Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
71,180 exploits
GitHub PoC
A Marp slide deck about CVE-2025-53770
CVE-2025-53770CRITICALunder attackransomware28 May 2026
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
GitHub PoC
CVE-2023-26083-Mali-InfoLeak-PoC
CVE-2023-26083LOWunder attack28 May 2026
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost
58RISK
open
VulnCheck XDB
info-leak
CVE-2023-26083LOWunder attack28 May 2026
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost
58RISK
open
GitHub PoC
krishnadevpmelevila/CVE-2026-39292
CVE-2026-39292HIGH28 May 2026
Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder
41RISK
open
GitHub PoC
CVE-2026-35616 - Draft
CVE-2026-35616CRITICALunder attack28 May 2026
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta
100RISK
open
GitHub PoC1
A x86_64 ASM implementation of PinTheft (CVE-2026-43494)
CVE-2026-43494HIGH28 May 2026
net/rds: reset op_nents when zerocopy page pin fails
41RISK
open
GitHub PoC
CVE-2026-8380
CVE-2026-8380MEDIUM28 May 2026
Frontend File Manager Plugin <= 23.6 - Author+ Arbitrary Post Deletion
33RISK
open
GitHub PoC
rootdirective-sec/CVE-2026-47100-Analysis-Lab
CVE-2026-47100HIGH28 May 2026
Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX
41RISK
open
GitHub PoC1
W5M1n9/NGINX-ngx_http_rewrite_module-heap-buffer-overflow-CVE-2026-9256
CVE-2026-9256CRITICAL28 May 2026
NGINX ngx_http_rewrite_module vulnerability
48RISK
open
GitHub PoC
quantumworld-dpdns-io/CVE-2026-42945
CVE-2026-42945CRITICAL28 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC2
3nou9h/CVE-2026-9256-Poc
CVE-2026-9256CRITICAL28 May 2026
NGINX ngx_http_rewrite_module vulnerability
48RISK
open
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL28 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC
this is a study about CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
CVE-2021-3156HIGHunder attack27 May 2026
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISK
open
GitHub PoC
lwd3c/CVE-2026-47342
CVE-2026-47342HIGH27 May 2026
Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass
21RISK
open
GitHub PoC
CVE-2026-45659 Microsoft SharePoint Server Deserialization RCE.
CVE-2026-45659HIGHunder attack27 May 2026
Microsoft SharePoint Remote Code Execution Vulnerability
71RISK
open
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-43284HIGHlocallinux27 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
GitHub PoC
mein-0/cve-2026-0828
CVE-2026-0828HIGH27 May 2026
Kernel driver vulnerability in Safetica Endpoint Client
41RISK
open
GitHub PoC
CVE-2026-45659
CVE-2026-45659HIGHunder attack27 May 2026
Microsoft SharePoint Remote Code Execution Vulnerability
71RISK
open
VulnCheck XDB
initial-access
CVE-2017-1161027 May 2026
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows rem
60RISK
open
Exploit-DB
EspoCRM 9.3.3 - SSRF
CVE-2026-33534MEDIUM27 May 2026
EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation
48RISK
open
GitHub PoC
Dungsocool/CVE-2017-10271
CVE-2017-10271HIGHunder attackransomware27 May 2026
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supporte
100RISK
open
VulnCheck XDB
local
CVE-2021-3560HIGHunder attack27 May 2026
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privile
91RISK
open
Exploit-DB
MeiG Smart FORGE_SLT711 - OS Command Injection
CVE-2026-36356CRITICALhardwarelinux27 May 2026
The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthentica
53RISK
open
GitHub PoC
CVE-2026-5172: buffer overflow in extract_addresses() on crafted resource record PoC
CVE-2026-5172HIGH27 May 2026
CVE-2026-5172
41RISK
open
GitHub PoC
Generate the poc for CVE-2026-4893: broken EDNS Client Subnet validation.
CVE-2026-4893MEDIUM27 May 2026
CVE-2026-4893
33RISK
open
GitHub PoC
SOC336 - Windows OLE Zero-Click RCE Exploitation Detected (CVE-2025-21298) Walkthrough
CVE-2025-21298CRITICAL27 May 2026
Windows OLE Remote Code Execution Vulnerability
70RISK
open
GitHub PoC
Lab 3: Supervisord XML-RPC Remote Code Execution (CVE-2017-11610) - Writeup and Exploit
CVE-2017-1161027 May 2026
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows rem
60RISK
open
GitHub PoC
This exploit is based on CVE-2019-6340 and was built upon the original exploit by leonjza and the Metasploit module, extending it can be executed multiple times against the same target without waiting for cache expiration.
CVE-2019-6340HIGHunder attack27 May 2026
Drupal core - Highly critical - Remote Code Execution
100RISK
open
GitHub PoC
hadhub/CVE-2026-49344-Mercator-JSON-DSL
CVE-2026-49344HIGH27 May 2026
Mercator has a Personal Identifiable Information Leak from Query Executor feature
41RISK
open
GitHub PoC18
CVE-2026-27771 - Gitea/Forgejo Container Registry Auth Bypass Exploit PoC - Pull private container images without authentication
CVE-2026-27771HIGH27 May 2026
Gitea Composer package source links use insufficient permission checks
68RISK
open
previouspage 43 / 2,373next

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.