Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
13,140 exploits
GitHub PoC
Technical analysis of CVE-2025-55182 (React2Shell RCE vulnerability)
CVE-2025-55182CRITICALunder attackransomware04 Apr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
GitHub PoC
Analysis and exploitation of a Next.js authorization bypass vulnerability (CVE-2025-29927)
CVE-2025-29927CRITICAL04 Apr 2026
Authorization Bypass in Next.js Middleware
85RISK
open
GitHub PoC
vettrivel007/CVE-2024-49138
CVE-2024-49138HIGHunder attack04 Apr 2026
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RISK
open
GitHub PoC
Dahalsamir/CVE-2011-2523-exploit
CVE-2011-252304 Apr 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISK
open
GitHub PoC1
Exploit CVE-2022-46363
CVE-2022-46364CRITICAL03 Apr 2026
Apache CXF SSRF Vulnerability
48RISK
open
GitHub PoC1
Bash script to detect CVE-2025-55182 (React2Shell) and credential exposure in Next.js projects. Zero dependencies.
CVE-2025-55182CRITICALunder attackransomware03 Apr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
GitHub PoC1
TP-Link Router Authenticated RCE Exploit (CVE-2022-30075) Bu araç, TP-Link Archer AX50 ve bazı diğer TP-Link router modellerinde bulunan **CVE-2022-30075** güvenlik açığını kullanarak kimliği doğrulanmış uzaktan komut çalıştırma (Authenticated Remote Code Execution) işlemi gerçekleştirir.
CVE-2022-3007503 Apr 2026
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote
35RISK
open
GitHub PoC
tryj/CVE-2012-1823---PHP-CGI---RCE
CVE-2012-1823CRITICALunder attack03 Apr 2026
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not
100RISK
open
GitHub PoC2
Perforce security research and tools - CVE-2026-6043
CVE-2026-6043HIGH03 Apr 2026
Insecure Default Configuration in P4 Server
41RISK
open
GitHub PoC
CVE-2025-59059: Misattributed RCE in Apache Ranger Static Analysis Correction
CVE-2025-59059CRITICAL03 Apr 2026
Apache Ranger: Remote Code Execution Vulnerability in NashornScriptEngineCreator
48RISK
open
GitHub PoC8
POC for CVE-2026-23416 (linux kernel 6.17 – linux kernel 7 rc5) - vulnerability discovered by Antonius
CVE-2026-2341602 Apr 2026
mm/mseal: update VMA end correctly on merge
23RISK
open
GitHub PoC
CVE-2025-29927 - Next.js漏洞测试工具
CVE-2025-29927CRITICAL02 Apr 2026
Authorization Bypass in Next.js Middleware
85RISK
open
GitHub PoC
🛡️ SSH User Enumeration (CVE-2018-15473). Python 3, multihilo y calibración anti-falsos positivos. 🧵
CVE-2018-15473MEDIUM02 Apr 2026
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticati
70RISK
open
GitHub PoC
Deliberately vulnerable Next.js application demonstrating CVE-2025-29927 (middleware-based auth bypass) for learning and bug bounty practice.
CVE-2025-29927CRITICAL02 Apr 2026
Authorization Bypass in Next.js Middleware
85RISK
open
GitHub PoC
CVE-2025-55182
CVE-2025-55182CRITICALunder attackransomware02 Apr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
GitHub PoC
This repository contains a comprehensive security assessment of an enterprise LAN environment. The core focus of this project was the identification, exploitation, and remediation of the **Shellshock (CVE-2014-6271)** vulnerability within a Linux-based web server.
CVE-2014-6271CRITICALunder attack02 Apr 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISK
open
GitHub PoC
📂 Grafana LFI Exploit (CVE-2021-43798). Extracción automatizada de credenciales y configuración. 🕵️
CVE-2021-43798HIGHunder attack02 Apr 2026
Grafana path traversal
100RISK
open
GitHub PoC
Second CVE still Remote Code Execution
CVE-2026-35196HIGH02 Apr 2026
Chamilo LMS has OS Command Injection via export_all_certificates action
41RISK
open
GitHub PoC
Full penetration test report against `IP` (Ubuntu VM). Attack chain: directory enumeration → backup file discovery → password cracking → CMS file upload → reverse shell → kernel privilege escalation (Dirty Pipe, CVE-2022-0847).
CVE-2022-0847HIGHunder attack02 Apr 2026
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in cop
100RISK
open
GitHub PoC
nicostan15/CVE-2022-46169
CVE-2022-46169CRITICALunder attack02 Apr 2026
Unauthenticated Command Injection
100RISK
open
GitHub PoC11
Full-chain exploit for CVE-2025-2783 (Ipcz Sandbox Escape & RCE).
CVE-2025-2783HIGHunder attack01 Apr 2026
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allow
71RISK
open
GitHub PoC
Full penetration testing workflow: credential brute force, SSH access and privilege escalation (CVE-2021-4034)
CVE-2021-4034HIGHunder attack01 Apr 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open
GitHub PoC
TLevente20/HTTP-2-RapidReset-CVE-2023-44487-Testlab
CVE-2023-44487HIGHunder attack01 Apr 2026
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many
93RISK
open
GitHub PoC
Módulo de Metasploit para explotar CVE-2025-24054 (ex 24071). Exploit de filtración NTLM integrado en Metasploit para vectores de ataque basados en bibliotecas de Windows.
CVE-2025-24054MEDIUMunder attack01 Apr 2026
NTLM Hash Disclosure Spoofing Vulnerability
75RISK
open
GitHub PoC
Analisis de CVE relacionada con stack overflow
CVE-2025-5548MEDIUM01 Apr 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open
GitHub PoC
CVE-2021-21220 Exploitation infrastructure
CVE-2021-21220HIGHunder attack01 Apr 2026
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to po
100RISK
open
GitHub PoC1
Technical analysis of a SharePoint ToolShell (CVE-2025-53770) exploitation attempt involving RCE, webshell deployment, and MachineKey extraction.
CVE-2025-53770CRITICALunder attackransomware01 Apr 2026
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
GitHub PoC
kavin71725/CVE-2025-12543-Fix-for-Wildfly
CVE-2025-12543CRITICAL01 Apr 2026
Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf
48RISK
open
GitHub PoC3
Detect, assess, and respond to supply chain attacks across npm/yarn and Python (pip/poetry/uv). Claude Code skill + standalone scripts. Built during axios RAT (2026-03-31) and Starlette BadHost CVE-2026-48710 (2026-05-22).
CVE-2026-48710MEDIUM01 Apr 2026
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RISK
open
GitHub PoC
FortiGate CVE-2022-40684 assessment tool for user enumeration, configuration dump, and lab testing.
CVE-2022-40684CRITICALunder attackransomware01 Apr 2026
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 an
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.