Are the PoCs on this site free to access?

Public PoCs aggregated from GitHub and the security community are freely accessible. AI-generated PoC analyses produced by Shenlong Agent are a Pro / Pro+ premium feature, requiring a paid subscription.

AI PoC Generator & CVE Exploit Database

Q: What is a CVE PoC (Proof of Concept)?

A CVE PoC (Proof of Concept) is a piece of code or technique that demonstrates how a specific vulnerability (CVE) can be exploited. Security researchers and penetration testers use PoCs to verify whether a vulnerability actually exists in a target system and to understand the potential impact.

Q: How does the AI-generated PoC work?

Shenlong Agent analyzes CVE descriptions, references, and patch diffs using a large language model pipeline. It generates a structured technical walk-through including vulnerability root cause, exploitation steps, and mitigation recommendations — covering high-severity CVEs within hours of disclosure.

We aggregate public proof-of-concept (PoC) code from GitHub and the security community, and use a Shenlong Agent (LLM-based) pipeline to generate technical PoC walk-throughs for high-severity CVEs. Public PoCs are free; AI-generated PoCs are a Pro / Pro+ feature. Each entry links back to its source CVE detail page for full context, references, and patches.

Latest POC List

Public POCs are scraped from GitHub / security community. AI Exclusive POCs are generated by Shenlong Agent — paid content.

Shenlong AI Exclusive POCs are paid content. Logged-in users get 3 free unlocks/month; upgrade to Pro for unlimited access. Log in / View plans

CVE-2026-3945Tinyproxy 安全漏洞 AI Paid

Qwen3.6-35B-A3B · 7293 chars · 2026-05-09 19:02

Goal Reached Thanks to every supporter — we hit 100%!

AI PoC Generator & CVE Exploit Database

Latest POC List

CVE-2026-3945Tinyproxy 安全漏洞 AI Paid

CVE-2026-41589Wish has SCP Path Traversal that allows arbitrary file read/write AI Paid

CVE-2026-5044Belkin F9K1122 Setting formSetSystemSettings stack-based overflow AI Paid

CVE-2022-28607ISIC 安全漏洞 AI Paid

CVE-2026-5035code-projects Accounting System Parameter view_work.php sql injection AI Paid

CVE-2026-5019code-projects Simple Food Order System Parameter all-orders.php sql injection AI Paid

CVE-2026-5018code-projects Simple Food Order System Parameter register-router.php sql injection AI Paid

CVE-2026-5016elecV2 elecV2P URL mock eAxios server-side request forgery AI Paid

CVE-2026-5012elecV2 elecV2P rpc pm2run os command injection AI Paid

CVE-2026-5017code-projects Simple Food Order System Parameter all-tickets.php sql injection AI Paid

CVE-2026-5002PromtEngineer localGPT LLM Prompt server.py _route_using_overviews injection AI Paid

CVE-2026-4248Ultimate Member <= 2.11.2 - Authenticated (Contributor+) Sensitive Information Exposure to Account Takeover via Shortcode Template Tag AI Paid

CVE-2026-33980Azure Data Explorer MCP Server: KQL Injection in multiple tools allows MCP client to execute arbitrary Kusto queries AI Paid

CVE-2026-33989@mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools AI Paid

CVE-2026-33943Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code AI Paid

CVE-2026-34226Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies AI Paid

CVE-2026-33941Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options AI Paid

CVE-2026-33940Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial AI Paid

CVE-2026-33939Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation AI Paid

CVE-2026-33937Handlebars.js has JavaScript Injection via AST Type Confusion AI Paid

Frequently Asked Questions