PoC Archive PoC Archive

tag

Rce

Critical
Redis Vector Set Duplicate HNSW Node ID RCE
None assigned as of 2026-07-03· Redis server, Vector Set module (modules/vector-sets) unpatched
Critical
PHP 8.5.7 StreamBucket-to-SOAP Numeric Cookie Remote Code Execution
None assigned as of 2026-07-03· PHP CLI (Zend Engine) — ArrayIterator, StreamBucket, SoapClient internals unpatched
Critical
Lunar Client Modrinth Explore Raw-HTML to Local Launcher Execution Chain
None assigned as of 2026-07-03· Lunar Client (Electron desktop application), Modrinth Explore integration unpatched
Critical
libssh2 Unchecked SSH packet_length Integer Wrap to RCE (CVE-2026-55200)
CVE-2026-55200· libssh2, ssh2_transport_read() in src/transport.c patched
Critical
libssh2 Publickey Subsystem List Parser Heap Corruption to Code Execution
None assigned as of 2026-07-03· libssh2, publickey subsystem list parser (src/publickey.c) unpatched
Critical
Langflow Missing-Authentication Remote Code Execution (CVE-2025-3248)
CVE-2025-3248· Langflow (open-source AI/LLM workflow builder) patched
Critical
Ladybird Browser WebAssembly ESM Host-Function Use-After-Free RCE
None assigned as of 2026-07-03· Ladybird web browser (WebContent process, LibWeb / LibWasm) unpatched
Critical
Gogs Admin User Edit CSRF to Git Hook RCE
None assigned as of 2026-07-03· Gogs (self-hosted Git service) unpatched
High
Flowise Custom MCP Environment Variable Case Bypass
None assigned as of 2026-07-03· Flowise / flowise-components unpatched
Critical
Floci API Gateway VTL RCE + IAM Scope Bypass
None assigned as of 2026-07-03· Floci (AWS-compatible local cloud emulator) unpatched
Critical
Unauthenticated RCE in Mirasvit Full Page Cache Warmer for Magento 2 (CVE-2026-45247)
CVE-2026-45247· Mirasvit Full Page Cache Warmer extension for Magento 2 unpatched
Critical
Unauthenticated RCE in Joomla Content Editor (JCE) Profile Import (CVE-2026-48907)
CVE-2026-48907· Joomla Content Editor (JCE) extension by Widget Factory unpatched
Critical
Cisco Unified CM WebDialer SSRF to Arbitrary File Write / RCE (CVE-2026-20230)
CVE-2026-20230· Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (SME) unpatched
Critical
SP Page Builder (Joomla) Unauthenticated File Upload RCE (CVE-2026-48908)
CVE-2026-48908· SP Page Builder extension for Joomla (joomshaper.net) patched
Critical
libssh2 SSH Packet Length OOB Heap Write / Unauthenticated RCE (CVE-2026-55200)
CVE-2026-55200· libssh2 (SSH client library) patched
Critical
GNU Inetutils telnetd Unauthenticated Root RCE via NEW-ENVIRON (CVE-2026-24061)
CVE-2026-24061· GNU Inetutils telnetd patched
Critical
GeoVision GV-I/O Box 4E DVRSearch Unauthenticated Stack Buffer Overflow RCE (CVE-2026-12485)
CVE-2026-12485· GeoVision GV-I/O Box 4E (Linux-based smart embedded I/O device) patched
High
FFmpeg MagicYUV Decoder Out-of-Bounds Write / RCE — PixelSmash (CVE-2026-8461)
CVE-2026-8461· FFmpeg libavcodec — MagicYUV video decoder patched
Critical
Splunk Enterprise Pre-Auth RCE via PostgreSQL Sidecar (CVE-2026-20253)
CVE-2026-20253· Splunk Enterprise patched
Critical
Ivanti Sentry Pre-Auth RCE + Auth Bypass (CVE-2026-10520 / CVE-2026-10523)
CVE-2026-10520, CVE-2026-10523· Ivanti Sentry (formerly MobileIron Sentry) patched
Critical
TossUp — TerraMaster TOS Unauthenticated Redis Root RCE + NFS LPE
N/A (vendor confirmed TOS4 is EOL; no fix planned)· TerraMaster TOS3_A1.0 4.2.41, Redis 4.0.10 unpatched
High
Windows MMC MSC EvilTwin - CVE-2025-26633
CVE-2025-26633· Microsoft Management Console (MMC), Windows patched
Critical
ToolShell - SharePoint Unauthenticated RCE Chain
CVE-2025-53770, CVE-2025-53771, CVE-2025-49704, CVE-2025-49706· Microsoft SharePoint Server patched
Critical
React2Shell - Next.js RSC Unauthenticated RCE
CVE-2025-55182· Next.js (App Router with React Server Components), React patched
Critical
Palo Alto PAN-OS GlobalProtect Unauthenticated RCE (CVE-2024-3400)
CVE-2024-3400· Palo Alto Networks PAN-OS GlobalProtect gateway patched
Critical
Jenkins CLI Arbitrary File Read to RCE (CVE-2024-23897)
CVE-2024-23897· Jenkins controller (CLI endpoint) unpatched
Critical
Ivanti Connect Secure Pre-Auth RCE (Stack Overflow)
CVE-2025-0282· Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateways unpatched
Critical
IngressNightmare - Kubernetes Ingress-NGINX Unauthenticated RCE
CVE-2025-1974 (primary); also CVE-2025-1097, CVE-2025-1098, CVE-2025-24514· Kubernetes Ingress-NGINX Controller (ingress-nginx) unpatched
Critical
Fortinet FortiManager FortiJump Unauthenticated RCE (CVE-2024-47575)
CVE-2024-47575· Fortinet FortiManager / FortiManager Cloud (fgfmd daemon) unpatched
Critical
Erlang/OTP SSH Pre-Auth RCE - CVE-2025-32433
CVE-2025-32433· Erlang/OTP SSH server daemon patched
Critical
Confluence SSTI RCE - CVE-2023-22527
CVE-2023-22527· Atlassian Confluence Data Center and Confluence Server patched
High
Confluence Post-Auth RCE - CVE-2024-21683
CVE-2024-21683· Atlassian Confluence Data Center and Server unpatched
Critical
Apache httpd mod_http2 Double-Free Pre-Auth RCE - CVE-2026-23918
CVE-2026-23918· Apache HTTP Server (httpd) with mod_http2 patched
Critical
Windows OLE Zero-Click RCE via Outlook RTF (CVE-2025-21298)
CVE-2025-21298· Microsoft Windows OLE (ole32.dll) as reached by Outlook/Word RTF parsing patched
Critical
VMware vCenter Server DCE/RPC Heap Overflow RCE (CVE-2024-37079)
CVE-2024-37079· VMware vCenter Server patched
High
OpenSSH regreSSHion Signal-Handler Race Unauthenticated RCE (CVE-2024-6387)
CVE-2024-6387· OpenSSH server daemon (sshd) on glibc-based Linux patched
Critical
Fortinet FortiOS SSL VPN Unauthenticated RCE (CVE-2024-21762)
CVE-2024-21762· Fortinet FortiOS SSL VPN (sslvpnd) patched
Critical
Apache Parquet Java Unsafe Deserialization RCE (CVE-2025-30065)
CVE-2025-30065· Apache Parquet Java (parquet-avro) schema parsing consumers unpatched
Critical
Adobe Acrobat/Reader Prototype Pollution Sandbox Escape (CVE-2026-34621)
CVE-2026-34621· Adobe Acrobat DC / Adobe Acrobat Reader DC / Adobe Acrobat 2024 JavaScript engine sandbox boundary unpatched
Critical
HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2021-31166)
CVE-2021-31166· Microsoft Windows HTTP Protocol Stack (http.sys) patched
Critical
NGINX Rift — Heap Buffer Overflow RCE (CVE-2026-42945)
CVE-2026-42945· NGINX Open Source / NGINX Plus unpatched