AI PoC Generator & CVE Exploit Database

We aggregate public proof-of-concept (PoC) code from GitHub and the security community, and use a Shenlong Agent (LLM-based) pipeline to generate technical PoC walk-throughs for high-severity CVEs. Public PoCs are free; AI-generated PoCs are a Pro / Pro+ feature. Each entry links back to its source CVE detail page for full context, references, and patches.

最新 POC 列表

Public POCs are scraped from GitHub / security community. AI Exclusive POCs are generated by Shenlong Agent — paid content.Public POCs are scraped from GitHub / security community. AI Exclusive POCs are generated by Shenlong Agent — paid content.

Shenlong AI Exclusive POCs are paid content. Logged-in users get 3 free unlocks/month; upgrade to Pro for unlimited access.Shenlong AI Exclusive POCs are paid content. Logged-in users get 3 free unlocks/month; upgrade to Pro for unlimited access. Log in / View plans

CVE-2026-41670Admidio: SAML Response Sent to Unvalidated Assertion Consumer Service URL from AuthnRequest AIVerified env Paid

Qwen3.6-35B-A3B · 9457 chars · 2026-05-08 00:43

Goal Reached Thanks to every supporter — we hit 100%!

AI PoC Generator & CVE Exploit Database

最新 POC 列表

CVE-2026-41670Admidio: SAML Response Sent to Unvalidated Assertion Consumer Service URL from AuthnRequest AIVerified env Paid

CVE-2026-33938Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block AIVerified env Paid

CVE-2026-33939Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation AI Paid

CVE-2026-41422Daptin vulnerable to SQL injection via unvalidated goqu.L() calls in aggregate API AI Paid

CVE-2026-41142OpenEXR is Vulnerable to Integer overflow in ImageChannel::resize leads to heap OOB write via OpenEXRUtil public API AI Paid

CVE-2026-33940Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial AI Paid

CVE-2026-33941Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options AI Paid

CVE-2026-34226Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies AI Paid

CVE-2026-33943Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code AI Paid

CVE-2026-41505RELATE: Predictable Token Generation in auth.py and exam.py AI Paid

CVE-2026-33979Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk) AIVerified env Paid

CVE-2026-33989@mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools AI Paid

CVE-2026-33980Azure Data Explorer MCP Server: KQL Injection in multiple tools allows MCP client to execute arbitrary Kusto queries AI Paid

CVE-2026-4248Ultimate Member <= 2.11.2 - Authenticated (Contributor+) Sensitive Information Exposure to Account Takeover via Shortcode Template Tag AI Paid

CVE-2026-41688Incomplete fix for CVE-2026-33399: SSRF in Wallos AIVerified env Paid

CVE-2026-5001PromtEngineer localGPT server.py do_POST unrestricted upload AIVerified env Paid

CVE-2026-5000PromtEngineer localGPT API Endpoint server.py LocalGPTHandler missing authentication AIVerified env Paid

CVE-2026-5002PromtEngineer localGPT LLM Prompt server.py _route_using_overviews injection AI Paid

CVE-2026-5004Wavlink WL-WN579X3-C UPNP firewall.cgi sub_4019FC stack-based overflow AIVerified env Paid

CVE-2026-5012elecV2 elecV2P rpc pm2run os command injection AI Paid