AI PoC Generator & CVE Exploit Database

We aggregate public proof-of-concept (PoC) code from GitHub and the security community, and use a Shenlong Agent (LLM-based) pipeline to generate technical PoC walk-throughs for high-severity CVEs. Public PoCs are free; AI-generated PoCs are a Pro / Pro+ feature. Each entry links back to its source CVE detail page for full context, references, and patches.

最新 POC 列表

Public POCs are scraped from GitHub / security community. AI Exclusive POCs are generated by Shenlong Agent — paid content.Public POCs are scraped from GitHub / security community. AI Exclusive POCs are generated by Shenlong Agent — paid content.

Shenlong AI Exclusive POCs are paid content. Logged-in users get 3 free unlocks/month; upgrade to Pro for unlimited access.Shenlong AI Exclusive POCs are paid content. Logged-in users get 3 free unlocks/month; upgrade to Pro for unlimited access. Log in / View plans

CVE-2026-29789Vito: Cross-project privilege escalation in workflow site-creation actions allows unauthorized server modification AI Paid

kimi-k2.5 · 7480 chars · 2026-04-24 09:04

查看详情

CVE-2026-30827express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting (all IPv4 clients share one bucket on dual-stack servers) AI Paid

kimi-k2.5 · 6660 chars · 2026-04-24 08:56

查看详情

Goal Reached Thanks to every supporter — we hit 100%!

AI PoC Generator & CVE Exploit Database

最新 POC 列表

CVE-2026-29082Kestra: Stored Cross-Site Scripting in Markdown File Preview AI Paid

CVE-2025-63911Cohesity TranZman 安全漏洞 AI Paid

CVE-2026-4212D-Link DNS-1550-04 download_mgr.cgi Downloads_Schedule_Info stack-based overflow AI Paid

CVE-2026-4211D-Link DNS-1550-04 local_backup_mgr.cgi Local_Backup_Info stack-based overflow AI Paid

CVE-2026-29789Vito: Cross-project privilege escalation in workflow site-creation actions allows unauthorized server modification AI Paid

CVE-2026-29091Locutus: Remote Code Execution (RCE) in locutus call_user_func_array due to Code Injection AI Paid

CVE-2026-27833Piwigo: Unauthenticated Information Disclosure via pwg.history.search API AI Paid

CVE-2026-4214D-Link DNS-1550-04 app_mgr.cgi UPnP_AV_Server_Path_Setting stack-based overflow AI Paid

CVE-2026-4213D-Link DNS-1550-04 gui_mgr.cgi cgi_myfavorite_verify stack-based overflow AI Paid

CVE-2026-30242Plane: SSRF via Incomplete IP Validation in Webhook URL Serializer AI Paid

CVE-2026-30244Plane: Unauthenticated Workspace Member Information Disclosure AI Paid

CVE-2026-4226LB-LINK BL-WR9000 get_virtual_cfg sub_44E8D0 stack-based overflow AI Paid

CVE-2026-4223itsourcecode Payroll Management System manage_employee.php sql injection AI Paid

CVE-2026-27885Piwigo: SQL Injection in Activity.getList AI Paid

CVE-2025-14675Meta Box <= 5.11.1 - Authenticated (Contributor+) Arbitrary File Deletion AI Paid

CVE-2026-30827express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting (all IPv4 clients share one bucket on dual-stack servers) AI Paid

CVE-2026-4236itsourcecode Online Enrollment System index.php sql injection AI Paid

CVE-2026-4235itsourcecode Online Enrollment System login.php sql injection AI Paid

CVE-2026-4227LB-LINK BL-WR9000 get_hidessid_cfg sub_44D844 buffer overflow AI Paid

CVE-2026-30834PinchTab: SSRF with Full Response Exfiltration via Download Handler AI Paid