Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
71,062 exploits
GitHub PoC
TryHackMe SOC Level 1 — Follina CVE-2022-30190, Nim C2, Chisel, PrintSpoofer, backdoor accounts
CVE-2022-30190HIGHunder attackransomware15 Jun 2026
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
denial-of-service
CVE-2021-44228CRITICALunder attackransomware15 Jun 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISK
open
GitHub PoC
kaleth4/CVE-2022-30190
CVE-2022-30190HIGHunder attackransomware14 Jun 2026
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISK
open
GitHub PoC4
CVE-2026-20245
CVE-2026-20245HIGHunder attack14 Jun 2026
Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability
76RISK
open
GitHub PoC1
CVE-2024-3094 XZ Utils backdoor research - attack surface visualiser, system vulnerability checker, and general Linux CVE assessment tool
CVE-2024-3094CRITICAL14 Jun 2026
Xz: malicious code in distributed source
70RISK
open
GitHub PoC
CVE-2025-14847 mongobleed python file
CVE-2025-14847HIGHunder attack14 Jun 2026
Zlib compressed protocol header length confusion may allow memory read
100RISK
open
GitHub PoC1
CVE-2017-0144
CVE-2017-0144HIGHunder attackransomware14 Jun 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open
VulnCheck XDB
info-leak
CVE-2021-41773HIGHunder attackransomware14 Jun 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
GitHub PoC
Python RCE PoC with reverse-shell listener for CVE-2026-42945 (NGINX Rift)
CVE-2026-42945CRITICAL14 Jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
initial-access
CVE-2017-0144HIGHunder attackransomware14 Jun 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open
GitHub PoC
CVE-2026-5513: Bookly <= 27.2 Stored XSS via Cookie (Unauthenticated)
CVE-2026-5513HIGH14 Jun 2026
Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie
41RISK
open
GitHub PoC1
Defensive research notes for CVE-2026-5950, a BIND 9 resolver DoS vulnerability credited to Billy Baraja (BielraX).
CVE-2026-5950MEDIUM14 Jun 2026
Unbounded resend loop in BIND 9 resolver
33RISK
open
VulnCheck XDB
info-leak
CVE-2025-14847HIGHunder attack14 Jun 2026
Zlib compressed protocol header length confusion may allow memory read
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL14 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL14 Jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC
CVE-2026-20253 - Splunk Enterprise
CVE-2026-20253CRITICALunder attack14 Jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RISK
open
GitHub PoC
Apache HTTP Server 2.4.49 Path Traversal Vulnerability Reproduction
CVE-2021-41773HIGHunder attackransomware14 Jun 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
GitHub PoC
webshellseo8/CVE-2026-53787-POC-
CVE-2026-53787CRITICAL14 Jun 2026
Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload
63RISK
open
GitHub PoC
CVE-2026-5513 — Bookly ≤ 27.2 Stored XSS via Cookie
CVE-2026-5513HIGH14 Jun 2026
Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie
41RISK
open
GitHub PoC
rohit-sundar/cve-2026-23744
CVE-2026-23744CRITICAL14 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
GitHub PoC
CVE-2026-20127
CVE-2026-20127CRITICALunder attack14 Jun 2026
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISK
open
GitHub PoC
Remote Code Execution in DbGate via functionName injection in the loadReader endpoint — CVSS 8.8
CVE-2026-48017HIGH13 Jun 2026
DbGate: Remote Code Execution via functionName injection in loadReader endpoint
41RISK
open
GitHub PoC
J1nKsC/CVE-2024-4367_test
CVE-2024-4367MEDIUM13 Jun 2026
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js c
55RISK
open
GitHub PoC
webshellseo8/CVE-2026-1555-POC
CVE-2026-1555CRITICAL13 Jun 2026
WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload
48RISK
open
GitHub PoC3
CVE-2026-20253
CVE-2026-20253CRITICALunder attack13 Jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RISK
open
GitHub PoC1
razureink/cve-2026-49975-http2bomb_reproduction
CVE-2026-49975HIGH13 Jun 2026
Apache HTTP Server: mod_http2 denial of service
46RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware13 Jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
GitHub PoC
rootdirective-sec/CVE-2026-42647-Lab
CVE-2026-42647CRITICAL13 Jun 2026
WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability
63RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2018-9276HIGHunder attack13 Jun 2026
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RISK
open
GitHub PoC
Technical writeup and Proof of Concept (PoC) for CVE-2026-11417: OS Command Injection / Remote Code Execution (RCE) in AWS CDK's NodejsFunction.
CVE-2026-11417HIGH13 Jun 2026
OS Command Injection in NodejsFunction Bundling in aws-cdk-lib
41RISK
open
previouspage 24 / 2,369next

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.