Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
13,086 exploits
GitHub PoC
kaleth4/CVE-2021-4045
CVE-2021-4045CRITICAL11 Jun 2026
TP-LINK Tapo C200 remote code execution vulnerability
70RISK
open
GitHub PoC
CVE-2026-45447 - Draft
CVE-2026-45447HIGH11 Jun 2026
Heap Use-After-Free in the PKCS7_verify() Function
41RISK
open
GitHub PoC
anirudhmakkar/cve-2026-7665
CVE-2026-7665MEDIUM11 Jun 2026
Essential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX Handler
33RISK
open
GitHub PoC1
CVE-2026-11645
CVE-2026-11645HIGHunder attack11 Jun 2026
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitra
71RISK
open
GitHub PoC
CVE-2026-50507 - Draft
CVE-2026-50507MEDIUM11 Jun 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RISK
open
GitHub PoC
CVE-2026-10795 The UpdraftPlus POC
CVE-2026-10795HIGH11 Jun 2026
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RISK
open
GitHub PoC
leehunkoo/cve-2013-4660_PoC
CVE-2013-466011 Jun 2026
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic
43RISK
open
GitHub PoC
This repository contains a lab validation report and detection artefacts for DirtyFrag CVE-2026-43284, a Linux local privilege escalation issue related to the XFRM/ESP page-cache write path. The focus is on auditd telemetry, event correlation, and SOC-oriented detection logic.
CVE-2026-43284HIGH11 Jun 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
GitHub PoC
xxconi/CVE-2025-6254
CVE-2025-6254CRITICAL11 Jun 2026
Doctreat Core <= 1.6.8 - Unauthenticated Privilege Escalation
48RISK
open
GitHub PoC
Cyber-DarkNay/CVE-2026-45034
CVE-2026-45034CRITICAL11 Jun 2026
PhpSpreadsheet: File::prohibitWrappers bypass
48RISK
open
GitHub PoC
Cyber-DarkNay/CVE-2026-23550
CVE-2026-23550CRITICAL11 Jun 2026
WordPress Modular DS plugin <= 2.5.1 - Privilege Escalation vulnerability
68RISK
open
GitHub PoC
CVE-2026-10795 – UpdraftPlus Authentication Bypass
CVE-2026-10795HIGH11 Jun 2026
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RISK
open
GitHub PoC39
A demonstration of read write using cve-2025-43529 on iOS 26.1
CVE-2025-43529HIGHunder attack11 Jun 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and
71RISK
open
GitHub PoC
From deobfuscating code.js to root, CVE-2023-0386
CVE-2023-0386HIGHunder attack11 Jun 2026
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities wa
86RISK
open
GitHub PoC
Escáner pasivo de seguridad para CVE-2025-55182 que identifica indicadores públicos asociados a Next.js y React Server Components. Realiza validaciones seguras, analiza cabeceras y rutas, y proporciona una evaluación de exposición basada en evidencias sin explotación.
CVE-2025-55182CRITICALunder attackransomware11 Jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
GitHub PoC
CVE-2017-9841 is a Remote Code Execution (RCE) vulnerability in the PHPUnit library affecting versions prior to 5.6.3 and 6.x prior to 6.4.2.
CVE-2017-9841CRITICALunder attack11 Jun 2026
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
100RISK
open
GitHub PoC
Reproduction lab for CVE-2025-29927 — Next.js middleware authorization bypass (CVSS 9.1)
CVE-2025-29927CRITICAL10 Jun 2026
Authorization Bypass in Next.js Middleware
85RISK
open
GitHub PoC1
OSCP like CVE-2025-24893 exploit for Linux XWiki
CVE-2025-24893CRITICALunder attack10 Jun 2026
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISK
open
GitHub PoC
CLI rewrite of the Drupalgeddon2 (CVE-2018-7600) PoC — for authorised testing/education
CVE-2018-7600CRITICALunder attackransomware10 Jun 2026
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISK
open
GitHub PoC
Dhananjayasj/CVE-2025-24813-Apache-Tomcat-Partial-PUT-Deserialization-RCE-
CVE-2025-24813CRITICALunder attack10 Jun 2026
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RISK
open
GitHub PoC1
SolarWinds Serv-U CVE-2026-28318: unauthenticated Content-Encoding: deflate crash. Root-cause analysis (invalid free of an interior pointer -> heap corruption) + DoS-only PoC. Fixed in 15.5.4 Hotfix 1.
CVE-2026-28318HIGHunder attack10 Jun 2026
SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability
76RISK
open
GitHub PoC1
GrayXploit Security research and defensive team validate this toolkit for CVE-2026-0257 (PAN-OS GlobalProtect Authentication Bypass). Includes vulnerability assessment, detection guidance, technical analysis, indicators of compromise (IOCs), and remediation validation resources for security teams and defenders.
CVE-2026-0257HIGHunder attack10 Jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open
GitHub PoC5
CVE-2026-25089 - Fortinet FortiSandbox
CVE-2026-25089CRITICAL10 Jun 2026
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F
53RISK
open
GitHub PoC3
# CVE-2026-11645 - Chrome V8 Out-of-Bounds Read/Write Exploit
CVE-2026-11645HIGHunder attack10 Jun 2026
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitra
71RISK
open
GitHub PoC
CVE-2026-48962 - IO::Compress - Code Execution
CVE-2026-48962HIGH10 Jun 2026
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob
41RISK
open
GitHub PoC2
HTTP.sys RCE
CVE-2026-47291CRITICAL10 Jun 2026
HTTP.sys Remote Code Execution Vulnerability
53RISK
open
GitHub PoC
CVE-2026-44963 - Draft - Veeam
CVE-2026-44963CRITICAL10 Jun 2026
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
48RISK
open
GitHub PoC
**Este código es SOLO para fines educativos y pruebas de seguridad autorizadas.**
CVE-2026-20245HIGHunder attack10 Jun 2026
Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability
76RISK
open
GitHub PoC5
watchtowrlabs/watchTowr-vs-Check-Point-CVE-2026-50751
CVE-2026-50751CRITICALunder attackransomware10 Jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RISK
open
GitHub PoC
1-day exploit for CVE-2026-49417
CVE-2026-49417HIGH10 Jun 2026
Multiple vulnerabilities in the sound(4) mmap path
41RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.