Are the PoCs on this site free to access?

Public PoCs aggregated from GitHub and the security community are freely accessible. AI-generated PoC analyses produced by Shenlong Agent are a Pro / Pro+ premium feature, requiring a paid subscription.

AI PoC Generator & CVE Exploit Database

Q: What is a CVE PoC (Proof of Concept)?

A CVE PoC (Proof of Concept) is a piece of code or technique that demonstrates how a specific vulnerability (CVE) can be exploited. Security researchers and penetration testers use PoCs to verify whether a vulnerability actually exists in a target system and to understand the potential impact.

Q: How does the AI-generated PoC work?

Shenlong Agent analyzes CVE descriptions, references, and patch diffs using a large language model pipeline. It generates a structured technical walk-through including vulnerability root cause, exploitation steps, and mitigation recommendations — covering high-severity CVEs within hours of disclosure.

We aggregate public proof-of-concept (PoC) code from GitHub and the security community, and use a Shenlong Agent (LLM-based) pipeline to generate technical PoC walk-throughs for high-severity CVEs. Public PoCs are free; AI-generated PoCs are a Pro / Pro+ feature. Each entry links back to its source CVE detail page for full context, references, and patches.

Latest POC List

Public POCs are scraped from GitHub / security community. AI Exclusive POCs are generated by Shenlong Agent — paid content.

Shenlong AI Exclusive POCs are paid content. Logged-in users get 3 free unlocks/month; upgrade to Pro for unlimited access. Log in / View plans

CVE-2026-34564CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS AI Paid

Qwen3.6-35B-A3B · 7522 chars · 2026-05-07 18:46

Goal Reached Thanks to every supporter — we hit 100%!

AI PoC Generator & CVE Exploit Database

Latest POC List

CVE-2026-34564CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS AI Paid

CVE-2026-34560CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS AI Paid

CVE-2026-34563CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS AI Paid

CVE-2026-5320vanna-ai vanna Chat API Endpoint v2 missing authentication AI Paid

CVE-2026-30332Etcher 安全漏洞 AI Paid

CVE-2026-34572CI4MS: Account Deactivation Module Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw) AI Paid

CVE-2026-34571CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise AI Paid

CVE-2026-34570CI4MS: Account Deletion Module Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw) AI Paid

CVE-2026-5322AlejandroArciniegas mcp-data-vis MCP server.js request sql injection AI Paid

CVE-2026-0686Webmention <= 5.6.2 - Unauthenticated Blind Server-Side Request Forgery AI Paid

CVE-2026-5346huimeicloud hm_editor image-to-base64 Endpoint mcp-server.js client.get server-side request forgery AI Paid

CVE-2026-35168OpenSTAManager: SQL Injection via Aggiornamenti Module AI Paid

CVE-2026-28805OpenSTAManager: Time-Based Blind SQL Injection via `options[stato]` Parameter AI Paid

CVE-2026-5334itsourcecode Online Enrollment System Parameter index.php sql injection AI Paid

CVE-2026-33641Glances Vulnerable to Command Injection via Dynamic Configuration Values AI Paid

CVE-2026-33544Tinyauth has OAuth account confusion via shared mutable state on singleton service instances AI Paid

CVE-2026-33746Convoy: JWT Signature Verification Bypass Allows Authentication as Arbitrary Users AI Paid

CVE-2026-34728phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserController AI Paid

CVE-2026-5350Trendnet TEW-657BRM setup.cgi update_pcdb stack-based overflow AI Paid

CVE-2026-5349Trendnet TEW-657BRM setup.cgi add_apcdb stack-based overflow AI Paid

Frequently Asked Questions