Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

state:has-public-poc — CVE vulnerabilities tagged 36

36 CVE security advisories tagged "state:has-public-poc" with AI Chinese analysis, CVSS, references and POCs.

The tag "state:has-public-poc" signifies that a specific Common Vulnerabilities and Exposures identifier has been confirmed to have a publicly available proof-of-concept exploit. This designation is critical because it transitions a theoretical flaw into an immediate, actionable threat, allowing attackers to validate the vulnerability’s existence and impact without needing to reverse-engineer the underlying code. Consequently, the risk profile escalates significantly, as the barrier to entry for exploitation drops dramatically, enabling both malicious actors and security researchers to demonstrate the breach. Typical scenarios involve critical remote code execution or privilege escalation flaws where developers can no longer claim ignorance of the exploitability. For organizations, this tag serves as a high-priority alert, necessitating immediate patching or mitigation strategies to prevent active exploitation in the wild, thereby reducing the window of opportunity for adversaries to compromise systems before official fixes are deployed.

CVE IDTitleCVSSSeverityPublished
CVE-2026-8128 SourceCodester SUP Online Shopping viewmsg.php sql injection — SUP Online ShoppingCWE-89 7.3 High2026-05-08
CVE-2026-8116 huangjunsen0406 xiaozhi-mcphub dxtController.ts path traversal — xiaozhi-mcphubCWE-22 6.3 Medium2026-05-07
CVE-2026-8088 OSGeo gdal GDapi.c GDfieldinfo out-of-bounds — gdalCWE-125 3.3 Low2026-05-07
CVE-2026-7700 langflow-ai langflow LambdaFilterComponent lambda_filter.p eval code injection — langflowCWE-94 6.3 Medium2026-05-03
CVE-2026-7691 Wavlink WL-WN570HA1 adm.cgi set_sys_cmd command injection — WL-WN570HA1CWE-77 6.3 Medium2026-05-03
CVE-2026-7679 YunaiV yudao-cloud OAuth2TokenServiceImpl.java getAccessToken improper authentication — yudao-cloudCWE-287 7.3 High2026-05-03
CVE-2026-7645 ruvnet sublinear-time-solver MCP server.js export_state path traversal — sublinear-time-solverCWE-22 6.5 Medium2026-05-02
CVE-2026-7602 JeecgBoot FillRuleUtil edit improper authorization — JeecgBootCWE-285 6.3 Medium2026-05-02
CVE-2026-7553 code-projects Gym Management System edit_exercises.php sql injection — Gym Management SystemCWE-89 4.7 Medium2026-05-01
CVE-2026-7502 LinkStackOrg LinkStack Management Endpoint UserController.php saveLink authorization — LinkStackCWE-639 5.4 Medium2026-04-30
CVE-2026-7388 EyouCMS Template File FilemanagerLogic.php editFile code injection — EyouCMSCWE-94 4.7 Medium2026-04-29
CVE-2026-7234 BrowserOperator browser-operator-core server.js startsWith path traversal — browser-operator-coreCWE-22 7.3 High2026-04-28
CVE-2026-7227 SourceCodester Pizzafy Ecommerce System ajax.php login sql injection — Pizzafy Ecommerce SystemCWE-89 7.3 High2026-04-28
CVE-2026-7093 code-projects Invoice System in Laravel Invoice Endpoint invoice improper authorization — Invoice System in LaravelCWE-285 6.3 Medium2026-04-27
CVE-2026-7081 Tenda F456 httpd GstDhcpSetSer fromGstDhcpSetSer buffer overflow — F456CWE-120 8.8 High2026-04-27
CVE-2026-7063 code-projects Employee Management System Endpoint eprocess.php sql injection — Employee Management SystemCWE-89 7.3 High2026-04-26
CVE-2026-7038 tufantunc ssh-mcp Command Line index.ts insufficiently protected credentials — ssh-mcpCWE-522 3.3 Low2026-04-26
CVE-2026-5557 badlogic pi-mono pi-mom Slack Bot slack.ts authentication bypass — pi-monoCWE-288 6.3 Medium2026-04-05
CVE-2026-5484 BookStackApp BookStack Chapter Export ExportFormatter.php chapterToMarkdown access control — BookStackCWE-284 5.3 Medium2026-04-03
CVE-2026-5320 vanna-ai vanna Chat API Endpoint v2 missing authentication — vannaCWE-306 7.3 High2026-04-02
CVE-2026-5125 raine consult-llm-mcp server.ts child_process.execSync os command injection — consult-llm-mcpCWE-78 5.3 Medium2026-03-30
CVE-2026-4963 huggingface smolagents Incomplete Fix CVE-2025-9959 local_python_executor.py evaluate_with code injection — smolagentsCWE-94 6.3 Medium2026-03-27
CVE-2026-4467 Comfast CF-AC100 mbox-config command injection — CF-AC100CWE-77 4.7 Medium2026-03-20
CVE-2026-4015 GPAC TeXML File load_text.c txtin_process_texml stack-based overflow — GPACCWE-121 5.3 Medium2026-03-12
CVE-2026-1589 itsourcecode School Management System index.php sql injection — School Management SystemCWE-89 7.3 High2026-01-29
CVE-2026-1119 itsourcecode Society Management System delete_activity.php sql injection — Society Management SystemCWE-89 7.3 High2026-01-18
CVE-2025-14096 Credential Disclosure vulnerability in Radiometer Products — ABL90 FLEX and ABL90 FLEX PLUS AnalyzersCWE-798 8.4 High2025-12-17
CVE-2025-13236 itsourcecode Inventory Management System index.php sql injection — Inventory Management SystemCWE-89 6.3 Medium2025-11-16
CVE-2025-12745 QuickJS quickjs.c js_array_buffer_slice buffer over-read — QuickJSCWE-126 5.3 Medium2025-11-05
CVE-2025-11317 Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findSingConfigPage.do findRolePage sql injection — Data Leakage Prevention System 天锐数据泄露防护系统CWE-89 7.3 High2025-10-06

Vulnerabilities classified as state:has-public-poc represent 36 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.