Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
71,062 exploits
GitHub PoC
tematemaru/CVE-2026-31431-simple-test
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC★ 208
CVE-2026-41089 PoC — Netlogon CLDAP stack buffer overflow (CVSS 9.8 CRITICAL)
Windows Netlogon Remote Code Execution Vulnerability
70RISK
open ↗VulnCheck XDB
initial-access
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗GitHub PoC
CVE-2026-8836 — lwIP SNMPv3 stack-based buffer overflow PoC (CVSS 9.8)
lwIP snmpv3 USM snmp_msg.c snmp_parse_inbound_frame stack-based overflow
48RISK
open ↗VulnCheck XDB
info-leak
Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
100RISK
open ↗GitHub PoC
b1nhack/CVE-2024-1086
Use-after-free in Linux kernel's netfilter: nf_tables component
76RISK
open ↗GitHub PoC
Remote Code Execution in MCPJam 1.4.2 and older.
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open ↗GitHub PoC
Dungsocool/CVE-2014-3120
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execut
100RISK
open ↗GitHub PoC
Jeanback1/CVE-2019-9053-exploit
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISK
open ↗GitHub PoC★ 2
CVE-2026-23744 RCE + Privilege Escalation
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open ↗GitHub PoC
This exploit is based on CVE-2023-6553 and was built upon the original exploit by Chocapik, it was added that a direct reverse shell can be obtained.
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RISK
open ↗GitHub PoC★ 1
SrGinebras/CVE-2026-23744-RCE-for-MCPjam-inspector-v1.4.2
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open ↗GitHub PoC
CVE-2026-23744 — Proof of concept exploit for an unauthenticated Remote Code Execution vulnerability in MCPJam Inspector <= 1.4.2.
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open ↗GitHub PoC
kavin-jindal/CVE-2026-48800-PoC
Notepad++: Arbitrary Code Execution via shortcuts.xml UserCommand Injection
41RISK
open ↗VulnCheck XDB
local
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privilege
83RISK
open ↗VulnCheck XDB
initial-access
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RISK
open ↗VulnCheck XDB
initial-access
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execut
100RISK
open ↗GitHub PoC★ 1
Interactive Ruby shell for authorized CVE-2025-55182 (react2shell) testing
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗GitHub PoC
Jeanback1/CVE-2019-0211-exploit
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privilege
83RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.