Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
71,114 exploits
GitHub PoC
t1ckprivate/CVE-2026-31431-Copy-Fail
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC
t1ckprivate/CVE-2026-43284-Dirty-Frag
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open ↗GitHub PoC
react2shell - CVE-2025-55182 (Next.js: CVE-2025-66478) - Unauthenticated RCE in React Server Components (Flight Protocol) - PoC Exploit
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗GitHub PoC
yurahshell/CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗GitHub PoC
Technical writeup and penetration testing report for CVE-2010-2075, demonstrating UnrealIRCd backdoor exploitation and remediation.
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally
60RISK
open ↗GitHub PoC
Dependency-free interactive Python exploit for the vsftpd 2.3.4 backdoor (CVE-2011-2523).
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISK
open ↗GitHub PoC
react CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗GitHub PoC
CVE-2026-45247 - Draft
Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection
83RISK
open ↗GitHub PoC
0-Click RCE Android Adb TLS Wireless Debugging
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RISK
open ↗VulnCheck XDB
info-leak
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive informatio
60RISK
open ↗GitHub PoC★ 1
Detect-only scanner for CVE-2026-42945 (NGINX Rift), a heap overflow in ngx_http_rewrite_module. Version detection + nginx.conf pattern analysis. Python 3 stdlib-only, no network calls.
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗VulnCheck XDB
info-leak
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor <= 2.8.2 - Unauthenticated SQL Injection
85RISK
open ↗GitHub PoC★ 9
strivepan/ActiveMQ-cve-2026-42588-scanner-gui
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector
41RISK
open ↗GitHub PoC
CVE-2026-23631-Draft
redis-server Lua use-after-free may allow remote code execution
33RISK
open ↗GitHub PoC
Safe read-only version checker + Sigma rule for Redis CVE-2026-23479 (authenticated use-after-free → RCE). Find exposed instances, patch left-of-boom. By DugganUSA.
redis-server use-after-free in unblock client flow may allow remote code execution
41RISK
open ↗GitHub PoC
Piotnet Forms Pro <= 2.1.40 - Unauthenticated Arbitrary File Upload → RCE
Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload
48RISK
open ↗GitHub PoC
CVE-2026-5076 — ARMember Premium <= 7.3.1 Insecure Password Reset Mechanism → Full Admin Account Takeover | Proof of Concept
ARMember Premium <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation
48RISK
open ↗GitHub PoC
Dhananjayasj/CVE-2024-1698-NotificationX-WordPress-Plugin-SQL-Injection-to-Admin-Credential-Extraction
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor <= 2.8.2 - Unauthenticated SQL Injection
85RISK
open ↗GitHub PoC★ 1
horrister/solarwinds-sunburst-cve-2020-10148
SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands
100RISK
open ↗GitHub PoC
CVE-2026-35904 / CVE-2026-35905 / CVE-2026-35906 — Unauth RCE, Hardcoded Root Creds & Telnet Enable in T3 Technology CPE
Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, an
48RISK
open ↗GitHub PoC
HTB Facts is a Easy Linux box featuring Camaleon CMS and MinIO. Gain admin access via open registration and a mass assignment vulnerability, then extract MinIO credentials from admin settings. Use CVE-2024-46987 path traversal to steal an SSH private key, crack its passphrase, and escalate to root by abusing sudo permissions on facter via GTFOBins.
Arbitrary path traversal in Camaleon CMS
61RISK
open ↗GitHub PoC★ 28
HTTP/2 Bomb PoC — CVE-2026-49975 (HPACK indexed reference bomb + flow-control stall)
Apache HTTP Server: mod_http2 denial of service
46RISK
open ↗GitHub PoC
rootdirective-sec/CVE-2026-34234-Lab
CtrlPanel: Unauthenticated RCE using installer script
48RISK
open ↗VulnCheck XDB
initial-access
SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands
100RISK
open ↗GitHub PoC
PoC CVE-2026-8732 (WP Maps Pro <= 6.1.0)
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.