This repository serves as a comprehensive knowledge base for vulnerability Proofs of Concept (PoCs), targeting security researchers, penetration testers, and developers. It aims to consolidate and organize a vast collection of known vulnerabilities and their corresponding PoCs, facilitating learning and security assessment.

How It Works

The project functions as a curated repository of vulnerability information, categorized by software type (e.g., CMS, OA products, middleware, operating systems, databases, network devices) and specific CVEs or vulnerability types. Each entry typically includes the affected software, version, vulnerability type (e.g., SQL injection, RCE, XSS), and often a brief description or reference to the exploit. The organization by category and CVE allows for efficient searching and discovery of relevant security information.

Quick Start & Requirements

This repository is a knowledge base and does not require installation or execution of code. It is intended for informational purposes.

Highlighted Details

• Contains over 1,000 documented vulnerabilities across a wide range of software categories.
• Includes vulnerabilities affecting popular CMS, OA products, middleware, operating systems, databases, and network devices.
• References numerous CVEs and common vulnerability types like RCE, SQL Injection, XSS, and path traversal.
• Organized into logical categories for easy navigation and research.

Maintenance & Community

The project is maintained by Threekiii. It references other community-driven vulnerability resources like PeiQi-WIKI-Book, Vulhub, and Metarget, indicating a connection to broader security research communities.

Licensing & Compatibility

The repository's content is for educational and research purposes only. The README includes a disclaimer prohibiting illegal use, unauthorized penetration testing, or commercial exploitation. Specific licensing for the collected vulnerability data is not explicitly stated, but the nature of the content implies a focus on educational sharing rather than a permissive software license.

Limitations & Caveats

The repository is a collection of information and does not provide tools for exploitation or automated scanning. Users are solely responsible for their actions and must adhere to legal regulations. The accuracy and completeness of all listed vulnerabilities are dependent on the original sources.