AI PoC Generator & CVE Exploit Database

We aggregate public proof-of-concept (PoC) code from GitHub and the security community, and use a Shenlong Agent (LLM-based) pipeline to generate technical PoC walk-throughs for high-severity CVEs. Public PoCs are free; AI-generated PoCs are a Pro / Pro+ feature. Each entry links back to its source CVE detail page for full context, references, and patches.

最新 POC 列表

Public POCs are scraped from GitHub / security community. AI Exclusive POCs are generated by Shenlong Agent — paid content.Public POCs are scraped from GitHub / security community. AI Exclusive POCs are generated by Shenlong Agent — paid content.

Shenlong AI Exclusive POCs are paid content. Logged-in users get 3 free unlocks/month; upgrade to Pro for unlimited access.Shenlong AI Exclusive POCs are paid content. Logged-in users get 3 free unlocks/month; upgrade to Pro for unlimited access. Log in / View plans

CVE-2026-30851Caddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege Escalation AI Paid

kimi-k2.5 · 13952 chars · 2026-04-24 08:37

查看详情

CVE-2026-28286ZimaOS: Unauthorized Creation of Files/Folders in Restricted System Directories via API AI Paid

kimi-k2.5 · 11900 chars · 2026-04-24 08:31

查看详情

CVE-2026-32300Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information AI Paid

kimi-k2.5 · 9264 chars · 2026-04-24 08:31

查看详情

CVE-2026-32299Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature AI Paid

kimi-k2.5 · 8901 chars · 2026-04-24 08:31

查看详情

CVE-2026-4269Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit AI Paid

kimi-k2.5 · 12183 chars · 2026-04-24 08:31

查看详情

Goal Reached Thanks to every supporter — we hit 100%!

AI PoC Generator & CVE Exploit Database

最新 POC 列表

CVE-2026-29778pyLoad: Arbitrary File Write via Path Traversal in edit_package() AI Paid

CVE-2025-63909Cohesity TranZman 安全漏洞 AI Paid

CVE-2026-32276Connect-CMS has Arbitrary Code Execution by an Authenticated User in its Code Study Plugin AI Paid

CVE-2026-4252Tenda AC8 IPv6 check_is_ipv6 ip address for authentication AI Paid

CVE-2026-4237itsourcecode Free Hotel Reservation System index.php sql injection AI Paid

CVE-2026-30855WeKnora: Broken Access Control in Tenant Management AI Paid

CVE-2026-21882theshit's Improper Privilege Dropping Allows Local Privilege Escalation via Command Re-execution AI Paid

CVE-2026-32277Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View AI Paid

CVE-2026-23489Fields GLPI plugin vulnerable to RCE in dropdown generation AI Paid

CVE-2026-28678dsa-hub-server: Clear-Text Storage of Sensitive Data AI Paid

CVE-2026-30832Soft Serve: SSRF via unvalidated LFS endpoint in repo import AI Paid

CVE-2026-32278Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin AI Paid

CVE-2025-64427ZimaOS is vulnerable to Server-Side Request Forgery (SSRF) AI Paid

CVE-2026-27962Authlib JWS JWK Header Injection: Signature Verification Bypass AI Paid

CVE-2026-4254Tenda AC8 HTTP Endpoint SysToolChangePwd doSystemCmd stack-based overflow AI Paid

CVE-2026-30851Caddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege Escalation AI Paid

CVE-2026-28286ZimaOS: Unauthorized Creation of Files/Folders in Restricted System Directories via API AI Paid

CVE-2026-32300Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information AI Paid

CVE-2026-32299Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature AI Paid

CVE-2026-4269Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit AI Paid