Are the PoCs on this site free to access?

Public PoCs aggregated from GitHub and the security community are freely accessible. AI-generated PoC analyses produced by Shenlong Agent are a Pro / Pro+ premium feature, requiring a paid subscription.

AI PoC Generator & CVE Exploit Database

Q: What is a CVE PoC (Proof of Concept)?

A CVE PoC (Proof of Concept) is a piece of code or technique that demonstrates how a specific vulnerability (CVE) can be exploited. Security researchers and penetration testers use PoCs to verify whether a vulnerability actually exists in a target system and to understand the potential impact.

Q: How does the AI-generated PoC work?

Shenlong Agent analyzes CVE descriptions, references, and patch diffs using a large language model pipeline. It generates a structured technical walk-through including vulnerability root cause, exploitation steps, and mitigation recommendations — covering high-severity CVEs within hours of disclosure.

We aggregate public proof-of-concept (PoC) code from GitHub and the security community, and use a Shenlong Agent (LLM-based) pipeline to generate technical PoC walk-throughs for high-severity CVEs. Public PoCs are free; AI-generated PoCs are a Pro / Pro+ feature. Each entry links back to its source CVE detail page for full context, references, and patches.

Latest POC List

Public POCs are scraped from GitHub / security community. AI Exclusive POCs are generated by Shenlong Agent — paid content.

Shenlong AI Exclusive POCs are paid content. Logged-in users get 3 free unlocks/month; upgrade to Pro for unlimited access. Log in / View plans

CVE-2026-33896Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) AI Paid

Qwen3.6-35B-A3B · 13404 chars · 2026-05-09 16:28

Goal Reached Thanks to every supporter — we hit 100%!

AI PoC Generator & CVE Exploit Database

Latest POC List

CVE-2026-33896Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) AI Paid

CVE-2026-7414Hardcoded credentials in Yarbo robot firmware AI Paid

CVE-2026-32241Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection AI Paid

CVE-2026-4908code-projects Simple Laundry System Parameter modstaffinfo.php sql injection AI Paid

CVE-2026-33747BuildKit vulnerable to malicious frontend causing file escape outside of storage root AI Paid

CVE-2026-33718OpenHands is Vulnerable to Command Injection through its Git Diff Handler AI Paid

CVE-2026-27893vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out AI Paid

CVE-2026-33671Picomatch has a ReDoS vulnerability via extglob quantifiers AI Paid

CVE-2026-33631ClearanceKit: opfilter policy bypass via non-open file operations AI Paid

CVE-2026-33661WeChat Pay callback signature verification bypassed when Host header is localhost AI Paid

CVE-2026-33645Fireshare has Path Traversal Arbitrary File Write in `/api/uploadChunked` AI Paid

CVE-2026-33496Ory Oathkeeper has an authentication bypass by cache key confusion AI Paid

CVE-2026-33530InvenTree Vulnerable to ORM Filter Injection AI Paid

CVE-2025-15488Responsive Plus < 3.4.3 - Unauthenticated Arbitrary Shortcode Execution AI Paid

CVE-2025-54780glpi-screenshot-plugin exposes local files in /ajax/screenshot.php AI Paid

CVE-2026-41588RELATE: Timing Attack Vulnerability in course/auth.py — check_sign_in_key() AI Paid

CVE-2026-33152Tandoor Recipes Vulnerable to Unrestricted Brute-Force via BasicAuthentication AI Paid

CVE-2026-41902FreeScout's user invitation hash never expires: permanent unauthenticated account takeover if invite link leaks AI Paid

CVE-2026-33506DOM-Based XSS in Ory Polis Login Page AI Paid

CVE-2026-5045Tenda FH1201 Parameter WrlclientSet stack-based overflow AI Paid

Frequently Asked Questions