Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
13,086 exploits
GitHub PoC
CVE-2026-5076 — ARMember Premium <= 7.3.1 Insecure Password Reset Mechanism → Full Admin Account Takeover | Proof of Concept
ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation
48RISK
open ↗GitHub PoC
CVE-2026-23631-Draft
redis-server Lua use-after-free may allow remote code execution
33RISK
open ↗GitHub PoC
YellowKey | BitLocker Bypass Vulnerability (CVE-2026-45585)
Windows BitLocker Security Feature Bypass Vulnerability
33RISK
open ↗GitHub PoC★ 1
Detect-only scanner for CVE-2026-42945 (NGINX Rift), a heap overflow in ngx_http_rewrite_module. Version detection + nginx.conf pattern analysis. Python 3 stdlib-only, no network calls.
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗GitHub PoC
CVE-2026-35904 / CVE-2026-35905 / CVE-2026-35906 — Unauth RCE, Hardcoded Root Creds & Telnet Enable in T3 Technology CPE
Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, an
48RISK
open ↗GitHub PoC★ 1
horrister/solarwinds-sunburst-cve-2020-10148
SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands
100RISK
open ↗GitHub PoC
0-Click RCE Android Adb TLS Wireless Debugging
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RISK
open ↗GitHub PoC★ 1
horrister/log4shell-cve-2021-44228
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISK
open ↗GitHub PoC
HTB Facts is a Easy Linux box featuring Camaleon CMS and MinIO. Gain admin access via open registration and a mass assignment vulnerability, then extract MinIO credentials from admin settings. Use CVE-2024-46987 path traversal to steal an SSH private key, crack its passphrase, and escalate to root by abusing sudo permissions on facter via GTFOBins.
Arbitrary path traversal in Camaleon CMS
61RISK
open ↗GitHub PoC★ 2
Shcesama/cve-2023-4863-analysis
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to
93RISK
open ↗GitHub PoC
Spring Boot app with log4j 2.14.1 (CVE-2021-44228) — VulnFix agent test target
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISK
open ↗GitHub PoC
leehunkoo/hk_CVE-2025-32433
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISK
open ↗GitHub PoC
DanieleGiovanardi2408/cve-2024-36401-geoserver-rce
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RISK
open ↗GitHub PoC★ 1
Real-World Simulation: FTP Service Exploitation (ProFTPD CVE-2015-3306)
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RISK
open ↗GitHub PoC
PoC exploit for CVE-2026-23744 — unauthenticated RCE in MCPJam Inspector via unvalidated serverConfig command injection on /api/mcp/connect, enabling reverse shell as process owner without credentials.
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open ↗GitHub PoC★ 14
CVE-2026-41089 是 Windows Netlogon 服务中一个关键的远程代码执行漏洞,单包即可崩溃 lsass.exe,导致域控制器在约 30-60 秒内重启。此期间该 DC 的所有域认证将失败。
Windows Netlogon Remote Code Execution Vulnerability
70RISK
open ↗GitHub PoC★ 1
Add go CVE-2026-46300 (Fragnesia) local privilege escalation exploit
net: skbuff: preserve shared-frag marker during coalescing
41RISK
open ↗GitHub PoC★ 1
CVE-2025-48595 - Draft
In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to
71RISK
open ↗GitHub PoC★ 1
PoC of CVE-2026-49943
CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matchi
33RISK
open ↗GitHub PoC
A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305.
Totolink N300RH Web Management wireless.so setWiFiBasicConfig stack-based overflow
48RISK
open ↗GitHub PoC
lowilol/CVE-2026-42945-NGINX-Rift-Check-Script
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗GitHub PoC★ 3
Bulk scanning + one-click vulnerability exploitation
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗GitHub PoC★ 1
Rocket.Chat OAuth2 NoSQL Injection
In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability c
48RISK
open ↗GitHub PoC★ 1
Add go CVE-2026-43284 / CVE-2026-43500 (dirtyfrag) local privilege escalation exploit
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open ↗GitHub PoC★ 13
CVE-2026-41089 checker: unauthenticated, non-destructive detection for the Netlogon CLDAP stack buffer overflow (CVSS 9.8). Reports whether a domain controller's domain is long enough to crash, without sending the overflow. The binary-verified analysis the public PoCs got wrong.
Windows Netlogon Remote Code Execution Vulnerability
70RISK
open ↗GitHub PoC★ 3
Palo Alto Networks PAN-OS contains an authentication bypass caused by flaws in the GlobalProtect portal and gateway, letting attackers establish unauthorized VPN connections, exploit requires network access to the portal or gateway.
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open ↗GitHub PoC
Detection script for CIFSwitch - CVE-2026-46243
smb: client: reject userspace cifs.spnego descriptions
41RISK
open ↗GitHub PoC
CVE-2026-9256 Nginx heap buffer overflow POC
NGINX ngx_http_rewrite_module vulnerability
48RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.