Exploit Search

PoC Search Engine

AI Enriched

Search specific CVE exploits enriched with AI vulnerability analysis.

Found 31342 Vulnerabilities with Exploits
CVE-2026-46716

Nezha Monitoring RCE across tenants

Severity CRITICAL
9.9

AI Intelligence Analysis

Target Stack Nezha Monitoring / Nezha Monitoring
>=1.4.0 <2.0.8
Impact Vector RCE
Authentication Authenticated
CVE-2026-41729

SpEL Expression Injection in Spring Data REST JSON Patch

Severity HIGH
8.1

AI Intelligence Analysis

Target Stack Spring / Spring Data REST
>=3.7.0 <=3.7.19 >=4.3.0 <=4.3.16 >=4.4.0 <=4.4.14 >=4.5.0 <=4.5.11 >=5.0.0 <=5.0.5
Impact Vector SpEL Injection
Authentication Authenticated

Verified Exploits (1)

GitHub https://github.com/daehyuh/CVE-2026-41729
CVE-2026-53435

Arbitrary deserialization leading to RCE

Severity HIGH
8.8

AI Intelligence Analysis

Target Stack Jenkins / Jenkins
<= 2.567 <= 2.555.2
Impact Vector RCE
Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/AmesianX/CVE-2026-53435
CVE-2026-47342

Privilege Escalation

Severity HIGH
8.8

AI Intelligence Analysis

Target Stack Apache / OFBiz
<24.09.07
Impact Vector Privilege Escalation
Authentication Authenticated

Verified Exploits (1)

GitHub https://github.com/lwd3c/CVE-2026-47342
CVE-2026-40987

Arbitrary File Write via Malicious FTP/SFTP/SMB Server

Severity HIGH
7.1

AI Intelligence Analysis

Target Stack Spring Integration / Spring Integration
>=7.0.0 <=7.0.4 >=6.5.0 <=6.5.8 >=6.4.0 <=6.4.11 >=6.3.0 <=6.3.14 >=5.5.0 <=5.5.20
Impact Vector Arbitrary File Write / RCE
Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/daehyuh/CVE-2026-40987
CVE-2026-35273 CISA KEV ACTIVE

Takeover in PeopleSoft Enterprise PeopleTools

Severity CRITICAL
9.8

AI Intelligence Analysis

Target Stack Oracle / PeopleSoft Enterprise PeopleTools
=8.61 =8.62
Impact Vector RCE
Authentication Authenticated
CVE-2026-50751 CISA KEV ACTIVE

IKEv1 Remote Access VPN Authentication Bypass

Severity CRITICAL
9.3

AI Intelligence Analysis

Target Stack /
Impact Vector Authentication Bypass
Authentication Authenticated
CVE-2025-6254

WordPress Doctreat Core Plugin Privilege Escalation

Severity CRITICAL
9.8

AI Intelligence Analysis

Target Stack Doctreat Core / Doctreat Core plugin
<=1.6.8
Impact Vector Privilege Escalation
Authentication Authenticated

Verified Exploits (1)

GitHub https://github.com/xxconi/CVE-2025-6254
CVE-2026-48907 CISA KEV ACTIVE

RCE in JCE editor extension for Joomla

Severity CRITICAL
10.0

AI Intelligence Analysis

Target Stack Joomla / JCE editor extension
Impact Vector RCE
Authentication PRE-AUTH
CVE-2026-49492

Markdown Preview Enhanced OS command injection via external links

Severity HIGH
8.6

AI Intelligence Analysis

Target Stack Markdown Preview Enhanced / Markdown Preview Enhanced
<0.8.28
Impact Vector RCE
Authentication PRE-AUTH
CVE-2026-10520 CISA KEV ACTIVE

Ivanti Sentry OS Command Injection

Severity CRITICAL
10.0

AI Intelligence Analysis

Target Stack Ivanti / Sentry
<R10.5.2 <R10.6.2 <R10.7.1
Impact Vector RCE
Authentication PRE-AUTH
CVE-2026-10523

Ivanti Sentry Authentication Bypass

Severity CRITICAL
9.9

AI Intelligence Analysis

Target Stack Ivanti / Sentry
<R10.5.2 <R10.6.2 <R10.7.1
Impact Vector Authentication Bypass
Authentication PRE-AUTH
CVE-2026-42568

LDAP injection in Yamcs LdapAuthModule

Severity MEDIUM
4.3

AI Intelligence Analysis

Target Stack Yamcs / Yamcs
<5.13.0 <5.12.7
Impact Vector LDAP Injection
Authentication Authenticated
CVE-2026-46522

Infinite Loop and CPU Exhaustion in MIFF Decoder

Severity HIGH
7.5

AI Intelligence Analysis

Target Stack ImageMagick / ImageMagick
<7.1.2.23 <6.9.13-48
Impact Vector DoS
Authentication PRE-AUTH

Verified Exploits (1)

Exploit-DB https://www.exploit-db.com/exploits/52595
CVE-2026-46529

Atril Document Viewer RCE via malicious PDF link

Severity HIGH
8.4

AI Intelligence Analysis

Target Stack Atril / Atril Document Viewer
<1.26.3 <1.28.4
Impact Vector RCE
Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/N1et/CVE-2026-46529
CVE-2026-28318 CISA KEV ACTIVE

Denial of Service in Serv-U via crafted POST request

Severity HIGH
7.5

AI Intelligence Analysis

Target Stack SolarWinds / Serv-U
Impact Vector DoS
Authentication PRE-AUTH
CVE-2026-20245 CISA KEV ACTIVE

Command injection in Cisco Catalyst SD-WAN Manager CLI

Severity HIGH
7.8

AI Intelligence Analysis

Target Stack Cisco / Catalyst SD-WAN Manager
Impact Vector RCE
Authentication Authenticated
CVE-2026-9067

Unauthenticated Arbitrary File Upload in WP & AMP WordPress Plugin

Severity CRITICAL
9.1

AI Intelligence Analysis

Target Stack / Schema & Structured Data for WP & AMP WordPress plugin
<1.60
Impact Vector Arbitrary File Upload
Authentication PRE-AUTH
CVE-2026-44963

Remote Code Execution on Backup Server

Severity CRITICAL
9.4

AI Intelligence Analysis

Target Stack / Backup Server
Impact Vector RCE
Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/HORKimhab/CVE-2026-44963
CVE-2026-25860

Reflected XSS in OpenClinic GA DICOM Upload Handler

Severity MEDIUM
5.3

AI Intelligence Analysis

Target Stack OpenClinic GA / OpenClinic GA
=5.351.19
Impact Vector XSS
Authentication Authenticated
2 3 4 5 6