Yep. It's the term for basically a demonstration of a claim. "Huh, this part of the program code looks like it's vulnerable to a buffer overflow, so I'll write a script designed to get the malicious data into the right place inside the programs dataflow pathway to prove that it's actually vulnerable."

You can have a perfectly legitimate, critical vulnerability without providing a working POC. However, then it's up to debate. "Is it really a problem? Is it even possible to sneak the payload past the various checks to get it into position? Hmm, it's hart to tell... perhaps it isn't." But show up with a working POC and it's hard to argue that it's not a real vulnerability. "I don't think that's actually reachable." "Boom, crash." "Oh. I guess it is."