Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
71,114 exploits
GitHub PoC
PoC exploit for CVE-2026-23744 — unauthenticated RCE in MCPJam Inspector via unvalidated serverConfig command injection on /api/mcp/connect, enabling reverse shell as process owner without credentials.
CVE-2026-23744CRITICAL03 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
GitHub PoC1
Real-World Simulation: FTP Service Exploitation (ProFTPD CVE-2015-3306)
CVE-2015-330603 Jun 2026
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RISK
open
GitHub PoC2
Shcesama/cve-2023-4863-analysis
CVE-2023-4863HIGHunder attack03 Jun 2026
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to
93RISK
open
GitHub PoC18
CVE-2026-50343 InstallService StaticPluginMap EoP - standard user to SYSTEM
CVE-2026-50343HIGH03 Jun 2026
Microsoft Install Service Elevation of Privilege Vulnerability
41RISK
open
GitHub PoC
CVE-2026-9256 Nginx heap buffer overflow POC
CVE-2026-9256CRITICAL03 Jun 2026
NGINX ngx_http_rewrite_module vulnerability
48RISK
open
GitHub PoC1
Add go CVE-2026-43284 / CVE-2026-43500 (dirtyfrag) local privilege escalation exploit
CVE-2026-43284HIGH03 Jun 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
GitHub PoC
DanieleGiovanardi2408/cve-2024-36401-geoserver-rce
CVE-2024-36401CRITICALunder attack03 Jun 2026
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RISK
open
GitHub PoC1
PoC of CVE-2026-49943
CVE-2026-49943MEDIUM03 Jun 2026
CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matchi
33RISK
open
GitHub PoC3
Reproducible Docker lab for CVE-2024-21182 — Oracle WebLogic T3/IIOP OpaqueReference JNDI injection → unauthenticated RCE (CVE-2023-21839 patch-bypass family). One-command validate.sh.
CVE-2023-21839HIGHunder attack02 Jun 2026
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-8206CRITICAL02 Jun 2026
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RISK
open
VulnCheck XDB
info-leak
CVE-2021-43798HIGHunder attack02 Jun 2026
Grafana path traversal
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL02 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL02 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL02 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
GitHub PoC2
Mass exploitation tool for CVE-2026-8206 – Unauthenticated Privilege Escalation via 'handle_forgot_password' in Kirki WordPress plugin (≤6.0.6).
CVE-2026-8206CRITICAL02 Jun 2026
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RISK
open
GitHub PoC6
CVE-2026-41089
CVE-2026-41089CRITICAL02 Jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RISK
open
GitHub PoC
"A professional walkthrough of HTB: Shocker. Demonstrates remote directory fuzzing to discover CGI scripts, manual exploitation of the Shellshock vulnerability (CVE-2014-6271), and privilege escalation via misconfigured Sudo Perl permissions using GTFOBins vectors."
CVE-2014-6271CRITICALunder attack02 Jun 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISK
open
GitHub PoC2
Script para comprobar si la vulnerabilidad de Linux CIFSwitch (CVE-2026-46243) nos afecta. Detecta configuraciones potencialmente vulnerables y mitigaciones sin ejecutar exploits.
CVE-2026-46243HIGH02 Jun 2026
smb: client: reject userspace cifs.spnego descriptions
41RISK
open
GitHub PoC
CVE-2026-31525 - Draft
CVE-2026-31525HIGH02 Jun 2026
bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
41RISK
open
GitHub PoC
MrR0b0t19/CVE-2026-23744-PoC
CVE-2026-23744CRITICAL02 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
GitHub PoC
Performed a Full & Fast vulnerability assessment using OpenVAS against Metasploitable2, identified the critical vsftpd Backdoor vulnerability (CVE-2011-2523), and developed containment, remediation, and incident response documentation.
CVE-2011-252302 Jun 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISK
open
GitHub PoC1
This utility was created during research involving MCPJam v1.4.2. The application exposes an API endpoint that accepts a server configuration object. Under certain conditions, insufficient validation may allow unintended command execution.
CVE-2026-23744CRITICAL02 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
GitHub PoC
Okymi-X/CVE-2021-43798
CVE-2021-43798HIGHunder attack02 Jun 2026
Grafana path traversal
100RISK
open
GitHub PoC
CVE-2026-23744 Proof-of-concept.
CVE-2026-23744CRITICAL02 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
GitHub PoC
entr0pie/demo-cve-2022-22947
CVE-2022-22947CRITICALunder attack02 Jun 2026
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RISK
open
GitHub PoC3
Reproducible Docker lab for CVE-2024-21182 — Oracle WebLogic T3/IIOP OpaqueReference JNDI injection → unauthenticated RCE (CVE-2023-21839 patch-bypass family). One-command validate.sh.
CVE-2024-21182HIGHunder attack02 Jun 2026
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
83RISK
open
GitHub PoC
Ez4rd1x1/CVE-2026-8181
CVE-2026-8181CRITICAL02 Jun 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open
GitHub PoC
Dhananjayasj/CVE-2026-34156-NocoBase-Sandbox-Escape-via-Workflow-Execution-Vulnerability-
CVE-2026-34156CRITICAL02 Jun 2026
NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node
75RISK
open
GitHub PoC
Mender Server - Authenticated Path Traversal to RCE
CVE-2026-49009LOW02 Jun 2026
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
28RISK
open
GitHub PoC
jenniferreire26/CVE-2026-39987
CVE-2026-39987CRITICALunder attack02 Jun 2026
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISK
open
previouspage 36 / 2,371next

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.