Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
13,086 exploits
GitHub PoC
afifudinmtop/MCPJam-Inspector-1.4.2-Remote-Code-Execution-CVE-2026-23744
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open ↗GitHub PoC★ 2
A Go implementation of CIFSwitch (CVE-2026-46243)
smb: client: reject userspace cifs.spnego descriptions
41RISK
open ↗GitHub PoC
Strapi CVE-2026-27886. Leaking sensitive data via relational filtering due to lack of query sanitization
Strapi may leak sensitive data via relational filtering due to lack of query sanitization
48RISK
open ↗GitHub PoC★ 8
p3Nt3st3r-sTAr/CVE-2026-8732-POC
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISK
open ↗GitHub PoC
CVE-2026-8732 - Draft (WordPress)
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISK
open ↗GitHub PoC★ 2
DeepSecurityResearch/CVE-2026-2586
An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user
48RISK
open ↗GitHub PoC
Automated defect verification tool for 6 dnsmasq CVEs (CVE-2026-2291, 4890, 4891, 4892, 4893, 5172)
CVE-2026-2291
41RISK
open ↗GitHub PoC★ 1
Exploits the CVE-2026-0257 vulnerability by forging a GlobalProtect authentication override cookie using the TLS server's public key.
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open ↗GitHub PoC★ 208
CVE-2026-41089 PoC — Netlogon CLDAP stack buffer overflow (CVSS 9.8 CRITICAL)
Windows Netlogon Remote Code Execution Vulnerability
70RISK
open ↗GitHub PoC
PAN-OS: GlobalProtect Authentication Bypass
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open ↗GitHub PoC
CVE-2026-9560 - Draft
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute
48RISK
open ↗GitHub PoC
kavin-jindal/CVE-2026-48800-PoC
Notepad++: Arbitrary Code Execution via shortcuts.xml UserCommand Injection
41RISK
open ↗GitHub PoC
Jeanback1/CVE-2019-9053-exploit
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISK
open ↗GitHub PoC★ 1
Interactive Ruby shell for authorized CVE-2025-55182 (react2shell) testing
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗GitHub PoC
CVE-2026-8836 — lwIP SNMPv3 stack-based buffer overflow PoC (CVSS 9.8)
lwIP snmpv3 USM snmp_msg.c snmp_parse_inbound_frame stack-based overflow
48RISK
open ↗GitHub PoC★ 1
SrGinebras/CVE-2026-23744-RCE-for-MCPjam-inspector-v1.4.2
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open ↗GitHub PoC
b1nhack/CVE-2024-1086
Use-after-free in Linux kernel's netfilter: nf_tables component
76RISK
open ↗GitHub PoC
Remote Code Execution in MCPJam 1.4.2 and older.
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open ↗GitHub PoC
CVE-2024-38475 exploitation & scanning tool with Mullvad VPN rotation
Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
100RISK
open ↗GitHub PoC
This exploit is based on CVE-2023-6553 and was built upon the original exploit by Chocapik, it was added that a direct reverse shell can be obtained.
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RISK
open ↗GitHub PoC
Dungsocool/CVE-2014-3120
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execut
100RISK
open ↗GitHub PoC★ 2
CVE-2026-23744 RCE + Privilege Escalation
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open ↗GitHub PoC
Jeanback1/CVE-2019-0211-exploit
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privilege
83RISK
open ↗GitHub PoC
CVE-2026-23744 — Proof of concept exploit for an unauthenticated Remote Code Execution vulnerability in MCPJam Inspector <= 1.4.2.
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open ↗GitHub PoC
Auditoría de seguridad y análisis de vulnerabilidades (CVE-2014-3566 y CVE-2010-2333) en la infraestructura de red local y router residencial.
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scrip
50RISK
open ↗GitHub PoC
letsr00t/CVE-2026-43494-PinTheft-PoC
net/rds: reset op_nents when zerocopy page pin fails
41RISK
open ↗GitHub PoC
This exploit is based on CVE-2023-27350 and was built upon the original exploit by horizon3ai and the Metasploit module.
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RISK
open ↗GitHub PoC
HAERIN-L/POC_CVE-2026-46716
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
48RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.