PoC Week 2025-06-02


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-48828 Severity: 9.0 CRITICAL Impacted Products: Vbulletin 6.0.3 Description: Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine.…
Read more ⟶

PoC Week 2025-05-26


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-31324 Severity: 9.8 CRITICAL Impacted Products: SAP NetWeaver Visual Composer Metadata Uploader Description: SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system.…
Read more ⟶

PoC Week 2025-05-19


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-31324 Severity: 9.8 CRITICAL Impacted Products: SAP NetWeaver Visual Composer Metadata Uploader Description: SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system.…
Read more ⟶

PoC Week 2025-05-12


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-7399 Severity: 7.5 HIGH Impacted Products: Samsung MagicINFO 9 Server version <= 21.…
Read more ⟶

PoC Week 2025-05-05


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-32433 Severity: 10 CRITICAL Impacted Products: OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20 Description: Erlang/OTP is a set of libraries for the Erlang programming language.…
Read more ⟶

PoC Week 2025-04-28


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-32433 Severity: 10 CRITICAL Impacted Products: OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20 Description: Erlang/OTP is a set of libraries for the Erlang programming language.…
Read more ⟶

PoC Week 2025-04-14


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-3248 Severity: 9.8 CRITICAL Impacted Products: Langflow versions prior to 1.3.0 Description: Code injection in the /api/v1/validate/code endpoint.…
Read more ⟶

PoC Week 2025-04-07


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-29891 & CVE-2025-27636 Severity: Awaiting analysis Impacted Products: Apache Camel: from 4.…
Read more ⟶

PoC Week 2025-03-31


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2025-1974 Severity: 9.3 CRITICAL Impacted Products: Kubernetes ingress-nginx, various versions Description: A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller.…
Read more ⟶

PoC Week 2025-03-24


The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. Older CVEs, trivially exploitable vulnerabilities (such as using hard-coded credentials) and those affecting open source projects with very small userbases aren’t listed. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-8999 Severity: 9.8 CRITICAL Impacted Products: lunary-ai/lunary version v1.4.25 Description: improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint.…
Read more ⟶