Exploit Search

PoC Search Engine

AI Enriched

Search specific CVE exploits enriched with AI vulnerability analysis.

Found 31342 Vulnerabilities with Exploits
CVE-2026-11551

Privilege Escalation via Account Takeover in Branda WordPress Plugin

Severity CRITICAL
9.8

AI Intelligence Analysis

Target Stack WordPress / Branda plugin
<=3.4.29
Impact Vector Privilege Escalation, Account Takeover
Authentication Authenticated
CVE-2026-42530

NGINX Open Source HTTP/3 QUIC module Use-after-Free

Severity CRITICAL
9.2

AI Intelligence Analysis

Target Stack NGINX / NGINX Open Source
Impact Vector RCE
Authentication PRE-AUTH
CVE-2026-49345

Server-Side Request Forgery (SSRF) in Mercator

Severity MEDIUM
5.3

AI Intelligence Analysis

Target Stack Mercator / Mercator
<2025.05.19
Impact Vector SSRF
Authentication Authenticated
CVE-2026-49344

Authorization Bypass in Mercator Query Engine

Severity HIGH
7.1

AI Intelligence Analysis

Target Stack Mercator / Mercator
<2025.05.19
Impact Vector Information Disclosure
Authentication Authenticated
CVE-2026-7515

Local File Inclusion in BetterDocs Pro

Severity CRITICAL
9.8

AI Intelligence Analysis

Target Stack / BetterDocs Pro
<=3.8.0
Impact Vector RCE
Authentication PRE-AUTH
CVE-2026-42055

NGINX proxy modules Heap-based Buffer Overflow

Severity CRITICAL
9.2

AI Intelligence Analysis

Target Stack NGINX / NGINX Plus, NGINX Open Source
Impact Vector RCE
Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/HORKimhab/CVE-2026-42055
CVE-2026-50656

Elevation of Privilege in Microsoft Defender

Severity HIGH
7.8

AI Intelligence Analysis

Target Stack Microsoft / Microsoft Malware Protection Engine
Impact Vector EoP
Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/0xBlackash/CVE-2026-50656
CVE-2025-66391

Citrix Cloud Read-Only Account Unauthorized Action

Severity HIGH
8.8

AI Intelligence Analysis

Target Stack Citrix / Citrix Cloud
Impact Vector Unauthorized Action
Authentication Authenticated
CVE-2025-26240

JavaScript execution and file exfiltration in python-pdfkit

Severity HIGH
8.4

AI Intelligence Analysis

Target Stack JazzCore / python-pdfkit
=1.0.0
Impact Vector RCE/File Exfiltration
Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/Habuon/CVE-2025-26240
CVE-2026-47774

Denial of Service via Excessive Memory Consumption in HTTP/2 Header Processing

Severity HIGH
7.5

AI Intelligence Analysis

Target Stack Envoy / Envoy
<1.35.11 <1.36.7 <1.37.3 <1.38.1
Impact Vector DoS
Authentication Authenticated
CVE-2026-49083

Privilege Escalation in LatePoint

Severity HIGH
7.5

AI Intelligence Analysis

Target Stack / LatePoint
<=5.5.1
Impact Vector PrivEsc
Authentication PRE-AUTH
CVE-2026-49060

Incorrect Privilege Assignment in Hippoo Mobile App for WooCommerce

Severity CRITICAL
9.8

AI Intelligence Analysis

Target Stack Hippoo / Mobile App for WooCommerce
<=1.9.4
Impact Vector vb
Authentication Authenticated
CVE-2026-49952

Authentication Bypass

Severity CRITICAL
9.3

AI Intelligence Analysis

Target Stack Discuz! / X5.0
>=20260320 <=20260501
Impact Vector Authentication Bypass
Authentication Authenticated

Verified Exploits (1)

GitHub https://github.com/passwa11/CVE-2026-49952
CVE-2026-49105

PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms

Severity CRITICAL
9.8

AI Intelligence Analysis

Target Stack / WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
<=1.1.4
Impact Vector RCE
Authentication Authenticated

Verified Exploits (1)

GitHub https://github.com/izxci/CVE-2026-49105
CVE-2026-49085

PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms

Severity CRITICAL
9.8

AI Intelligence Analysis

Target Stack / WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
<=1.1.4
Impact Vector RCE
Authentication Authenticated

Verified Exploits (1)

GitHub https://github.com/izxci/CVE-2026-49085
CVE-2026-49104

PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms

Severity CRITICAL
9.8

AI Intelligence Analysis

Target Stack / Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms
<=1.2.1
Impact Vector RCE
Authentication Authenticated

Verified Exploits (1)

GitHub https://github.com/izxci/CVE-2026-49104-
CVE-2026-9691

Unauthenticated PHP Object Injection in Integration for ActiveCampaign

Severity CRITICAL
9.8

AI Intelligence Analysis

Target Stack / Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms
<= 1.1.1
Impact Vector PHP Object Injection
Authentication Authenticated

Verified Exploits (1)

GitHub https://github.com/izxci/CVE-2026-9691
CVE-2026-46331

Linux kernel net/sched partial COW leading to page cache corruption

Severity UNKNOWN
0.0

AI Intelligence Analysis

Target Stack Linux / kernel
Impact Vector vb
Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/sgkdev/packet_edit_meme
CVE-2026-47291

Integer overflow in Windows HTTP.sys

Severity CRITICAL
9.8

AI Intelligence Analysis

Target Stack Microsoft / Windows HTTP.sys
Impact Vector RCE
Authentication PRE-AUTH
CVE-2026-49160

HTTP/2 Uncontrolled Resource Consumption DoS

Severity HIGH
7.5

AI Intelligence Analysis

Target Stack / HTTP/2
Impact Vector DoS
Authentication Authenticated
1 2 3 4 5