Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
71,180 exploits
VulnCheck XDB
initial-access
CVE-2022-22965CRITICALunder attack27 May 2026
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RISK
open
VulnCheck XDB
initial-access
CVE-2022-22965CRITICALunder attack27 May 2026
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RISK
open
VulnCheck XDB
info-leak
CVE-2026-26980CRITICAL27 May 2026
Ghost has a SQL Injection in its Content API
75RISK
open
GitHub PoC
mein-0/cve-2026-0828
CVE-2026-0828HIGH27 May 2026
Kernel driver vulnerability in Safetica Endpoint Client
41RISK
open
GitHub PoC
thinhap/CVE-2026-9082-PoC
CVE-2026-9082CRITICALunder attack27 May 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISK
open
GitHub PoC
Description
CVE-2022-22965CRITICALunder attack27 May 2026
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RISK
open
VulnCheck XDB
local
CVE-2021-3560HIGHunder attack27 May 2026
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privile
91RISK
open
GitHub PoC
Spring4Shell (CVE-2022-22965) 漏洞環境搭建與 CTF 題目
CVE-2022-22965CRITICALunder attack27 May 2026
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RISK
open
VulnCheck XDB
initial-access
CVE-2017-1161027 May 2026
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows rem
60RISK
open
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-43284HIGHlocallinux27 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
Exploit-DB
Realtek rtl819x - Local Privilege
CVE-2026-36355HIGHlocallinux27 May 2026
The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perfo
41RISK
open
GitHub PoC
PrintNightmare Report
CVE-2021-34527HIGHunder attackransomware27 May 2026
Windows Print Spooler Remote Code Execution Vulnerability
100RISK
open
Exploit-DB
scramble - Remote Code Execution
CVE-2026-44262CRITICALwebappsphp27 May 2026
Scramble: Remote code execution via evaluation of user-controlled input in validation rules
63RISK
open
GitHub PoC
lwd3c/CVE-2026-47342
CVE-2026-47342HIGH27 May 2026
Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass
21RISK
open
GitHub PoC18
CVE-2026-27771 - Gitea/Forgejo Container Registry Auth Bypass Exploit PoC - Pull private container images without authentication
CVE-2026-27771HIGH27 May 2026
Gitea Composer package source links use insufficient permission checks
68RISK
open
VulnCheck XDB
info-leak
CVE-2026-9082CRITICALunder attack27 May 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISK
open
GitHub PoC
CVE-2026-27771 - Draft
CVE-2026-27771HIGH27 May 2026
Gitea Composer package source links use insufficient permission checks
68RISK
open
GitHub PoC2
⚠️ DISCLAIMER: This tool is intended for authorized penetration testing and educational purposes only. Using this tool against systems without explicit written permission is illegal. The developers are not responsible for any misuse or damage caused.
CVE-2026-41940CRITICALunder attackransomware27 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-54123CRITICAL27 May 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RISK
open
GitHub PoC
Dungsocool/CVE-2017-10271
CVE-2017-10271HIGHunder attackransomware27 May 2026
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supporte
100RISK
open
GitHub PoC
0x00phantom-hat/Hoverfly-1.11.3-RCE-CVE-2025-54123-Exploit
CVE-2025-54123CRITICAL27 May 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RISK
open
Exploit-DB
MeiG Smart FORGE_SLT711 - OS Command Injection
CVE-2026-36356CRITICALhardwarelinux27 May 2026
The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthentica
53RISK
open
GitHub PoC
CVE-2026-5426
CVE-2026-5426CRITICAL26 May 2026
KnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey value
48RISK
open
GitHub PoC
xxconi/CVE-2026-2942
CVE-2026-2942CRITICAL26 May 2026
ProSolution WP Client <= 1.9.9 - Unauthenticated Arbitrary File Upload via proSol_fileUploadProcess
48RISK
open
GitHub PoC
CVE-2026-3296 is a CVSS 9.8 Critical unauthenticated PHP Object Injection vulnerability in the Everest Forms WordPress plugin
CVE-2026-3296CRITICAL26 May 2026
Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata
48RISK
open
GitHub PoC
xxconi/CVE-2026-6271
CVE-2026-6271CRITICAL26 May 2026
Career Section <= 1.7 - Unauthenticated Arbitrary File Upload
48RISK
open
GitHub PoC1
Cisco Catalyst SD-WAN Peering Authentication Bypass
CVE-2026-20182CRITICALunder attack26 May 2026
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISK
open
GitHub PoC
CVE-2026-5364 is a CVSS 8.1 (High) Unauthenticated Arbitrary File Upload vulnerability in the Drag and Drop File Upload for Contact Form 7
CVE-2026-5364HIGH26 May 2026
Drag and Drop File Upload for Contact Form 7 <= 1.1.3 - Unauthenticated Arbitrary File Upload via sanitize_file_name Bypass
41RISK
open
GitHub PoC
CVE-2026-6741 is a CVSS 8.8 (High) Authenticated (Agent+) Privilege Escalation vulnerability in the LatePoint – Calendar Booking Plugin
CVE-2026-6741HIGH26 May 2026
LatePoint <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability
41RISK
open
VulnCheck XDB
local
CVE-2026-43284HIGH26 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
previouspage 44 / 2,373next

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.