AI PoC Generator & CVE Exploit Database

We aggregate public proof-of-concept (PoC) code from GitHub and the security community, and use a Shenlong Agent (LLM-based) pipeline to generate technical PoC walk-throughs for high-severity CVEs. Public PoCs are free; AI-generated PoCs are a Pro / Pro+ feature. Each entry links back to its source CVE detail page for full context, references, and patches.

最新 POC 列表

Public POCs are scraped from GitHub / security community. AI Exclusive POCs are generated by Shenlong Agent — paid content.Public POCs are scraped from GitHub / security community. AI Exclusive POCs are generated by Shenlong Agent — paid content.

Shenlong AI Exclusive POCs are paid content. Logged-in users get 3 free unlocks/month; upgrade to Pro for unlimited access.Shenlong AI Exclusive POCs are paid content. Logged-in users get 3 free unlocks/month; upgrade to Pro for unlimited access. Log in / View plans

CVE-2026-30240Budibase PWA ZIP Upload Path Traversal Allows Reading Arbitrary Server Files Including All Environment Secrets AI Paid

kimi-k2.5 · 10912 chars · 2026-04-24 06:32

查看详情

CVE-2026-27702Budibase Vulnerable to Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud) AI Paid

kimi-k2.5 · 9168 chars · 2026-04-24 06:31

查看详情

CVE-2026-30975Sonarr Authentication Bypass vulnerability AI Paid

kimi-k2.5 · 9064 chars · 2026-04-24 06:27

查看详情

Goal Reached Thanks to every supporter — we hit 100%!

AI PoC Generator & CVE Exploit Database

最新 POC 列表

CVE-2026-27135nghttp2 Denial of service: Assertion failure due to the missing state validation AI Paid

CVE-2026-29023Keygraph Shannon Hard-coded Router API Key AI Paid

CVE-2026-5550Tenda AC10 httpd fromSysToolChangePwd stack-based overflow AI Paid

CVE-2026-25136Rucio WebUI has a Reflected Cross-site Scripting Vulnerability AI Paid

CVE-2026-33216NATS has MQTT plaintext password disclosure AI Paid

CVE-2026-32321ClipBucket v5 has time-based Blind SQL Injection in ajax.php that leads to Data Exfiltration AI Paid

CVE-2025-62166FreshRSS has an IDOR which allows for viewing feeds of any user and leaking tokens AI Paid

CVE-2026-3272Tenda F453 httpd DhcpListClient fromDhcpListClient buffer overflow AI Paid

CVE-2026-25746OpenEMR has SQL Injection Vulnerability AI Paid

CVE-2026-33218NATS has pre-auth server panic via leafnode handling AI Paid

CVE-2026-25873OmniGen2-RL Reward Server Unsafe Deserialization RCE AI Paid

CVE-2026-30240Budibase PWA ZIP Upload Path Traversal Allows Reading Arbitrary Server Files Including All Environment Secrets AI Paid

CVE-2026-25737Budibase Arbitrary File Upload Leading to Multiple Critical Vulnerabilities (SSRF, Stored XSS) AI Paid

CVE-2026-27706Plane Vulnerable to Full Read SSRF via Favicon Fetching in "Add Link" Feature AI Paid

CVE-2026-4822Enter Software Iperius Backup Backup Service temp file AI Paid

CVE-2026-33217NATS allows MQTT clients to bypass ACL checks AI Paid

CVE-2026-32730ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware AI Paid

CVE-2026-31816Budibase Universal Auth Bypass via Webhook Query Param Injection AI Paid

CVE-2026-27702Budibase Vulnerable to Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud) AI Paid

CVE-2026-30975Sonarr Authentication Bypass vulnerability AI Paid