Vulnerabilities
Proof-of-Concept Exploit
Also known as: PoC exploit
Definition
A minimal, often non-weaponized piece of code that demonstrates a vulnerability is real and exploitable, typically published for research or coordinated disclosure.
Examples
- A small Python script that triggers a heap overflow but only prints a debug message.
- A crafted HTTP request that demonstrates blind SSRF without exfiltrating data.
Related terms
Exploit
A piece of code, data, or technique that takes advantage of a vulnerability to cause unintended behaviour such as code execution, privilege escalation, or information disclosure.
Weaponized Exploit
A reliable, fully developed exploit ready for real-world use — typically integrated into malware, intrusion frameworks, or attacker tradecraft.
Vulnerability
A weakness in a system, application, or process that an attacker can exploit to violate confidentiality, integrity, or availability.
CVE (Common Vulnerabilities and Exposures)
A public catalogue that assigns a unique identifier to each disclosed software or hardware vulnerability so they can be referenced unambiguously across the industry.
Penetration Testing
An authorized, simulated cyberattack against systems, applications, or people to identify exploitable weaknesses before real adversaries do.
Server-Side Request Forgery (SSRF)
A web vulnerability that allows an attacker to coerce a server into making HTTP or other network requests on their behalf, often against internal systems.