PoC Week 2026-07-13

Posted on Jul 13, 2026

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. I don’t vouch for any links in this list: follow them with caution.

CVE-2026-56290 NEW

CVE-2026-48282 NEW

  • Severity: 9.8 CRITICAL
  • Impacted Products: Adobe ColdFusion
  • Description: Adobe ColdFusion is affected by a path traversal vulnerability in its Remote Development Services (RDS) component that allows for arbitrary file writes and remote code execution. This flaw enables an unauthenticated attacker to bypass directory restrictions and place malicious files on the host system.
  • Remediation:
  • More Info: NVD - CVE-2026-48282
  • PoC:

CVE-2026-40047 NEW

CVE-2026-8655 NEW

  • Severity: 9.8 CRITICAL
  • Impacted Products: NetScaler ADC, NetScaler Gateway
  • Description: Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if NetScaler ADC is configured as an LB of type Oracle OR NetScaler ADC is configured as a DNS Proxy OR NetScaler ADC is configured as a DNS recursive resolver deployment
  • Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
  • More Info: NVD - CVE-2026-8655
  • PoC:

CVE-2026-8452 NEW

  • Severity: 9.8 CRITICAL
  • Impacted Products: NetScaler ADC, NetScaler Gateway
  • Description: Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server
  • Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
  • More Info: NVD - CVE-2026-8452
  • PoC:

CVE-2026-58138 NEW

  • Severity: 9.8 CRITICAL
  • Impacted Products: Orkes Conductor 3.21.21, Orkes Conductor 3.30.2
  • Description: Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to authentication.
  • Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
  • More Info: NVD - CVE-2026-58138
  • PoC:

CVE-2026-58127 NEW

  • Severity: 9.8 CRITICAL
  • Impacted Products: PACSgear MediaWriter 5.2.1
  • Description: PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET WebClient class methods, an unauthenticated remote attacker can read and write arbitrary files on the host filesystem.
  • Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
  • More Info: NVD - CVE-2026-58127
  • PoC:

CVE-2026-58126 NEW

  • Severity: 9.8 CRITICAL
  • Impacted Products: PACSgear PACS Scan 5.2.1
  • Description: PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement.
  • Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
  • More Info: NVD - CVE-2026-58126
  • PoC:

CVE-2026-58116 NEW

  • Severity: 9.8 CRITICAL
  • Impacted Products: LLaMA-Factory 0.9.5
  • Description: LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into AutoTokenizer.from_pretrained() and AutoModel.
  • Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
  • More Info: NVD - CVE-2026-58116
  • PoC:

CVE-2026-57517 NEW

  • Severity: 9.8 CRITICAL
  • Impacted Products: Control Web Panel (CWP) versions prior to 0.9.8.1225
  • Description: Control Web Panel (CWP) versions prior to 0.9.8.1225 contain a blind SQL injection vulnerability in the user interface portal that allows unauthenticated remote attackers to execute arbitrary SQL queries. Successful exploitation can lead to remote code execution by leveraging database privileges to write malicious files to the server.
  • Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
  • More Info: NVD - CVE-2026-57517
  • PoC:

CVE-2026-51947 NEW

CVE-2026-34038 NEW

CVE-2020-1938

CVE-2026-53359 NEW

CVE-2026-43499 NEW

CVE-2026-39253 NEW

References

This list was scraped from the quite amazing and highly recommended newsletters below:

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.