PoC Week 2025-06-23
The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.
For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.
CVE-2025-2783 Severity: 8.3 HIGH Impacted Products: Google Chrome on Windows prior to 134.…
Read more ⟶
PoC Week 2025-06-16
The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.
For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.
CVE-2025-33073 Severity: 8.8 HIGH Impacted Products: Windows, various Description: Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.…
Read more ⟶
PoC Week 2025-06-09
The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.
For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.
CVE-2025-49113 Severity: 9.9 CRITICAL Impacted Products: Roundcube Webmail before 1.5.10 and 1.…
Read more ⟶
PoC Week 2025-06-02
The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.
For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.
CVE-2025-48828 Severity: 9.0 CRITICAL Impacted Products: Vbulletin 6.0.3 Description: Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine.…
Read more ⟶
PoC Week 2025-05-26
The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.
For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.
CVE-2025-31324 Severity: 9.8 CRITICAL Impacted Products: SAP NetWeaver Visual Composer Metadata Uploader Description: SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system.…
Read more ⟶
PoC Week 2025-05-19
The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.
For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.
CVE-2025-31324 Severity: 9.8 CRITICAL Impacted Products: SAP NetWeaver Visual Composer Metadata Uploader Description: SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system.…
Read more ⟶
PoC Week 2025-05-12
The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.
For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.
CVE-2024-7399 Severity: 7.5 HIGH Impacted Products: Samsung MagicINFO 9 Server version <= 21.…
Read more ⟶
PoC Week 2025-05-05
The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.
For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.
CVE-2025-32433 Severity: 10 CRITICAL Impacted Products: OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20 Description: Erlang/OTP is a set of libraries for the Erlang programming language.…
Read more ⟶
PoC Week 2025-04-28
The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.
For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.
CVE-2025-32433 Severity: 10 CRITICAL Impacted Products: OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20 Description: Erlang/OTP is a set of libraries for the Erlang programming language.…
Read more ⟶
PoC Week 2025-04-14
The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed.
For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.
CVE-2025-3248 Severity: 9.8 CRITICAL Impacted Products: Langflow versions prior to 1.3.0 Description: Code injection in the /api/v1/validate/code endpoint.…
Read more ⟶