PoC-in-GitHub RSS

CVE-2026-0740 (2026-04-07) whattheslime/CVE-2026-0740

Wed, 08 Apr 2026 03:34:14 +0900

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_Uploads::handle_upload' function in all versions up to, and including, 3.3.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The vulnerability was partially patched in version 3.3.25 and fully patched in version 3.3.27.
[GitHub]Ninja Forms File Uploads <= 3.3.26 - Unauthenticated Arbitrary File Upload to RCE (CVE-2026-0740)

CVE-2025-55182 (2025-12-03) kaxm23/CVE-2025-55182-Auto-Scanner

Fri, 10 Apr 2026 20:07:12 +0900

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
[GitHub]CVE-2025-55182 Auto Scanner - Improved Version For authorized CTF/testing purposes only

CVE-2025-5548 (2025-06-04) CryptoMachio/CVE-2025-5548

Fri, 10 Apr 2026 20:19:44 +0900

A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component NOOP Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
[GitHub]Estudio técnico de la vulnerabilidad CVE-2025-5548

CVE-2025-55182 (2025-12-03) kaxm23/rust-cve-2025-55182-scanner

Fri, 10 Apr 2026 20:49:46 +0900

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
[GitHub]powerfull rust cve-2025-55182-scanner used for ctf & ethical purpose only

CVE-2021-22911 (2021-05-27) roshanrajbanshi/rocketcat-cve-2021-22911-exploit

Fri, 10 Apr 2026 18:16:26 +0900

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
[GitHub]CVE-2021-22911 Rocket.Chat NoSQL Injection RCE Exploit - Educational Purpose

CVE-2026-34197 (2026-04-07) hg0434hongzh0/CVE-2026-34197

Fri, 10 Apr 2026 10:29:12 +0900

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String). An authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ All: before 5.19.4,
[GitHub]POC

CVE-2026-33033 (2026-04-07) ch4n3-yoon/CVE-2026-33033-PoC

Fri, 10 Apr 2026 11:04:12 +0900

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `MultiPartParser` allows remote attackers to degrade performance by submitting multipart uploads with `Content-Transfer-Encoding: base64` including excessive whitespace. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.
[GitHub]A PoC script for demonstrating CVE-2026-33033

CVE-2025-55182 (2025-12-03) masterwok/CVE-2025-55182-React2Shell-PoC

Fri, 10 Apr 2026 12:34:25 +0900

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
[GitHub]Proof-of-concept exploit for CVE-2025-55182 (React2Shell)

CVE-2026-5530 (2026-04-05) davidrxchester/CVE-2026-5530

Fri, 10 Apr 2026 12:52:57 +0900

A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
[GitHub]POC for CVE-2026-5530 - SSRF via Ollama Pull/Push API

CVE-2026-35584 (2026-04-07) LeonardoNovais7/CVE-2026-35584

Fri, 10 Apr 2026 13:49:07 +0900

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET /thread/read/{conversation_id}/{thread_id} does not require authentication and does not validate whether the given thread_id belongs to the given conversation_id. This allows any unauthenticated attacker to mark any thread as read by passing arbitrary IDs, enumerate valid thread IDs via HTTP response codes (200 vs 404), and manipulate opened_at timestamps across conversations (IDOR). This vulnerability is fixed in 1.8.212.
[GitHub]POC - CVE-2026-35584