Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
13,116 exploits
GitHub PoC
Cybersecurity lab demonstrating exploitation of CVE-2017-0144 (EternalBlue) using Metasploit against a vulnerable Windows 7 VM, achieving SYSTEM-level access via Meterpreter. Includes full attack chain, post exploitation, and mitigation via MS17-010 patching, tested in an isolated ethical lab environment.
CVE-2017-0144HIGHunder attackransomware22 Apr 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open
GitHub PoC
CVE-2019-15107 Webmin RCE (unauthenticated) exploit
CVE-2019-15107CRITICALunder attackransomware22 Apr 2026
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnera
100RISK
open
GitHub PoC2
SQL Injection vulnerability in NASA EOSDIS MODAPS due to improper input validation in the `category` parameter. This flaw allows attackers to manipulate backend SQL queries, potentially leading to unauthorized data access and database compromise.
CVE-2024-46636CRITICAL22 Apr 2026
NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection v
48RISK
open
GitHub PoC
jpselva/CVE-2023-4863
CVE-2023-4863HIGHunder attack22 Apr 2026
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to
93RISK
open
GitHub PoC
Multi-Stage Attack Modeling and Detection of Log4Shell for CVE-2021-44228
CVE-2021-44228CRITICALunder attackransomware22 Apr 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISK
open
GitHub PoC2
Hack The Box - Silentium machine writeup | CVE-2025-58434, CVE-2025-59528, CVE-2025-8110
CVE-2025-58434CRITICAL22 Apr 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISK
open
GitHub PoC
Sanitized advisory for CVE-2025-51846 affecting CryptPad WebSocket handling.
CVE-2025-51846HIGH22 Apr 2026
CryptPad unbounded WebSocket frame flood
41RISK
open
GitHub PoC
ClaraSto/CVE-2024-1086_Ausarbeitung
CVE-2024-1086HIGHunder attackransomware21 Apr 2026
Use-after-free in Linux kernel's netfilter: nf_tables component
76RISK
open
GitHub PoC1
Jorrit-VM/CVE-2026-33017
CVE-2026-33017CRITICALunder attack20 Apr 2026
Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
100RISK
open
GitHub PoC77
Apache ActiveMQ漏洞综合利用工具(CVE-2015-5254,CVE-2016-3088,CVE-2022-41678,CVE-2023-46604,CVE-2024-32114,CVE-2026-34197,CVE-2026-40466, CVE-2026-42588)
CVE-2023-46604CRITICALunder attackransomware20 Apr 2026
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RISK
open
GitHub PoC
micheaol/distccd_rce_CVE-2004-2687
CVE-2004-268720 Apr 2026
distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote at
60RISK
open
GitHub PoC1
CVE-2025-31161
CVE-2025-31161CRITICALunder attackransomware20 Apr 2026
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unle
100RISK
open
GitHub PoC
Type Local Privilege Escalation exploit for CVE-2021-3493(Ubuntu Kernel vulnerability) documrnted during TryHackme Lab
CVE-2021-3493HIGHunder attack20 Apr 2026
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting o
98RISK
open
GitHub PoC
The forgot-password endpoint in Flowise returns sensitive information including a valid password reset tempToken without authentication or verification. This enables any attacker to generate a reset token for arbitrary users and directly reset their password, leading to a complete account takeover (ATO).
CVE-2025-58434CRITICAL20 Apr 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISK
open
GitHub PoC
We hope to reproduce CVE-2021-41773 to deepen our understanding of real-world cybersecurity vulnerabilities so that we can be knowledgeable about exploits in industry and academic work.
CVE-2021-41773HIGHunder attackransomware20 Apr 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
GitHub PoC1
wa6n3r/CVE-2024-3400
CVE-2024-3400CRITICALunder attackransomware20 Apr 2026
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
100RISK
open
GitHub PoC
Professional vulnerability assessment of a multi-VLAN enterprise network (student21.local). Confirmed Stored XSS on WebGoat (HIGH, 16) via OWASP ZAP fuzzer, absent XSS on Magento via server sanitization, and CVE-2017-0144 EternalBlue on Metasploitable 3 (CRITICAL, 25) via Nessus + Wireshark PCAP validation.
CVE-2017-0144HIGHunder attackransomware20 Apr 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open
GitHub PoC77
Apache ActiveMQ漏洞综合利用工具(CVE-2015-5254,CVE-2016-3088,CVE-2022-41678,CVE-2023-46604,CVE-2024-32114,CVE-2026-34197,CVE-2026-40466, CVE-2026-42588)
CVE-2016-3088CRITICALunder attack20 Apr 2026
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitr
100RISK
open
GitHub PoC
Black-box test whether an LLM chatbot is vulnerable to markdown/HTML exfil (CVE-2025-32711 class). Spins up a sink, sends payloads, renders in headless Chromium, correlates via network.
CVE-2025-32711CRITICAL20 Apr 2026
M365 Copilot Information Disclosure Vulnerability
48RISK
open
GitHub PoC
Multi-VLAN virtual network across 10 VMs: GRE tunneling, nftables firewall, Active Directory, BIND9 DNS, Kea DHCP, Docker web services, SMB file sharing. Vulnerability assessment using OWASP ZAP (Stored XSS) and Nessus (CVE-2017-0144 EternalBlue). Validated with Wireshark.
CVE-2017-0144HIGHunder attackransomware20 Apr 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open
GitHub PoC
Qualitative TVRA for a multi-VLAN enterprise lab: Stored XSS on WebGoat (HIGH, 16), Stored XSS on Magento (ABSENT, MEDIUM, 8), and CVE-2017-0144 EternalBlue on Metasploitable 3 (CRITICAL, 25). Scored via Likelihood × Impact using CVSS v3.0 and ZAP/Nessus/Wireshark evidence.
CVE-2017-0144HIGHunder attackransomware20 Apr 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open
GitHub PoC79
Apache ActiveMQ漏洞综合利用工具(CVE-2015-5254,CVE-2016-3088,CVE-2022-41678,CVE-2023-46604,CVE-2024-32114,CVE-2026-34197,CVE-2026-40466, CVE-2026-42588)
CVE-2026-34197HIGHunder attack20 Apr 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RISK
open
GitHub PoC
Exploiting Bluekeep (CVE-2019-0708) on windows 7 using metasploit (Esucational lab)
CVE-2019-0708CRITICALunder attackransomware19 Apr 2026
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RISK
open
GitHub PoC
NetVanguard-cmd/CVE-2025-61882
CVE-2025-61882CRITICALunder attackransomware19 Apr 2026
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integratio
100RISK
open
GitHub PoC
rediscovered tplink nday xp (CVE-2023-33538)
CVE-2023-33538HIGHunder attack19 Apr 2026
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerabili
83RISK
open
GitHub PoC1
Cyb3rCr0wCC/cve-2017-11176
CVE-2017-1117619 Apr 2026
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retr
23RISK
open
GitHub PoC
NetVanguard-cmd/CVE-2025-55315
CVE-2025-55315CRITICAL19 Apr 2026
ASP.NET Security Feature Bypass Vulnerability
60RISK
open
GitHub PoC
Implements the mitigation for CVE-2025-54505 as described by AMD-SB-7053
CVE-2025-54505LOW18 Apr 2026
A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floa
28RISK
open
GitHub PoC
jithinodattu/CVE-2007-4559-lab
CVE-2007-4559CRITICAL18 Apr 2026
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows
53RISK
open
GitHub PoC
Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback
CVE-2025-6389CRITICAL18 Apr 2026
Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback
60RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.