Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,250cataloged exploits
31,733CVEs with public exploitation
0lab-tested
71,251 exploits
Exploit-DB
Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Service
CVE-2026-23918HIGHwebappsmultiple26 May 2026
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISK
open
Exploit-DB
Wordpress Temporary Login Plugin 1.0.0 - 'temp-login-token' Authentication Bypass to Account Takeover
CVE-2026-7567CRITICALwebappsmultiple26 May 2026
Temporary Login <= 1.0.0 - Authentication Bypass to Account Takeover
48RISK
open
GitHub PoC
CVE-2026-5718: Unauthenticated File Upload To RCE in DnD Upload CF7 Plugin
CVE-2026-5718HIGH26 May 2026
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RISK
open
Exploit-DB
Grav CMS 2.0.0-beta.2 - Remote Code Execution
CVE-2026-42607CRITICALwebappsphp26 May 2026
Grav: Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature
48RISK
open
GitHub PoC
CVE-2026-48095
CVE-2026-48095HIGH26 May 2026
GHSL-2026-140_7-Zip: 7-Zip has a heap buffer overflow via NTFS compressed stream buffer under-allocation
41RISK
open
GitHub PoC
xxconi/CVE-2026-6271
CVE-2026-6271CRITICAL26 May 2026
Career Section <= 1.7 - Unauthenticated Arbitrary File Upload
48RISK
open
GitHub PoC1
Cisco Catalyst SD-WAN Peering Authentication Bypass
CVE-2026-20182CRITICALunder attack26 May 2026
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISK
open
GitHub PoC
CVE-2026-5229: Form Notify Auth Bypass via LINE OAuth Callback (CVSS 9.8)
CVE-2026-5229CRITICAL26 May 2026
Receive Notifications After Form Submitting – Form Notify for Any Forms <= 1.1.10 - Unauthenticated Authentication Bypass via LINE OAuth Callback
48RISK
open
VulnCheck XDB
initial-access
CVE-2026-9082CRITICALunder attack26 May 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISK
open
GitHub PoC10
ambionics/cve-2026-9082-drupal-postgresql-rce
CVE-2026-9082CRITICALunder attack26 May 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISK
open
VulnCheck XDB
local
CVE-2026-43284HIGH26 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
GitHub PoC1
Working exploit for ssrf issue reported in CVE-2026–45401
CVE-2026-45401HIGH26 May 2026
Open WebUI: SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints
41RISK
open
VulnCheck XDB
initial-access
CVE-2026-3296CRITICAL26 May 2026
Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata
48RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware26 May 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-20182CRITICALunder attack26 May 2026
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISK
open
GitHub PoC
xxconi/CVE-2026-2942
CVE-2026-2942CRITICAL26 May 2026
ProSolution WP Client <= 1.9.9 - Unauthenticated Arbitrary File Upload via proSol_fileUploadProcess
48RISK
open
Exploit-DB
cPanel - CRLF Injection
CVE-2026-41940CRITICALunder attackransomwarewebappsphp26 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
GitHub PoC
CVE-2021-43798 MiNi Exploitation Framework
CVE-2021-43798HIGHunder attack26 May 2026
Grafana path traversal
100RISK
open
GitHub PoC
Dungsocool/CVE-2017-5638
CVE-2017-5638CRITICALunder attackransomware26 May 2026
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RISK
open
GitHub PoC
xl337x/CVE-2023-31902
CVE-2023-31902CRITICAL26 May 2026
RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).
63RISK
open
GitHub PoC
Critical vulnerability in Siemens RuggedCom ROS devices allowing attackers to derive a hidden factory account password from the device MAC address and gain unauthorized administrative access via TELNET, rsh, or serial interfaces. Affects ROS 3.10.x and earlier.
CVE-2012-180325 May 2026
RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Ad
50RISK
open
GitHub PoC
translating original python exploit to C
CVE-2026-0073HIGH25 May 2026
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RISK
open
GitHub PoC
Educational laboratory for studying CVE-2014-0160 (Heartbleed) and framing inconsistencies in TLS heartbeat handling.
CVE-2014-0160HIGHunder attack25 May 2026
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
100RISK
open
GitHub PoC2
CVE-2026-36239 | Authenticated RCE in PbootCMS ≤3.2.12
CVE-2026-36239MEDIUM25 May 2026
PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality
33RISK
open
GitHub PoC1
Repository for studying the CVE-2026-42945 vulnerability in nginx < 1.30
CVE-2026-42945CRITICAL25 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
info-leak
CVE-2020-1938CRITICALunder attack25 May 2026
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISK
open
GitHub PoC
CVE-2026-38422 — Remote Code Execution via Combined Buffer Overflows in Tasmota fetch_jpg() (Tasmota <= 15.3.0.3)
CVE-2026-38422HIGH25 May 2026
Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary cod
41RISK
open
GitHub PoC45
PoC for CVE-2026-28990, an ImageIO bug patched in iOS/macOS 26.5
CVE-2026-28990HIGH25 May 2026
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15
41RISK
open
GitHub PoC29
CVE-2026-0091, play with an issue in android window management to perform arbitrary code execution in Launcher process from adb
CVE-2026-0091HIGH25 May 2026
In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell u
41RISK
open
GitHub PoC
CVE-2026-38427 — Integer Wraparound → Heap Buffer Overflow in Tasmota fetch_jpg() uint16_t (Tasmota <= 15.3.0.3)
CVE-2026-38427HIGH25 May 2026
An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffe
41RISK
open
previouspage 46 / 2,376next

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.