Pocland-db

8 exploits Active since Mar 2022
CVE-2026-48778 GITHUB python WORKING POC
Notepad++ 8.9.6 - Arbitrary Code Execution
3 stars
CVE-2026-29000 GITHUB CRITICAL python WORKING POC
pac4j-jwt <4.5.9/5.7.9/6.3.3 - Auth Bypass
pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators.
3 stars
CVSS 9.1
CVE-2024-36991 GITHUB HIGH python WORKING POC
Splunk 9.0.0-9.0.9 - Path Traversal via /modules/messaging/ Endpoint
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
3 stars
CVSS 7.5
CVE-2025-55182 GITHUB CRITICAL c++ WORKING POC
React Server Components <19.2.0 - RCE
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
3 stars
CVSS 10.0
CVE-2023-23752 GITHUB MEDIUM c++ WORKING POC
Joomla! 4.0.0-4.2.7 - Unauthenticated Improper Access Control in Webservice Endpoints
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
3 stars
CVSS 5.3
CVE-2024-23897 GITHUB CRITICAL c++ WORKING POC
Jenkins cli Ampersand Replacement Arbitrary File Read
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
3 stars
CVSS 9.8
CVE-2022-25012 GITHUB MEDIUM c WORKING POC
Argus Surveillance DVR 4.0 - Inadequate Encryption Strength
Argus Surveillance DVR v4.0 employs weak password encryption.
3 stars
CVSS 5.5
CVE-2024-23897 GITHUB CRITICAL c WORKING POC
Jenkins cli Ampersand Replacement Arbitrary File Read
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
3 stars
CVSS 9.8