📂 Repository Mission

This repository serves as a curated collection of proof-of-concept (PoC) exploits for vulnerabilities discovered in real-world software, hardware, or services.

📅 Year: 2026

Below are the vulnerabilities cataloged for the year 2026. Each entry includes a direct link to the PoC, the affected product, and the vulnerability class.

#	Product	Vulnerability Type	PoC Link	CVE
1	school-management-system	File Upload to RCE	🔗 View PoC	CVE-2026-5472
2	Online-Appointment-Booking-System	SQL Injection	🔗 View PoC
3	Online-Appointment-Booking-System	SQL Injection 2	🔗 View PoC
4	Online-Appointment-Booking-System	SQL Injection 3	🔗 View PoC
5	classroombookings	Stored XSS	🔗 View PoC
6	php-inventory-management-system	SQL Injection	🔗 View PoC
7	Hotel Booking Management System	Information Disclosure	🔗 View PoC
8	HavenHub	Information Disclosure	🔗 View PoC
9	stock-management	SQL Injection	🔗 View PoC
10	super-merge	Prototype Pollution	🔗 View PoC
11	christopy/mergedeep	Prototype Pollution	🔗 View PoC
12	brikcss/merge	Prototype Pollution	🔗 View PoC
13	object-merger	Prototype Pollution	🔗 View PoC
14	extend-deep	Prototype Pollution	🔗 View PoC
15	Restaurant Food Ordering Management System	Information Disclosure	🔗 View PoC
16	Restaurant Food Ordering Management System	Information Disclosure 2	🔗 View PoC
17	Rabbit	Unauthenticated File Upload	🔗 View PoC
18	Kipa Auction online-auction-system	Arbitrary User Deletion	🔗 View PoC
19	muller	Hardcoded Cryptographic Key	🔗 View PoC