Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
71,062 exploits
Exploit-DB
Linux Kernel - Local Privilege Escalation
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RISK
open ↗GitHub PoC
NocoDB Shared-Base Links Could Invite Real Base Members and Survive Share Revocation
NocoDB: Shared-base link access can invite arbitrary users as persistent base members
33RISK
open ↗Exploit-DB
CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
CubeCart: Reflected XSS in Store Search Bar
33RISK
open ↗VulnCheck XDB
remote-with-credentials
Active Directory Domain Services Elevation of Privilege Vulnerability
100RISK
open ↗GitHub PoC
CVE-2026-40564: SSRF via FlinkSessionJob jarURI in apache/flink-kubernetes-operator. Self-contained reproducer that runs on a local kind cluster with one make command.
Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator
33RISK
open ↗GitHub PoC
P1 W8 S22 - Metasploit Samba CVE-2007-2447 Exploitation
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RISK
open ↗Exploit-DB
Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution
Quick Playground <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload
48RISK
open ↗GitHub PoC★ 26
Proof-of-concept script to leverage the PAN-OS GlobalProtect authentication bypass CVE-2026-0257
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open ↗GitHub PoC
CVE-2026-46376 - FreePBX Unauthenticated UCP Access via Hard-Coded Credentials
FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface
48RISK
open ↗GitHub PoC
Oracle REST Data Services (ORDS) Unauthenticated RCE (CVE-2026-46840)
Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are
48RISK
open ↗VulnCheck XDB
initial-access
cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source
60RISK
open ↗Exploit-DB
Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization
41RISK
open ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
net: skbuff: preserve shared-frag marker during coalescing
41RISK
open ↗Exploit-DB
ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion
ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion
41RISK
open ↗GitHub PoC
vishvacyber/Detection-Tool-Kit-for-CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC
rootdirective-sec/CVE-2026-47100-Analysis-Lab
Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX
41RISK
open ↗GitHub PoC
CVE-2026-35616 - Draft
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta
100RISK
open ↗GitHub PoC★ 1
A x86_64 ASM implementation of PinTheft (CVE-2026-43494)
net/rds: reset op_nents when zerocopy page pin fails
41RISK
open ↗GitHub PoC★ 1
Detection scanner for CVE-2026-48710 - Host-header auth bypass in Starlette/FastAPI
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RISK
open ↗VulnCheck XDB
initial-access
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.
50RISK
open ↗GitHub PoC
POC for CVE-2026-49009, an authenticated path traversal to RCE issue in Mender Server.
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
28RISK
open ↗GitHub PoC
Isolated AD/Linux attack lab: exploited CVE-2007-2447 via Metasploit, detected with Wazuh SIEM mapped to MITRE ATT&CK (T1190, T1059)
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RISK
open ↗GitHub PoC★ 1
Intentionally-vulnerable nginx 1.30.0 CVE lab images (CVE-2026-40701/42934/42945/42946) for isolated security research. Lab use only.
NGINX ngx_http_ssl_module vulnerability
33RISK
open ↗GitHub PoC
This script safely checks the local version of the LiteSpeed cPanel plugin to determine if the system is running a version vulnerable to CVE-2026-48172. It does not send exploits or interact with network endpoints maliciously.
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild i
83RISK
open ↗GitHub PoC
CVE-2026-8380
Frontend File Manager Plugin <= 23.6 - Author+ Arbitrary Post Deletion
33RISK
open ↗GitHub PoC★ 6
Proof-of-concept scripts for three vulnerabilities in Notepad++ <= 8.9.6, patched in v8.9.6.1 (2026-05-26) CVE-2026-48770 / CVE-2026-48778 / CVE-2026-48800
Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash
33RISK
open ↗GitHub PoC
krishnadevpmelevila/CVE-2026-39292
Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder
41RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.