PoC Archive PoC Archive

tag

Windows

Medium
VLC Bundled FFmpeg VP9 Decoder Resolution-Change Heap Crash
None assigned as of 2026-07-03· VLC media player, bundled FFmpeg VP9 decoder (plugins/codec/libavcodec_plugin.dll) unpatched
High
System Informer phsvc Trusted-Host Confused Deputy LPE
None assigned as of 2026-07-03· System Informer (Process Hacker successor), phsvc helper process unpatched
High
OpenVPN Connect Server-Pushed Option Current-User Command Execution
None assigned as of 2026-07-03· OpenVPN Connect for Windows unpatched
Critical
libssh2 Publickey Subsystem List Parser Heap Corruption to Code Execution
None assigned as of 2026-07-03· libssh2, publickey subsystem list parser (src/publickey.c) unpatched
High
ImageMagick Ghostscript Delegate Search Path Hijack
None assigned as of 2026-07-03· ImageMagick (Ghostscript delegate for PDF/PS/EPS conversion) on Windows unpatched
High
Flowise Custom MCP Environment Variable Case Bypass
None assigned as of 2026-07-03· Flowise / flowise-components unpatched
High
AnyDesk Printer Pipe COM Impersonation Local Privilege Escalation
None assigned as of 2026-07-03· AnyDesk for Windows 9.7.6 unpatched
High
7-Zip RAR5 Mark-of-the-Web / ADS Full-Chain Bypass
None assigned as of 2026-07-03· 7-Zip 26.01 x64 for Windows unpatched
High
Windows CTFMON Arbitrary Section Object EoP — GreenPlasma (CVE-2026-45586)
CVE-2026-45586· Windows Collaborative Translation Framework (CTFMON service) patched
High
Notepad++ <= 8.9.6 Multiple Vulnerabilities (CVE-2026-48770, CVE-2026-48778, CVE-2026-48800)
CVE-2026-48770, CVE-2026-48778, CVE-2026-48800· Notepad++ unpatched
Medium
Windows NTLM Hash Disclosure via File Explorer - CVE-2025-24054
CVE-2025-24054· Windows File Explorer (Windows Shell) patched
High
Windows MMC MSC EvilTwin - CVE-2025-26633
CVE-2025-26633· Microsoft Management Console (MMC), Windows patched
Critical
ToolShell - SharePoint Unauthenticated RCE Chain
CVE-2025-53770, CVE-2025-53771, CVE-2025-49704, CVE-2025-49706· Microsoft SharePoint Server patched
Critical
Windows OLE Zero-Click RCE via Outlook RTF (CVE-2025-21298)
CVE-2025-21298· Microsoft Windows OLE (ole32.dll) as reached by Outlook/Word RTF parsing patched
Critical
Adobe Acrobat/Reader Prototype Pollution Sandbox Escape (CVE-2026-34621)
CVE-2026-34621· Adobe Acrobat DC / Adobe Acrobat Reader DC / Adobe Acrobat 2024 JavaScript engine sandbox boundary unpatched
High
WinRAR Archive Extraction Path Traversal (CVE-2025-6218)
CVE-2025-6218· WinRAR archive extraction workflow unpatched
High
MiniPlasma - Windows Cloud Files Mini Filter Driver LPE (CVE-2020-17103)
CVE-2020-17103· Windows Cloud Files Mini Filter Driver (cldflt.sys) / cldapi.dll unpatched
Critical
HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2021-31166)
CVE-2021-31166· Microsoft Windows HTTP Protocol Stack (http.sys) patched
High
CVE-2024-21338 — Local Privilege Escalation from Admin to Kernel
CVE-2024-21338· Microsoft Windows AppLocker driver path (\\Device\\AppID) patched