PoC Archive PoC Archive

tag

Unauthenticated

Critical
Langflow Missing-Authentication Remote Code Execution (CVE-2025-3248)
CVE-2025-3248· Langflow (open-source AI/LLM workflow builder) patched
High
Citrix NetScaler ADC/Gateway Pre-Auth SAML Memory Overread — "CitrixBleed"-style Leak (CVE-2026-8451)
CVE-2026-8451· Citrix NetScaler ADC and NetScaler Gateway unpatched
Critical
Unauthenticated RCE in Mirasvit Full Page Cache Warmer for Magento 2 (CVE-2026-45247)
CVE-2026-45247· Mirasvit Full Page Cache Warmer extension for Magento 2 unpatched
Critical
Unauthenticated RCE in Joomla Content Editor (JCE) Profile Import (CVE-2026-48907)
CVE-2026-48907· Joomla Content Editor (JCE) extension by Widget Factory unpatched
High
PAN-OS GlobalProtect Authentication Bypass via Forged Cookie (CVE-2026-0257)
CVE-2026-0257· Palo Alto Networks PAN-OS — GlobalProtect portal and gateway (also affects certain Prisma Access deployments) unpatched
Critical
SP Page Builder (Joomla) Unauthenticated File Upload RCE (CVE-2026-48908)
CVE-2026-48908· SP Page Builder extension for Joomla (joomshaper.net) patched
Critical
libssh2 SSH Packet Length OOB Heap Write / Unauthenticated RCE (CVE-2026-55200)
CVE-2026-55200· libssh2 (SSH client library) patched
Critical
GNU Inetutils telnetd Unauthenticated Root RCE via NEW-ENVIRON (CVE-2026-24061)
CVE-2026-24061· GNU Inetutils telnetd patched
Critical
GeoVision GV-I/O Box 4E DVRSearch Unauthenticated Stack Buffer Overflow RCE (CVE-2026-12485)
CVE-2026-12485· GeoVision GV-I/O Box 4E (Linux-based smart embedded I/O device) patched
Critical
Splunk Enterprise Pre-Auth RCE via PostgreSQL Sidecar (CVE-2026-20253)
CVE-2026-20253· Splunk Enterprise patched
Critical
Check Point Remote Access VPN IKEv1 Auth Bypass (CVE-2026-50751)
CVE-2026-50751· Check Point Remote Access VPN / Mobile Access / Spark Firewall patched
Critical
Netlogon CLDAP Stack Buffer Overflow (CVE-2026-41089)
CVE-2026-41089· Microsoft Windows Netlogon (Domain Controller CLDAP path) patched
Critical
Drupal Core PostgreSQL SQL Injection (CVE-2026-9082)
CVE-2026-9082 / SA-CORE-2026-004· Drupal Core unpatched
Critical
TossUp — TerraMaster TOS Unauthenticated Redis Root RCE + NFS LPE
N/A (vendor confirmed TOS4 is EOL; no fix planned)· TerraMaster TOS3_A1.0 4.2.41, Redis 4.0.10 unpatched
High
Chrome WebGPU Use-After-Free (CVE-2026-5281)
CVE-2026-5281· Google Chrome / Chromium WebGPU (Dawn backend) unpatched
Critical
ToolShell - SharePoint Unauthenticated RCE Chain
CVE-2025-53770, CVE-2025-53771, CVE-2025-49704, CVE-2025-49706· Microsoft SharePoint Server patched
Critical
React2Shell - Next.js RSC Unauthenticated RCE
CVE-2025-55182· Next.js (App Router with React Server Components), React patched
Critical
Palo Alto PAN-OS GlobalProtect Unauthenticated RCE (CVE-2024-3400)
CVE-2024-3400· Palo Alto Networks PAN-OS GlobalProtect gateway patched
Low
Next.js x-nextjs-data Cache Poisoning (CVE-2026-44572)
CVE-2026-44572· Next.js Pages Router (redirect handling via middleware or next.config.js) patched
High
Next.js WebSocket Upgrade SSRF (Self-Hosted) (CVE-2026-44578)
CVE-2026-44578· Next.js standalone router server (next start) unpatched
High
Next.js RSC Server-Action DoS via Flight Deserialization (CVE-2026-23870)
CVE-2026-23870· Next.js App Router (React server-action / RSC reply parser) unpatched
Medium
Next.js RSC Response Cache Poisoning (CVE-2026-44576)
CVE-2026-44576· Next.js App Router deployments using React Server Components (RSC) behind shared caches patched
Low
Next.js RSC Cache-Busting Weak Hash Collision (CVE-2026-44582)
CVE-2026-44582· Next.js App Router patched
Medium
Next.js Image Optimization API OOM DoS (Self-Hosted) (CVE-2026-44577)
CVE-2026-44577· Next.js Image Optimization API (/_next/image) on self-hosted deployments unpatched
High
Next.js i18n Middleware Bypass (CVE-2026-44573)
CVE-2026-44573· Next.js Pages Router with i18n configuration unpatched
High
Next.js Dynamic Route Injection Auth Bypass (CVE-2026-44574)
CVE-2026-44574· Next.js App Router with dynamic route segments and middleware-based access control unpatched
Medium
Next.js CSP Nonce Cache-Poisoned XSS (CVE-2026-44581)
CVE-2026-44581· Next.js App Router applications using CSP nonces patched
High
Next.js Cache Components Connection Exhaustion DoS (CVE-2026-44579)
CVE-2026-44579· Next.js applications using Cache Components / Partial Prerendering (PPR) patched
Medium
Next.js beforeInteractive Script XSS (CVE-2026-44580)
CVE-2026-44580· Next.js applications using next/script with strategy="beforeInteractive" patched
High
Next.js App Router Segment-Prefetch Middleware Bypass (CVE-2026-44575)
CVE-2026-44575· Next.js App Router applications that rely on middleware.ts matchers to protect routes patched
Critical
Jenkins CLI Arbitrary File Read to RCE (CVE-2024-23897)
CVE-2024-23897· Jenkins controller (CLI endpoint) unpatched
Critical
Ivanti Connect Secure Pre-Auth RCE (Stack Overflow)
CVE-2025-0282· Ivanti Connect Secure, Ivanti Policy Secure, Ivanti ZTA Gateways unpatched
Critical
IngressNightmare - Kubernetes Ingress-NGINX Unauthenticated RCE
CVE-2025-1974 (primary); also CVE-2025-1097, CVE-2025-1098, CVE-2025-24514· Kubernetes Ingress-NGINX Controller (ingress-nginx) unpatched
Critical
Fortinet FortiManager FortiJump Unauthenticated RCE (CVE-2024-47575)
CVE-2024-47575· Fortinet FortiManager / FortiManager Cloud (fgfmd daemon) unpatched
Critical
Fortinet FortiCloud SSO Authentication Bypass
CVE-2025-59718, CVE-2025-59719 (Advisory: FG-IR-25-647)· Fortinet FortiOS, FortiProxy, FortiSwitchManager (FortiCloud SSO feature) unpatched
Critical
Erlang/OTP SSH Pre-Auth RCE - CVE-2025-32433
CVE-2025-32433· Erlang/OTP SSH server daemon patched
Critical
Confluence SSTI RCE - CVE-2023-22527
CVE-2023-22527· Atlassian Confluence Data Center and Confluence Server patched
Critical
Apache httpd mod_http2 Double-Free Pre-Auth RCE - CVE-2026-23918
CVE-2026-23918· Apache HTTP Server (httpd) with mod_http2 patched
Critical
Windows OLE Zero-Click RCE via Outlook RTF (CVE-2025-21298)
CVE-2025-21298· Microsoft Windows OLE (ole32.dll) as reached by Outlook/Word RTF parsing patched
Critical
VMware vCenter Server DCE/RPC Heap Overflow RCE (CVE-2024-37079)
CVE-2024-37079· VMware vCenter Server patched
Critical
Palo Alto PAN-OS Management Interface Authentication Bypass (CVE-2025-0108)
CVE-2025-0108· Palo Alto Networks PAN-OS management web interface patched
High
OpenSSH regreSSHion Signal-Handler Race Unauthenticated RCE (CVE-2024-6387)
CVE-2024-6387· OpenSSH server daemon (sshd) on glibc-based Linux patched
Critical
Fortinet FortiOS SSL VPN Unauthenticated RCE (CVE-2024-21762)
CVE-2024-21762· Fortinet FortiOS SSL VPN (sslvpnd) patched
Critical
Fortinet FortiOS / FortiProxy Authentication Bypass (CVE-2024-55591)
CVE-2024-55591· Fortinet FortiOS/FortiProxy management interfaces unpatched
Critical
cPanel & WHM Authentication Bypass via Session-File CRLF Injection (CVE-2026-41940)
CVE-2026-41940· cPanel & WHM patched
Critical
Citrix NetScaler CitrixBleed 2 Session Token Disclosure (CVE-2025-5777)
CVE-2025-5777· Citrix NetScaler ADC / NetScaler Gateway login interface patched
High
Chrome CSSFontFeatureValuesMap Use-After-Free (CVE-2026-2441)
CVE-2026-2441· Google Chrome / Chromium-based browsers (Blink CSS engine) unpatched
Critical
Next.js Corrupt Middleware Auth Bypass (CVE-2025-29927)
CVE-2025-29927· Next.js (Vercel) patched
Critical
LDAP Nightmare — Windows LDAP Client RCE/DoS (CVE-2024-49113)
CVE-2024-49113· Microsoft Windows LDAP client / Netlogon interaction path patched
Critical
HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2021-31166)
CVE-2021-31166· Microsoft Windows HTTP Protocol Stack (http.sys) patched
High
BlueDucky — Unauthenticated Peering Leading to Code Execution (CVE-2023-45866)
CVE-2023-45866· Bluetooth HID host implementations vulnerable to CVE-2023-45866 patched
Critical
NGINX Rift — Heap Buffer Overflow RCE (CVE-2026-42945)
CVE-2026-42945· NGINX Open Source / NGINX Plus unpatched
Critical
Dirty Frag: Linux XFRM/RxRPC Page Cache Write Chain LPE
CVE-2026-43500, CVE-2026-43284· Linux kernel patched