Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
13,116 exploits
GitHub PoC2
Automated Metasploit post-exploitation module for CVE-2026-31431 ("Copy Fail"). Weaponizes a deterministic logic flaw in the Linux kernel AF_ALG subsystem to achieve local privilege escalation (LPE) to root by safely corrupting a setuid binary directly in the shared Page Cache (RAM) without modifying files on disk
CVE-2026-31431HIGHunder attack16 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
Read-only WordPress User Registration CVE-2026-1492 checker for hidden admins, plugin version, uploads PHP, cron, and compromise IOCs.
CVE-2026-1492CRITICAL16 May 2026
User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration
68RISK
open
GitHub PoC
Zero-dependency CLI scanner for npm/PyPI supply chain compromises. Detects compromised packages in lockfiles and system-level IOCs from attacks like Mini Shai-Hulud (CVE-2026-45321).
CVE-2026-45321CRITICALunder attackransomware16 May 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISK
open
GitHub PoC
lwd3c/CVE-2026-46586
CVE-2026-46586HIGH16 May 2026
Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution
21RISK
open
GitHub PoC6
CHARON — pre-built PoC for CVE-2026-46333 (Linux ptrace mm==NULL fd theft)
CVE-2026-46333HIGH16 May 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISK
open
GitHub PoC4
CVE-2026-38526 | Krayin CRM v2.2.x Authenticated RCE - Unrestricted PHP File Upload via TinyMCE
CVE-2026-38526CRITICAL16 May 2026
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RISK
open
GitHub PoC
fellipefelix06/Zabbix-CVE-2024-42327
CVE-2024-42327CRITICAL16 May 2026
SQL injection in user.get API
70RISK
open
GitHub PoC
Exploit for the CVE-2026-8181 - Burst Statistics WordPress Plugin Authentication Bypass
CVE-2026-8181CRITICAL16 May 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open
GitHub PoC
CVE-2026-8181: Burst Statistics Auth Bypass → REST API takeover & admin creation. Python 2.7. Educational use only.
CVE-2026-8181CRITICAL16 May 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open
GitHub PoC
Maxime288/CVE-2026-31431-Copy-Fail-R-pertoire-de-Pr-vention
CVE-2026-31431HIGHunder attack16 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC2
Shell script to detect TanStack npm supply chain attack indicators (CVE-2026-45321 / GHSA-g7cv-rxg3-hmpx)
CVE-2026-45321CRITICALunder attackransomware16 May 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISK
open
GitHub PoC7
CVE-2026-44578: Next.js WebSocket Upgrade SSRF — pre-auth credential theft via localhost:80. Lab + exploit + audit.
CVE-2026-44578HIGH16 May 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISK
open
GitHub PoC1
CVE-2026-44578
CVE-2026-44578HIGH16 May 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISK
open
GitHub PoC
This exploit is based on CVE-2023-26360 (https://nvd.nist.gov/vuln/detail/CVE-2023-26360) and was built on top of the Metasploit module and the jakabakos/CVE-2023-26360-adobe-coldfusion-rce-exploit.
CVE-2023-26360HIGHunder attack16 May 2026
Adobe ColdFusion Improper Access Control Arbitrary code execution
100RISK
open
GitHub PoC
Safe Python scanner for Cisco CVE-2025-20333 (Cisco ASA/FTD WebVPN Buffer Overflow)
CVE-2025-20333CRITICALunder attack16 May 2026
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secu
90RISK
open
GitHub PoC
User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload
CVE-2026-4882CRITICAL16 May 2026
User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload
48RISK
open
GitHub PoC
CVE-2026-45091
CVE-2026-45091CRITICAL16 May 2026
sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)
48RISK
open
GitHub PoC
Read-only cPanel CVE-2026-41940 IOC detector for .sorry ransomware, Mr_Rot13 Filemanager backdoors, C2 callbacks, cron, SSH, and logs.
CVE-2026-41940CRITICALunder attackransomware16 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
GitHub PoC1
This exploit is based on CVE-2021-33393 and was built upon the original exploit by Mücahit Saratar, extending it to achieve a reverse shell with root privileges.
CVE-2021-3339316 May 2026
lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It
50RISK
open
GitHub PoC
Python toolkit to audit Apache HTTP Server against CVE-2026-23918 (HTTP/2 double-free RCE) and 4 related CVEs. Passive scanner with ALPN verification + read-only local auditor. No exploits.
CVE-2026-23918HIGH16 May 2026
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISK
open
GitHub PoC2
Technical breakdown of CVE-2026-34473, an unauthenticated denial of service affecting 17+ ZTE router models.
CVE-2026-34473HIGH16 May 2026
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H
41RISK
open
GitHub PoC
CVE-2026-39987
CVE-2026-39987CRITICALunder attack16 May 2026
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISK
open
GitHub PoC
Estudio del bug CVE-2026-31431
CVE-2026-31431HIGHunder attack16 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC18
nginx CVE scanner + RCE exploit framework (CVE-2026-42945 + 16 others)
CVE-2026-42945CRITICAL16 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC
Safe Python scanner for CVE-2025-20362 (Cisco ASA/FTD WebVPN Authentication Bypass)
CVE-2025-20362MEDIUMunder attack16 May 2026
Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Softwar
100RISK
open
GitHub PoC2
PoC for CVE-2026-6433: WordPress FlipperCode Custom CSS, JS & PHP (≤2.0.7) — unauthenticated SQLi to RCE. Python 3 stdlib; single target or bulk multi-threaded scanning. Authorized testing & research only.
CVE-2026-6433HIGH16 May 2026
Custom CSS JS PHP <= 2.0.7 - Unauthenticated SQL Injection to RCE
56RISK
open
GitHub PoC13
Evince/xreader/Atril RCE exploit to CVE-2026-46529
CVE-2026-46529HIGH16 May 2026
PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
41RISK
open
GitHub PoC
Source-built nginx 1.25.5 container with backported CVE-2026-42945 fix, OpenSSL bump, full provenance chain, and VEX attestation.
CVE-2026-42945CRITICAL16 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC
Apache Axis1.4 远程命令执行漏洞利用工具 - CVE-2019-0227,支持随机化服务名和Webshell文件名
CVE-2019-022716 May 2026
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2
45RISK
open
GitHub PoC
This repository contains a Proof of Concept (PoC) Python script for CVE-2025-58434, which enables attackers to change passwords of other users without authentication process in flowise version 3.0.5 and lower due to token leakage.
CVE-2025-58434CRITICAL16 May 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.