AI Enriched PoC Intelligence

CVE-2026-46394

OS Command Injection in HAX CMS (PHP backend)

Severity HIGH

7.7

AI Intelligence Analysis

Target Stack HAX CMS / HAX CMS (PHP backend)

<26.0.0

Impact Vector RCE

Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/shreyas-challa/CVE-2026-46394-haxcms-git-command-injection

CVE-2026-46395

Private Key Extraction and JWT Forgery in HAX CMS (Node.js backend)

Severity CRITICAL

9.3

AI Intelligence Analysis

Target Stack HAX CMS / HAX CMS (Node.js backend)

<26.0.0

Impact Vector Account Takeover

Authentication Authenticated

Verified Exploits (1)

GitHub https://github.com/shreyas-challa/CVE-2026-46395-haxcms-hmac-key-leak

CVE-2017-20251

WordPress Insert PHP plugin PHP code injection via REST API

Severity CRITICAL

9.3

AI Intelligence Analysis

Target Stack Insert PHP Plugin Developer / Insert PHP plugin

<3.3.1

Impact Vector RCE

Authentication Authenticated

Verified Exploits (1)

GitHub https://github.com/Polosss/By-Poloss..-..CVE-2017-20251

CVE-2026-48595

Credential Leakage on Cross-Origin Redirects in elixir-tesla tesla

Severity HIGH

8.2

AI Intelligence Analysis

Target Stack elixir-tesla / tesla

>=1.4.0 <1.18.3

Impact Vector Credential Leakage

Authentication Authenticated

Verified Exploits (2)

GitHub https://github.com/jenniferreire26/CVE-2026-48595

GitHub https://github.com/erickando33/CVE-2026-48595

CVE-2026-24849

Arbitrary file read in OpenEMR EtherFaxActions.php

Severity CRITICAL

9.9

AI Intelligence Analysis

Target Stack OpenEMR / OpenEMR

<7.0.4

Impact Vector Arbitrary File Read

Authentication Authenticated

Verified Exploits (2)

Exploit-DB https://www.exploit-db.com/exploits/52610

GitHub https://github.com/doany1/CVE-2026-24849

CVE-2026-11499

Tenda HG7HG9 and HG10 Stack-Based Buffer Overflow

Severity CRITICAL

9.3

AI Intelligence Analysis

Target Stack Tenda / HG7HG9, HG10

300001138_en_xpon

Impact Vector Buffer Overflow

Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/0xBlackash/CVE-2026-11499

CVE-2026-42588

Code Injection via Jolokia JMX-HTTP Bridge

Severity HIGH

8.1

AI Intelligence Analysis

Target Stack Apache / ActiveMQ

<5.19.7 >=6.0.0,<6.2.6

Impact Vector RCE

Authentication Authenticated

Verified Exploits (2)

GitHub https://github.com/Catherines77/ActiveMQ-EXPtools

GitHub https://github.com/hnytgl/CVE-2026-42588

CVE-2025-63389

Critical authentication bypass in Ollama platform API endpoints

Severity CRITICAL

9.8

AI Intelligence Analysis

Target Stack Ollama / Ollama

<=0.12.3

Impact Vector Authentication Bypass

Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/nuclide-research/VisorGoose

CVE-2025-40536 CISA KEV ACTIVE

Security Control Bypass in SolarWinds Web Help Desk

Severity HIGH

8.1

AI Intelligence Analysis

Target Stack SolarWinds / Web Help Desk

Impact Vector Bypass

Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/victoriaalicex/CVE-2025-40536-Analysis

CVE-2026-20980

Improper input validation in PACM

Severity HIGH

7.0

AI Intelligence Analysis

Target Stack Samsung / PACM

Impact Vector RCE

Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/Vikramaditya015/samsung-android-lpe

CVE-2025-62676

Link following vulnerability in Fortinet FortiClientWindows

Severity HIGH

7.1

AI Intelligence Analysis

Target Stack Fortinet / FortiClientWindows

>=7.4.0 <=7.4.4 >=7.2.0 <=7.2.12 >=7.0 <=7.0

Impact Vector Arbitrary File Write

Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/SpacePlant/FortiLPE

CVE-2026-27212

Prototype pollution in Swiper

Severity CRITICAL

9.4

AI Intelligence Analysis

Target Stack Swiper / Swiper

>=6.5.1 <=12.1.1

Impact Vector Authentication Bypass, DoS, RCE

Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/stealths-labs/resize-image-before-upload-secure

CVE-2026-1238

Stored Cross-Site Scripting in SlimStat Analytics plugin

Severity HIGH

7.2

AI Intelligence Analysis

Target Stack SlimStat / SlimStat Analytics plugin

<=5.3.5

Impact Vector XSS

Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/mrk336/Breaking-AWS-IAM-Privilege-Escalation-via-Mis-Evaluated-Policy-Conditions-CVE-2026-1238-

CVE-2026-3300

Remote Code Execution in Everest Forms Pro

Severity CRITICAL

9.8

AI Intelligence Analysis

Target Stack Everest Forms Pro / Everest Forms Pro plugin

<=1.9.12

Impact Vector RCE

Authentication PRE-AUTH

Verified Exploits (2)

GitHub https://github.com/HORKimhab/CVE-2026-3300

GitHub https://github.com/adamshaikhma/CVE-2026-3300

CVE-2026-10580

Hippoo Mobile App Plugin Admin Account Takeover

Severity CRITICAL

9.8

AI Intelligence Analysis

Target Stack Hippoo / Mobile App for WooCommerce plugin (for WordPress)

<=1.9.4

Impact Vector Authentication Bypass, Account Takeover

Authentication Authenticated

Verified Exploits (2)

GitHub https://github.com/Polosss/By-Poloss..-..CVE-2026-10580

GitHub https://github.com/O99099O/By-Poloss..-..CVE-2026-10580

CVE-2026-26179

Double free in Windows Kernel

Severity HIGH

7.8

AI Intelligence Analysis

Target Stack Microsoft / Windows Kernel

Impact Vector Privilege Escalation

Authentication Authenticated

Verified Exploits (1)

GitHub https://github.com/nikosecurity/CVE-2026-26179

CVE-2026-31525

Linux kernel BPF: Undefined behavior in sdiv/smod leading to OOB map access

Severity HIGH

7.8

AI Intelligence Analysis

Target Stack Linux Foundation / Linux Kernel

Impact Vector Out-of-bounds Read/Write

Authentication Authenticated

Verified Exploits (1)

GitHub https://github.com/HORKimhab/CVE-2026-31525

CVE-2026-29198

NoSQL Injection in Rocket.Chat

Severity CRITICAL

9.8

AI Intelligence Analysis

Target Stack Rocket.Chat / Rocket.Chat

<8.3.0 <8.2.1 <8.1.2 <8.0.3 <7.13.5 <7.12.6 <7.11.6 <7.10.9

Impact Vector NoSQLi

Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/hieuminhnv/CVE-2026-29198-POC

CVE-2026-2291

Heap Buffer Overflow in dnsmasq

Severity HIGH

7.3

AI Intelligence Analysis

Target Stack dnsmasq / dnsmasq

Impact Vector DNS cache poisoning, DoS

Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/JianrongXiao-Linksys/dnsmasq-cve-2026

CVE-2026-28990

Memory Handling Issue in watchOS via Malicious Image

Severity HIGH

7.5

AI Intelligence Analysis

Target Stack Apple / watchOS

<26.5

Impact Vector Memory Corruption

Authentication PRE-AUTH

Verified Exploits (1)

GitHub https://github.com/Billy-Ellis/exr-imageio-poc

PoC Search Engine

AI Intelligence Analysis

Verified Exploits (1)

AI Intelligence Analysis

Verified Exploits (1)

AI Intelligence Analysis

Verified Exploits (1)

AI Intelligence Analysis

Verified Exploits (2)

AI Intelligence Analysis

Verified Exploits (2)

AI Intelligence Analysis

Verified Exploits (1)

AI Intelligence Analysis

Verified Exploits (2)

AI Intelligence Analysis

Verified Exploits (1)

AI Intelligence Analysis

Verified Exploits (1)

AI Intelligence Analysis

Verified Exploits (1)

AI Intelligence Analysis

Verified Exploits (1)

AI Intelligence Analysis

Verified Exploits (1)

AI Intelligence Analysis

Verified Exploits (1)

AI Intelligence Analysis

Verified Exploits (2)

AI Intelligence Analysis

Verified Exploits (2)

AI Intelligence Analysis

Verified Exploits (1)

AI Intelligence Analysis

Verified Exploits (1)

AI Intelligence Analysis

Verified Exploits (1)

AI Intelligence Analysis

Verified Exploits (1)

AI Intelligence Analysis

Verified Exploits (1)

Don't Miss Critical Exploits