PoC Archive PoC Archive

tag

Memory-Corruption

Critical
QEMU CXL Type-3 Mailbox Guest-to-Host Escape
None assigned as of 2026-07-03· QEMU (CXL Type-3 device emulation, hw/cxl/cxl-mailbox-utils.c) unpatched
High
Pillow ImageCms Mutable output_mode Heap OOB Write
None assigned as of 2026-07-03· Pillow (Python Imaging Library fork), PIL.ImageCms module unpatched
Critical
PHP 8.5.7 StreamBucket-to-SOAP Numeric Cookie Remote Code Execution
None assigned as of 2026-07-03· PHP CLI (Zend Engine) — ArrayIterator, StreamBucket, SoapClient internals unpatched
Critical
libssh2 Unchecked SSH packet_length Integer Wrap to RCE (CVE-2026-55200)
CVE-2026-55200· libssh2, ssh2_transport_read() in src/transport.c patched
Critical
libssh2 Publickey Subsystem List Parser Heap Corruption to Code Execution
None assigned as of 2026-07-03· libssh2, publickey subsystem list parser (src/publickey.c) unpatched
Critical
Ladybird Browser WebAssembly ESM Host-Function Use-After-Free RCE
None assigned as of 2026-07-03· Ladybird web browser (WebContent process, LibWeb / LibWasm) unpatched
Critical
FFmpeg RASC Decoder DLTA Heap Out-of-Bounds Write
None assigned as of 2026-07-03· FFmpeg, libavcodec RASC decoder (AV_CODEC_ID_RASC) unpatched
High
Google Chromium V8 Out-of-Bounds Read/Write — Crash PoC (CVE-2026-11645)
CVE-2026-11645· Google Chrome / Chromium — V8 JavaScript and WebAssembly engine unpatched
Critical
Windows OLE Zero-Click RCE via Outlook RTF (CVE-2025-21298)
CVE-2025-21298· Microsoft Windows OLE (ole32.dll) as reached by Outlook/Word RTF parsing patched
Critical
QEMUtiny - QEMU CXL Type-3 Memory Corruption Chain
QEMU CXL Type-3 device emulation (hw/cxl/cxl-mailbox-utils.c) unpatched