Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
13,086 exploits
GitHub PoC
lwd3c/CVE-2026-46586
Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution
21RISK
open ↗GitHub PoC★ 1
CVE-2026-44578
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISK
open ↗GitHub PoC★ 7
CVE-2026-44578: Next.js WebSocket Upgrade SSRF — pre-auth credential theft via localhost:80. Lab + exploit + audit.
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISK
open ↗GitHub PoC
Apache Axis1.4 远程命令执行漏洞利用工具 - CVE-2019-0227,支持随机化服务名和Webshell文件名
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2
45RISK
open ↗GitHub PoC
Free NGINX Rift CVE-2026-42945 detector for version, rewrite config, ASLR, crash logs, and exploitation indicators.
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗GitHub PoC★ 17
nginx CVE scanner + RCE exploit framework (CVE-2026-42945 + 16 others)
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗GitHub PoC
Source-built nginx 1.25.5 container with backported CVE-2026-42945 fix, OpenSSL bump, full provenance chain, and VEX attestation.
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗GitHub PoC
Safe Python scanner for CVE-2025-20362 (Cisco ASA/FTD WebVPN Authentication Bypass)
Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Softwar
100RISK
open ↗GitHub PoC
Safe Python scanner for CVE-2020-3452 (Cisco ASA/FTD WebVPN Directory Traversal)
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability
100RISK
open ↗GitHub PoC
Intentionally vulnerable Log4j 2.14.1 demo for Sysdig CNAPP scanning (CVE-2021-44228)
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISK
open ↗GitHub PoC
Zero-dependency CLI scanner for npm/PyPI supply chain compromises. Detects compromised packages in lockfiles and system-level IOCs from attacks like Mini Shai-Hulud (CVE-2026-45321).
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISK
open ↗GitHub PoC★ 1
This exploit is based on CVE-2021-33393 and was built upon the original exploit by Mücahit Saratar, extending it to achieve a reverse shell with root privileges.
lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It
50RISK
open ↗GitHub PoC
Maxime288/CVE-2026-31431-Copy-Fail-R-pertoire-de-Pr-vention
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC★ 13
Evince/xreader/Atril RCE exploit to CVE-2026-46529
PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
41RISK
open ↗GitHub PoC★ 1
CVE-2026-42945 nginx 32-bit exploit lab ASLR enabled
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗GitHub PoC
Safe Python scanner for Cisco CVE-2025-20333 (Cisco ASA/FTD WebVPN Buffer Overflow)
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secu
90RISK
open ↗GitHub PoC
Trigger-aware web server CVE audit for nginx and Apache. Goes beyond version matching by checking whether the vulnerable code path is actually reachable in your configuration. Classifies findings as Active / Latent / Unverified. Single-file Python 3.5+, no dependencies.
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗GitHub PoC
Read-only cPanel CVE-2026-41940 IOC detector for .sorry ransomware, Mr_Rot13 Filemanager backdoors, C2 callbacks, cron, SSH, and logs.
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open ↗GitHub PoC
Estudio del bug CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC★ 6
CHARON — pre-built PoC for CVE-2026-46333 (Linux ptrace mm==NULL fd theft)
ptrace: slightly saner 'get_dumpable()' logic
56RISK
open ↗GitHub PoC★ 4
CVE-2026-38526 | Krayin CRM v2.2.x Authenticated RCE - Unrestricted PHP File Upload via TinyMCE
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RISK
open ↗GitHub PoC
User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload
User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload
48RISK
open ↗GitHub PoC
Read-only WordPress User Registration CVE-2026-1492 checker for hidden admins, plugin version, uploads PHP, cron, and compromise IOCs.
User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration
68RISK
open ↗GitHub PoC★ 1
Technical PoC for CVE-2025-59528 (Flowise < 3.0.5), demonstrating authenticated RCE through customMCP mcpServerConfig injection, with clear bilingual documentation and reproducible steps for authorized security testing.
Flowise has Remote Code Execution vulnerability
85RISK
open ↗GitHub PoC
This repository contains a Proof of Concept (PoC) Python script for CVE-2025-58434, which enables attackers to change passwords of other users without authentication process in flowise version 3.0.5 and lower due to token leakage.
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISK
open ↗GitHub PoC★ 2
Technical breakdown of CVE-2026-34473, an unauthenticated denial of service affecting 17+ ZTE router models.
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H
41RISK
open ↗GitHub PoC★ 2
Automated Metasploit post-exploitation module for CVE-2026-31431 ("Copy Fail"). Weaponizes a deterministic logic flaw in the Linux kernel AF_ALG subsystem to achieve local privilege escalation (LPE) to root by safely corrupting a setuid binary directly in the shared Page Cache (RAM) without modifying files on disk
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC★ 2
PoC for CVE-2026-6433: WordPress FlipperCode Custom CSS, JS & PHP (≤2.0.7) — unauthenticated SQLi to RCE. Python 3 stdlib; single target or bulk multi-threaded scanning. Authorized testing & research only.
Custom CSS JS PHP <= 2.0.7 - Unauthenticated SQL Injection to RCE
56RISK
open ↗GitHub PoC
This exploit is based on CVE-2023-26360 (https://nvd.nist.gov/vuln/detail/CVE-2023-26360) and was built on top of the Metasploit module and the jakabakos/CVE-2023-26360-adobe-coldfusion-rce-exploit.
Adobe ColdFusion Improper Access Control Arbitrary code execution
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.