PoC Archive PoC Archive

tag

Pre-Auth

Critical
Splunk Enterprise Pre-Auth RCE via PostgreSQL Sidecar (CVE-2026-20253)
CVE-2026-20253· Splunk Enterprise patched
Critical
Ivanti Sentry Pre-Auth RCE + Auth Bypass (CVE-2026-10520 / CVE-2026-10523)
CVE-2026-10520, CVE-2026-10523· Ivanti Sentry (formerly MobileIron Sentry) patched
High
Next.js RSC Server-Action DoS via Flight Deserialization (CVE-2026-23870)
CVE-2026-23870· Next.js App Router (React server-action / RSC reply parser) unpatched
Critical
Ivanti Connect Secure Pre-Auth RCE (Stack Overflow)
CVE-2025-0282· Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateways unpatched
Critical
Erlang/OTP SSH Pre-Auth RCE - CVE-2025-32433
CVE-2025-32433· Erlang/OTP SSH server daemon patched
Critical
Apache httpd mod_http2 Double-Free Pre-Auth RCE - CVE-2026-23918
CVE-2026-23918· Apache HTTP Server (httpd) with mod_http2 patched