Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
13,086 exploits
GitHub PoC
🛡️ One-command scanner for CVE-2026-45321 — TanStack npm supply-chain attack
CVE-2026-45321CRITICALunder attackransomware12 May 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISK
open
GitHub PoC
Working POC of CVE-2026-6664 written by Sonnet 4.6
CVE-2026-6664HIGH12 May 2026
PgBouncer integer overflow in PgBouncer network packet parsing
41RISK
open
GitHub PoC
CSRF (Cross-Site Request Forgery) vulnerability in gpEasy 1.5-16.3
CVE-2010-203912 May 2026
Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijac
23RISK
open
GitHub PoC29
PoC for CVE-2026-3609 - XIGNCODE3 xhunter1.sys handle leak enabling PPL bypass and LSASS dumping
CVE-2026-3609MEDIUM12 May 2026
XIGNCODE3 xhunter1.sys kernel driver contains a Privilege Escalation Vulnerability
33RISK
open
GitHub PoC
cve-2024-21413
CVE-2024-21413CRITICALunder attack12 May 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RISK
open
GitHub PoC
sh4den/CVE-2026-31431-copyfail-aarch64
CVE-2026-31431HIGHunder attack12 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC882
exploit for CVE-2026-42945
CVE-2026-42945CRITICAL12 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC
CVE-2023-4220 — Unauthenticated file upload RCE in Chamilo LMS ≤ 1.11.24. OSCP-style and auto exploit.
CVE-2023-4220HIGH12 May 2026
Chamilo LMS Unauthenticated Big Upload File Remote Code Execution
78RISK
open
GitHub PoC2
Dead.Letter CVE-2026-45185 EXIM Vulnerability Detection Script
CVE-2026-45185CRITICAL12 May 2026
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing p
48RISK
open
GitHub PoC
Quick mitigation and patch script for CVE-2026-31431 (Copy Fail) on Ubuntu/Debian VPS
CVE-2026-31431HIGHunder attack12 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
Cybersecurity demo exploiting CVE-2026-35455 with automatic API key generation and exfiltration
CVE-2026-35455HIGH12 May 2026
immich has Stored XSS via OCR Text in 360° Panorama Viewer
41RISK
open
GitHub PoC1
A CVE-2026-31431 implementation in c++ and inline assembly dependency free
CVE-2026-31431HIGHunder attack12 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
SystemVll/CVE-2026-31431-copyfail-aarch64
CVE-2026-31431HIGHunder attack12 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC20
azefzafyoussef/CVE-2026-34621
CVE-2026-34621HIGHunder attack12 May 2026
Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
71RISK
open
GitHub PoC
Xmyronn/CVE-2026-10288-AUTH-BYPASS
CVE-2026-10288MEDIUM11 May 2026
code-projects Hotel and Tourism Reservation System Admin Login login.php password_verify improper authentication
33RISK
open
GitHub PoC3
Arbitrary command execution on Cockpit
CVE-2026-4802HIGH11 May 2026
Cockpit: cockpit: arbitrary command execution via crafted links in system logs ui
21RISK
open
GitHub PoC
Xmyronn/CVE-2026-10289-XSS
CVE-2026-10289MEDIUM11 May 2026
code-projects Hotel and Tourism Reservation System tour.php cross site scripting
33RISK
open
GitHub PoC
Lab testing documentation for CVE-2026-31431 (Copy Fail) Linux kernel LPE
CVE-2026-31431HIGHunder attack11 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
Xmyronn/CVE-2026-10290-SQLI
CVE-2026-10290MEDIUM11 May 2026
code-projects Hotel and Tourism Reservation System GET Parameter tour.php sql injection
33RISK
open
GitHub PoC
CVE-2026-6274 - Redline WR3200 Broken Authentication
CVE-2026-6274CRITICAL11 May 2026
Authentication Bypass in DTS Electronics' Redline WR3200
28RISK
open
GitHub PoC
CVE-2026-40987 PoC
CVE-2026-40987HIGH11 May 2026
Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization
41RISK
open
GitHub PoC68
EncryptInterceptor fail-open bypass in Apache Tomcat Tribes clustering leading to unauthenticated RCE via Java deserialization.
CVE-2026-34486HIGH11 May 2026
Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor
61RISK
open
GitHub PoC
EspoCRM 9.3.3 - Stored HTML Injection in Email Notifications
CVE-2026-33657MEDIUM11 May 2026
EspoCRM: Stored HTML injection in email notifications about stream notes via unescaped post field
13RISK
open
GitHub PoC
SSTI contact form to rce
CVE-2026-4257CRITICAL11 May 2026
Contact Form by Supsystic <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality
75RISK
open
GitHub PoC14
CVE-2026-43284/CVE-2026-43500 'DirtyFrag' Benign patch & mitigation detection script
CVE-2026-43284HIGH11 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
GitHub PoC1
This project is a cybersecurity research and analysis project focused on CVE-2023-38831, a critical WinRAR vulnerability that allows attackers to execute malicious code through specially crafted archive files. The project was conducted in a controlled lab environment for educational and defensive security purposes only.
CVE-2023-38831HIGHunder attackransomware11 May 2026
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a
100RISK
open
GitHub PoC
PoC for CVE-2026-8023: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-8023HIGH11 May 2026
Path traversal in Zephyr HTTP server static-filesystem resource handler allows unauthenticated remote arbitrary file read
41RISK
open
GitHub PoC
Dirtyfrag CVE-2026-43284 & CVE-2026-43500 Scanner
CVE-2026-43284HIGH11 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
GitHub PoC
Proof of concept of CVE-2026-8161 (Multiparty)
CVE-2026-8161HIGH11 May 2026
multiparty vulnerable to Denial of Service via Prototype Pollution leading to Uncaught Exception
21RISK
open
GitHub PoC1
Exploit for CVE-2026-31431 (Copy Fail)
CVE-2026-31431HIGHunder attack11 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.