesk Printer Pipe COM Impersonation Local Privilege Escalation
None assigned as of 2026-07-03· AnyDesk for Windows 9.7.6 unpatched
High
7-Zip RAR5 Mark-of-the-Web / ADS Full-Chain Bypass
None assigned as of 2026-07-03· 7-Zip 26.01 x64 for Windows unpatched