Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
71,062 exploits
GitHub PoC
CVE-2025-5947 WordPress Service Finder Bookings ≤ 6.0 Exploit
CVE-2025-5947CRITICAL30 May 2026
Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie
63RISK
open
VulnCheck XDB
initial-access
CVE-2026-42589CRITICAL30 May 2026
Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection
63RISK
open
GitHub PoC
HAERIN-L/POC_CVE-2026-46716
CVE-2026-46716CRITICAL30 May 2026
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
48RISK
open
GitHub PoC3
CVE-2026-0257
CVE-2026-0257HIGHunder attack30 May 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open
GitHub PoC
CVE-2026-0257 - PAN-OS
CVE-2026-0257HIGHunder attack30 May 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open
Exploit-DB
YAMCS yamcs-core 5.12.7 - LDAP Injection
CVE-2026-42568MEDIUMwebappsmultiple30 May 2026
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RISK
open
VulnCheck XDB
initial-access
CVE-2024-36401CRITICALunder attack30 May 2026
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RISK
open
GitHub PoC
Python POC, Exploit for CVE-2026-29000
CVE-2026-29000CRITICAL30 May 2026
pac4j-jwt JwtAuthenticator Authentication Bypass
48RISK
open
VulnCheck XDB
initial-access
CVE-2024-21413CRITICALunder attack30 May 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RISK
open
GitHub PoC7
CVE-2025-38352 kernel exploit for LG webOS Smart TVs (ARM64). Achieves persistent root on real consumer hardware with novel exploitation techniques. Responsibly disclosed to LG.
CVE-2025-38352HIGHunder attack30 May 2026
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
71RISK
open
GitHub PoC
vishvacyber/Detection-Tool-Kit-for-CVE-2026-31431
CVE-2026-31431HIGHunder attack29 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
Exploit-DB
MikroORM 7.0.13 - SQL Injection
CVE-2026-44680HIGHwebappsmultiple29 May 2026
MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys
41RISK
open
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-46300HIGHlocallinux29 May 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISK
open
VulnCheck XDB
initial-access
CVE-2026-0257HIGHunder attack29 May 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-43284HIGHlocallinux29 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
Exploit-DB
Langflow 1.3.0 - Remote Code Execution
CVE-2026-0770CRITICAL29 May 2026
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
68RISK
open
GitHub PoC2
akashsingh0454/CVE-2026-0257-PoC
CVE-2026-0257HIGHunder attack29 May 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open
Exploit-DB
Prodigy Commerce 3.3.0 - Local File Inclusion
CVE-2026-0926CRITICAL29 May 2026
Prodigy Commerce <= 3.3.0 - Unauthenticated Local File Inclusion via parameters[template_name]
63RISK
open
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-43500HIGHlocallinux29 May 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RISK
open
Exploit-DB
CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
CVE-2026-44376MEDIUMwebappsmultiple29 May 2026
CubeCart: Reflected XSS in Store Search Bar
33RISK
open
GitHub PoC26
Proof-of-concept script to leverage the PAN-OS GlobalProtect authentication bypass CVE-2026-0257
CVE-2026-0257HIGHunder attack29 May 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2022-26923HIGHunder attack29 May 2026
Active Directory Domain Services Elevation of Privilege Vulnerability
100RISK
open
GitHub PoC1
writeup
CVE-2026-8697HIGH29 May 2026
Improper Authentication Rate Limiting on TP-Link's Archer C64
41RISK
open
GitHub PoC
An LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule. The username parameter is inserted directly into LDAP search filters without RFC 4515 escaping, allowing authentication bypass.
CVE-2026-42568MEDIUM29 May 2026
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RISK
open
GitHub PoC
Automated CVE-2022-26923 Exploitation (Certifried)
CVE-2022-26923HIGHunder attack29 May 2026
Active Directory Domain Services Elevation of Privilege Vulnerability
100RISK
open
GitHub PoC
Professional TryHackMe Simple CTF walkthrough covering enumeration, CMS Made Simple SQL Injection (CVE-2019-9053), credential recovery, SSH access, privilege escalation via Vim, and root compromise.
CVE-2019-905329 May 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISK
open
GitHub PoC
P1 W8 S22 - Metasploit Samba CVE-2007-2447 Exploitation
CVE-2007-244729 May 2026
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RISK
open
GitHub PoC
Technical report about CVE-2022-22947 in Spring Cloud Gateway and its exploitation through exposed Actuator endpoints.
CVE-2022-22947CRITICALunder attack29 May 2026
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RISK
open
VulnCheck XDB
initial-access
CVE-2017-1263529 May 2026
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB be
60RISK
open
GitHub PoC1
Safely detect whether a UniFi Network Application controller is vulnerable to CVE-2026-22557
CVE-2026-22557CRITICAL29 May 2026
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network App
68RISK
open
previouspage 39 / 2,369next

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.