36 CVE security advisories tagged "state:has-public-poc" with AI Chinese analysis, CVSS, references and POCs.
The tag "state:has-public-poc" signifies that a specific Common Vulnerabilities and Exposures identifier has been confirmed to have a publicly available proof-of-concept exploit. This designation is critical because it transitions a theoretical flaw into an immediate, actionable threat, allowing attackers to validate the vulnerability’s existence and impact without needing to reverse-engineer the underlying code. Consequently, the risk profile escalates significantly, as the barrier to entry for exploitation drops dramatically, enabling both malicious actors and security researchers to demonstrate the breach. Typical scenarios involve critical remote code execution or privilege escalation flaws where developers can no longer claim ignorance of the exploitability. For organizations, this tag serves as a high-priority alert, necessitating immediate patching or mitigation strategies to prevent active exploitation in the wild, thereby reducing the window of opportunity for adversaries to compromise systems before official fixes are deployed.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-11310 | Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findFileServerPage.do findFileServerPage sql injection — Data Leakage Prevention System 天锐数据泄露防护系统CWE-89 | 7.3 | High | 2025-10-05 |
| CVE-2025-9398 | YiFang CMS Migrate.php exportInstallTable information disclosure — CMSCWE-200 | 5.3 | Medium | 2025-08-24 |
| CVE-2025-7831 | code-projects Church Donation System Tithes.php sql injection — Church Donation SystemCWE-89 | 7.3 | High | 2025-07-19 |
| CVE-2024-36401 | Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver — geoserverCWE-95 | 9.8 | Critical | 2024-07-01 |
| CVE-2023-3892 | Unsafe XML parsing of 3rd party DICOM private tags may lead to XXE — MIM AssistantCWE-611 | 5.6 | Medium | 2023-09-19 |
| CVE-2020-29656 | ASUS RT-AC88U 信息泄露漏洞 — n/a | 9.1 | - | 2020-12-09 |
Vulnerabilities classified as state:has-public-poc represent 36 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.