Exploit Search

PoC Search Engine

AI Enriched

Search specific CVE exploits enriched with AI vulnerability analysis.

Found 31342 Vulnerabilities with Exploits
CVE-2026-20253 CISA KEV ACTIVE

Arbitrary File Operations in PostgreSQL Sidecar Service

Severity CRITICAL
9.8

AI Intelligence Analysis

Target Stack Splunk / Splunk Enterprise, Splunk Cloud Platform
Splunk Enterprise <10.2.4 Splunk Enterprise <10.0.7 Splunk Cloud Platform <10.4.2604.3 Splunk Cloud Platform <10.2.2510.14
Impact Vector Arbitrary File Operations
Authentication PRE-AUTH
CVE-2026-23479

Remote Code Execution via Use-After-Free in Redis client unblock flow

Severity HIGH
7.7

AI Intelligence Analysis

Target Stack Redis / redis-server
>=7.2.0 <8.6.3
Impact Vector RCE
Authentication Authenticated
CVE-2026-41490

SQL Injection in I/O Managers

Severity HIGH
8.3

AI Intelligence Analysis

Target Stack Dagster / Dagster Core
<1.13.1
Impact Vector SQLi
Authentication Authenticated
CVE-2026-43512

Apache Tomcat Digest Authentication Bypass (DEPRECATED)

Severity CRITICAL
9.8

AI Intelligence Analysis

Target Stack Apache / Tomcat
>=11.0.0-M1 <=11.0.21 >=10.1.0-M1 <=10.1.54 >=9.0.0.M1 <=9.0.117 >=8.5.0 <=8.5.100 <7.0.0
Impact Vector Auth Bypass
Authentication PRE-AUTH
CVE-2026-44289

protobufjs: Stack exhaustion via nested data decoding

Severity HIGH
7.5

AI Intelligence Analysis

Target Stack protobufjs / protobufjs
<7.5.6 <8.0.2
Impact Vector DoS
Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/HORKimhab/CVE-2026-442_
CVE-2026-44290

Protobufjs Prototype Pollution (Process Corruption)

Severity HIGH
7.5

AI Intelligence Analysis

Target Stack protobufjs / protobufjs
<7.5.6 <8.0.2
Impact Vector RCE/DoS
Authentication Authenticated

Verified Exploits (1)

GitHub https://github.com/HORKimhab/CVE-2026-442_
CVE-2026-44291

Protobufjs Prototype Pollution (Code Injection)

Severity HIGH
8.1

AI Intelligence Analysis

Target Stack protobufjs / protobufjs
<7.5.6 <8.0.2
Impact Vector Code Injection
Authentication Authenticated

Verified Exploits (1)

GitHub https://github.com/HORKimhab/CVE-2026-442_
CVE-2026-44295

protobufjs-cli Unsafe JavaScript Identifier Generation

Severity HIGH
8.7

AI Intelligence Analysis

Target Stack protobuf.js / protobufjs-cli
<1.2.1 <2.0.2
Impact Vector Code Injection
Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/HORKimhab/CVE-2026-442_
CVE-2026-4883

Piotnet Forms Arbitrary File Upload leading to RCE

Severity CRITICAL
9.8

AI Intelligence Analysis

Target Stack Piotnet Forms / Piotnet Forms plugin for WordPress
<=2.1.40
Impact Vector RCE
Authentication PRE-AUTH
CVE-2026-48962

Arbitrary Code Execution in IO::Compress for Perl

Severity HIGH
7.3

AI Intelligence Analysis

Target Stack Perl / IO::Compress
<2.220
Impact Vector RCE
Authentication PRE-AUTH
CVE-2026-8054

SQL Injection in dotCMS Core Publish Audit API

Severity CRITICAL
10.0

AI Intelligence Analysis

Target Stack dotCMS / Core
>=25.11.04-1 <=26.04.28-02
Impact Vector SQLi
Authentication Authenticated

Verified Exploits (1)

GitHub https://github.com/Mr-xn/CVE-2026-8054
CVE-2026-8809

Privilege Escalation via Validation Bypass in ACF: Extended

Severity CRITICAL
9.8

AI Intelligence Analysis

Target Stack WordPress / Advanced Custom Fields: Extended
<=0.9.2.5
Impact Vector Privilege Escalation
Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/izxci/CVE-2026-8809
CVE-2025-11262

Stored Cross-Site Scripting in Link Whisper Free plugin

Severity HIGH
7.2

AI Intelligence Analysis

Target Stack WordPress / Link Whisper Free plugin
<=0.9.0
Impact Vector XSS
Authentication PRE-AUTH
CVE-2024-52011

Arbitrary Command Execution in launch-editor via file argument

Severity HIGH
7.5

AI Intelligence Analysis

Target Stack launch-editor authors / launch-editor
<2.9.0 vite <5.4.9
Impact Vector Arbitrary Command Execution
Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/HORKimhab/CVE-2024-52011
CVE-2026-49777

Improper Validation of Specified Quantity in Product Slider Pro for WooCommerce

Severity CRITICAL
10.0

AI Intelligence Analysis

Target Stack ShapedPlugin, LLC / Product Slider Pro for WooCommerce
<3.5.3
Impact Vector RCE
Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/izxci/CVE-2026-49777
CVE-2026-48611

Account Hijacking via OAuth improper authentication checks

Severity CRITICAL
9.8

AI Intelligence Analysis

Target Stack /
Impact Vector Account Takeover
Authentication Authenticated
CVE-2026-45447

Use-After-Free in PKCS#7/S/MIME Signature Verification

Severity HIGH
8.8

AI Intelligence Analysis

Target Stack OpenSSL / OpenSSL
Impact Vector RCE
Authentication PRE-AUTH
CVE-2026-11417

OS Command Injection in NodejsFunction Bundling Pipeline

Severity HIGH
7.0

AI Intelligence Analysis

Target Stack aws-cdk-lib / aws-cdk-lib
<2.245.0 Windows <2.246.0
Impact Vector RCE
Authentication Authenticated
CVE-2026-42647

JoomSport Blind SQL Injection

Severity CRITICAL
9.3

AI Intelligence Analysis

Target Stack Beardev / JoomSport
<=5.7.7
Impact Vector SQLi
Authentication Authenticated
CVE-2026-25089

OS Command Injection in FortiSandbox

Severity CRITICAL
9.8

AI Intelligence Analysis

Target Stack Fortinet / FortiSandbox
>=5.0.0, <=5.0.5 >=4.4.0, <=4.4.8 >=4.2.0, <4.3.0
Impact Vector RCE
Authentication Authenticated
1 2 3 4 5