Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
13,116 exploits
GitHub PoC
SSH posture helper for CVE-2026-31431 (Copy Fail): kernel and algif_aead inventory
CVE-2026-31431HIGHunder attack01 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
Exploitation of CVE-2023-44604. Using a Kali Linux VM (attacker) and a Debian 11 server VM (victim)
CVE-2023-46604CRITICALunder attackransomware01 May 2026
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RISK
open
GitHub PoC1
CVE-2026-31431 (copy.fail) — adapted for constrained Java execution environments via FFM syscall layer + javac annotation processor delivery
CVE-2026-31431HIGHunder attack01 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
CVE-2026-31431 mitigation (Copy Fail)
CVE-2026-31431HIGHunder attack01 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
对 CVE-2026-31431 的复现分析、C 改编的 exp。
CVE-2026-31431HIGHunder attack01 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC2
cPanel CVE-2026-41940 nuclear.x86 Security Audit & Cleanup Script
CVE-2026-41940CRITICALunder attackransomware01 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
GitHub PoC10
cPanel/WHM Authentication Bypass (Zero-Day Vulnerability)
CVE-2026-41940CRITICALunder attackransomware01 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
GitHub PoC4
Bulk scanner and mass exploitation tool for CVE-2026-41940 on cPanel/WHM, built for automated target validation and high-speed multi-threaded execution.
CVE-2026-41940CRITICALunder attackransomware01 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
GitHub PoC2
CVE-2026-31431 - Copy Fail | Linux LPE via authencesn page cache write. Unprivileged user to root on most distros since 2017. PoC in C and Python.
CVE-2026-31431HIGHunder attack01 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
CVE-2026-31431 Kernel Fix Script
CVE-2026-31431HIGHunder attack01 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC20
CVE-2026-31431 (Copy Fail) PoC - Linux kernel page cache corruption via authencesn AF_ALG + splice()
CVE-2026-31431HIGHunder attack01 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC3
Easy-to-understand version of CVE-2026-31431
CVE-2026-31431HIGHunder attack01 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
CVE-2026-31431 - Copy Fail - PoC exploit
CVE-2026-31431HIGHunder attack01 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC2
george1-adel/CVE-2026-41940_exploit
CVE-2026-41940CRITICALunder attackransomware01 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
GitHub PoC
My first hands-on Intel 471 threat hunting workshop experience investigating CVE-2023-46604 using Elastic SIEM, vulnerability intelligence, and post-exploitation detection.
CVE-2023-46604CRITICALunder attackransomware30 Apr 2026
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RISK
open
GitHub PoC
CVE-2026-43500 / CVE-2026-31431 / CVE-2026-43284 golang hotfix
CVE-2026-43500HIGH30 Apr 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RISK
open
GitHub PoC2
Temporarily removes the root password using CVE-2026-31431
CVE-2026-31431HIGHunder attack30 Apr 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC31
BPF-LSM mitigation for CVE-2026-31431 (Copy Fail) — denies AF_ALG socket creation cluster-wide
CVE-2026-31431HIGHunder attack30 Apr 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC91
High fidelity scanner for CVE-2026-41940 (cPanel & WHM authentication bypass)
CVE-2026-41940CRITICALunder attackransomware30 Apr 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
GitHub PoC
Razielx64/CVE-2025-69606-GSVoIP-XSS
CVE-2025-69606MEDIUM30 Apr 2026
Cross-Site Scripting (XSS) vulnerability was discovered in the GSVoIP web panel version 2.0.90. The `msg` parameter in t
33RISK
open
GitHub PoC13
Detection, mitigation, and reverse-engineering tooling for CVE-2026-41940 (SessionScribe): the cPanel/WHM unauthenticated session-forgery vulnerability disclosed 2026-04-28. Defense-in-depth active mitigation shim, ModSec rule pack, remote probe, on-host IOC scanner, and per-tier RE snapshot collector. GPL v2.
CVE-2026-41940CRITICALunder attackransomware30 Apr 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
GitHub PoC2
Detection rules for CVE-2026-31431 Linux LPE Vulnerability - Credit: (Copy Fail) https://copy.fail
CVE-2026-31431HIGHunder attack30 Apr 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
ryan2929/CVE-2026-31431
CVE-2026-31431HIGHunder attack30 Apr 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC2
Temporarily removes the root password using CVE-2026-31431
CVE-2026-31431HIGHunder attack30 Apr 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC3
根据py版本,升级成了c和rust版本,带加密混淆、0依赖(仅技术学习与分享)
CVE-2026-31431HIGHunder attack30 Apr 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
Wazuh SCA Linux hardening policy for Copy Fail (CVE-2026-31431)
CVE-2026-31431HIGHunder attack30 Apr 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC10
DaemonSet для митигации уязвимости CVE-2026-31431 (Copy Fail)
CVE-2026-31431HIGHunder attack30 Apr 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC14
Copy Fail - CVE-2026-31431
CVE-2026-31431HIGHunder attack30 Apr 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
DaemonSet с реализацией временной меры для митигации уязвимости Copy Fail (CVE-2026-31431)
CVE-2026-31431HIGHunder attack30 Apr 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC1
CVE-2026-31431 - Copy Fail PoC (Python 3.10+)
CVE-2026-31431HIGHunder attack30 Apr 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.