Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
71,062 exploits
GitHub PoC
CVE-2025-5947 WordPress Service Finder Bookings ≤ 6.0 Exploit
Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie
63RISK
open ↗VulnCheck XDB
initial-access
Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection
63RISK
open ↗GitHub PoC
HAERIN-L/POC_CVE-2026-46716
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
48RISK
open ↗GitHub PoC
CVE-2026-0257 - PAN-OS
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open ↗Exploit-DB
YAMCS yamcs-core 5.12.7 - LDAP Injection
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RISK
open ↗VulnCheck XDB
initial-access
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RISK
open ↗GitHub PoC
Python POC, Exploit for CVE-2026-29000
pac4j-jwt JwtAuthenticator Authentication Bypass
48RISK
open ↗GitHub PoC★ 7
CVE-2025-38352 kernel exploit for LG webOS Smart TVs (ARM64). Achieves persistent root on real consumer hardware with novel exploitation techniques. Responsibly disclosed to LG.
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
71RISK
open ↗GitHub PoC
vishvacyber/Detection-Tool-Kit-for-CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗Exploit-DB
MikroORM 7.0.13 - SQL Injection
MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys
41RISK
open ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
net: skbuff: preserve shared-frag marker during coalescing
41RISK
open ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open ↗Exploit-DB
Langflow 1.3.0 - Remote Code Execution
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
68RISK
open ↗GitHub PoC★ 2
akashsingh0454/CVE-2026-0257-PoC
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open ↗Exploit-DB
Prodigy Commerce 3.3.0 - Local File Inclusion
Prodigy Commerce <= 3.3.0 - Unauthenticated Local File Inclusion via parameters[template_name]
63RISK
open ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RISK
open ↗Exploit-DB
CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
CubeCart: Reflected XSS in Store Search Bar
33RISK
open ↗GitHub PoC★ 26
Proof-of-concept script to leverage the PAN-OS GlobalProtect authentication bypass CVE-2026-0257
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open ↗VulnCheck XDB
remote-with-credentials
Active Directory Domain Services Elevation of Privilege Vulnerability
100RISK
open ↗GitHub PoC
An LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule. The username parameter is inserted directly into LDAP search filters without RFC 4515 escaping, allowing authentication bypass.
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RISK
open ↗GitHub PoC
Automated CVE-2022-26923 Exploitation (Certifried)
Active Directory Domain Services Elevation of Privilege Vulnerability
100RISK
open ↗GitHub PoC
Professional TryHackMe Simple CTF walkthrough covering enumeration, CMS Made Simple SQL Injection (CVE-2019-9053), credential recovery, SSH access, privilege escalation via Vim, and root compromise.
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISK
open ↗GitHub PoC
P1 W8 S22 - Metasploit Samba CVE-2007-2447 Exploitation
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RISK
open ↗GitHub PoC
Technical report about CVE-2022-22947 in Spring Cloud Gateway and its exploitation through exposed Actuator endpoints.
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RISK
open ↗VulnCheck XDB
initial-access
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB be
60RISK
open ↗GitHub PoC★ 1
Safely detect whether a UniFi Network Application controller is vulnerable to CVE-2026-22557
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network App
68RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.