PoC Archive PoC Archive

tag

Active-Exploitation

Critical
Fortinet FortiClient EMS Pre-Auth Bypass — "FortiBleed" (CVE-2026-35616)
CVE-2026-35616· Fortinet FortiClient Endpoint Management Server (EMS) unpatched
High
Citrix NetScaler ADC/Gateway Pre-Auth SAML Memory Overread — "CitrixBleed"-style Leak (CVE-2026-8451)
CVE-2026-8451· Citrix NetScaler ADC and NetScaler Gateway unpatched
Critical
Unauthenticated RCE in Mirasvit Full Page Cache Warmer for Magento 2 (CVE-2026-45247)
CVE-2026-45247· Mirasvit Full Page Cache Warmer extension for Magento 2 unpatched
Critical
Unauthenticated RCE in Joomla Content Editor (JCE) Profile Import (CVE-2026-48907)
CVE-2026-48907· Joomla Content Editor (JCE) extension by Widget Factory unpatched
High
Google Chromium V8 Out-of-Bounds Read/Write — Crash PoC (CVE-2026-11645)
CVE-2026-11645· Google Chrome / Chromium — V8 JavaScript and WebAssembly engine unpatched
Critical
Cisco Unified CM WebDialer SSRF to Arbitrary File Write / RCE (CVE-2026-20230)
CVE-2026-20230· Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (SME) unpatched
Medium
Cisco Catalyst SD-WAN Manager Arbitrary File Write (CVE-2026-20262)
CVE-2026-20262· Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) unpatched
Critical
GNU Inetutils telnetd Unauthenticated Root RCE via NEW-ENVIRON (CVE-2026-24061)
CVE-2026-24061· GNU Inetutils telnetd patched
Critical
Ivanti Connect Secure Pre-Auth RCE (Stack Overflow)
CVE-2025-0282· Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateways unpatched
Critical
Fortinet FortiCloud SSO Authentication Bypass
CVE-2025-59718, CVE-2025-59719 (Advisory: FG-IR-25-647)· Fortinet FortiOS, FortiProxy, FortiSwitchManager (FortiCloud SSO feature) unpatched