PoC Archive PoC Archive

tag

CISA-KEV

Critical
Langflow Missing-Authentication Remote Code Execution (CVE-2025-3248)
CVE-2025-3248· Langflow (open-source AI/LLM workflow builder) patched
Critical
Fortinet FortiClient EMS Pre-Auth Bypass — "FortiBleed" (CVE-2026-35616)
CVE-2026-35616· Fortinet FortiClient Endpoint Management Server (EMS) unpatched
Critical
Unauthenticated RCE in Mirasvit Full Page Cache Warmer for Magento 2 (CVE-2026-45247)
CVE-2026-45247· Mirasvit Full Page Cache Warmer extension for Magento 2 unpatched
Critical
Unauthenticated RCE in Joomla Content Editor (JCE) Profile Import (CVE-2026-48907)
CVE-2026-48907· Joomla Content Editor (JCE) extension by Widget Factory unpatched
Critical
Cisco Unified CM WebDialer SSRF to Arbitrary File Write / RCE (CVE-2026-20230)
CVE-2026-20230· Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (SME) unpatched
Critical
GNU Inetutils telnetd Unauthenticated Root RCE via NEW-ENVIRON (CVE-2026-24061)
CVE-2026-24061· GNU Inetutils telnetd patched
Critical
Ubiquiti UniFi OS Unauthenticated RCE Chain (CVE-2026-34908 / CVE-2026-34909 / CVE-2026-34910)
CVE-2026-34908, CVE-2026-34909, CVE-2026-34910· Ubiquiti UniFi OS Server patched
Critical
Splunk Enterprise Pre-Auth RCE via PostgreSQL Sidecar (CVE-2026-20253)
CVE-2026-20253· Splunk Enterprise patched
Critical
Ivanti Sentry Pre-Auth RCE + Auth Bypass (CVE-2026-10520 / CVE-2026-10523)
CVE-2026-10520, CVE-2026-10523· Ivanti Sentry (formerly MobileIron Sentry) patched
High
Cisco Catalyst SD-WAN Manager Privilege Escalation (CVE-2026-20245)
CVE-2026-20245· Cisco Catalyst SD-WAN Manager (vManage), SD-WAN Controller (vSmart), SD-WAN Validator (vBond) unpatched
Critical
Check Point Remote Access VPN IKEv1 Auth Bypass (CVE-2026-50751)
CVE-2026-50751· Check Point Remote Access VPN / Mobile Access / Spark Firewall patched
High
Linux nf_tables Use-After-Free Local Privilege Escalation (CVE-2024-1086)
CVE-2024-1086· Linux kernel (netfilter nf_tables subsystem) patched