Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
13,140 exploits
GitHub PoC
Areeba-Zehra-Jafri/CVE-2021-41773---Apache-Path-Traversal---RCE
CVE-2021-41773HIGHunder attackransomware18 Mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
GitHub PoC
Cybersecurity lab demonstrating Apache CVE-2021-41773 path traversal vulnerability with vulnerable server simulation, scanner, and security reporting.
CVE-2021-41773HIGHunder attackransomware18 Mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
GitHub PoC1
luoluoqingge/CVE-2025-55182
CVE-2025-55182CRITICALunder attackransomware18 Mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
GitHub PoC
Laboratorio para el análisis y explotación del CVE-2025-5548
CVE-2025-5548MEDIUM18 Mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open
GitHub PoC
Practical lab focused on vulnerability analysis and exploit development, using FreeFloat FTP Server 1.0 as an educational buffer overflow case study and documenting the setup, analysis and exploitation workflow
CVE-2025-5548MEDIUM18 Mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open
GitHub PoC
SSH Exploit Tool (Educational Use Only) 📌 Description This tool demonstrates exploitation of: CVE-2008-0166 CVE-2008-1657 It connects to vulnerable SSH services and provides: Persistent interactive shell Command execution logging Automatic PDF & DOCX report generation
CVE-2008-016618 Mar 2026
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that ge
45RISK
open
GitHub PoC
A comprehensive analysis of CVE-2021-41773 (Apache HTTP Server 2.4.49), featuring vulnerability research, controlled lab-based exploitation, Proof-of-Concept development, root cause analysis, and mitigation strategies for educational and defensive security purposes.
CVE-2021-41773HIGHunder attackransomware18 Mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
GitHub PoC
A professional Python tool designed for educational penetration testing, demonstrating SSH vulnerabilities (CVE-2008-0166 / CVE-2008-1657) with interactive shell access, command logging, and automated PDF/DOCX reporting.
CVE-2008-016618 Mar 2026
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that ge
45RISK
open
GitHub PoC
Apache 2.4.49 Path Traversal RCE
CVE-2021-41773HIGHunder attackransomware18 Mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
GitHub PoC
Red Team exploitation of CVE-2021-3156 (Baron Samedit) – Heap Buffer Overflow in Sudo leading to Local Privilege Escalation on Ubuntu 20.04
CVE-2021-3156HIGHunder attack18 Mar 2026
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISK
open
GitHub PoC
FKShield/CVE-2025-5548
CVE-2025-5548MEDIUM18 Mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open
GitHub PoC
jesusdominguez87/CVE-2025-5548
CVE-2025-5548MEDIUM18 Mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open
GitHub PoC
CVE-2024-53677 취약점 분석 보고서
CVE-2024-53677CRITICAL18 Mar 2026
Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks
70RISK
open
GitHub PoC
Toddkk02/CVE-2025-29927
CVE-2025-29927CRITICAL17 Mar 2026
Authorization Bypass in Next.js Middleware
85RISK
open
GitHub PoC
CVE-2025-29927-Nextjs 분석 보고서
CVE-2025-29927CRITICAL17 Mar 2026
Authorization Bypass in Next.js Middleware
85RISK
open
GitHub PoC
​Detailed analysis of the 2023 MOVEit Transfer data breach (CVE-2023-34362) for CS50 Cybersecurity. This project explores the technical impact of unauthenticated SQL Injection and its consequences for global data privacy, affecting 2,700+ organizations. Special thanks to Professor David J. Malan and the CS50 staff.
CVE-2023-34362CRITICALunder attackransomware17 Mar 2026
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.
100RISK
open
GitHub PoC
a PoC for the Nagios CVE-2019-15949 rce in python
CVE-2019-15949HIGHunder attack17 Mar 2026
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios
100RISK
open
GitHub PoC1
uname1able/CVE-2025-29824
CVE-2025-29824HIGHunder attackransomware17 Mar 2026
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RISK
open
GitHub PoC
REC Exploit is a Python-based security testing tool that automates detection of potential RCE conditions in web applications under authorized environments. It sends crafted POST requests to targets, analyzes server responses for execution indicators, and supports batch scanning with custom input, structured payload handling, and clear CLI output.
CVE-2025-55182CRITICALunder attackransomware17 Mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
GitHub PoC
Proof-of-concept for CVE-2025-55182 (React2Shell): unauthenticated RCE in React Server Components / Next.js via Flight protocol deserialization.
CVE-2025-55182CRITICALunder attackransomware17 Mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
GitHub PoC
Security research and reproduction of CVE-2025-5548: A stack-based buffer overflow in FreeFloat FTP Server 1.0. Includes binary analysis, crash replication, and environment setup for vulnerability research.
CVE-2025-5548MEDIUM17 Mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open
GitHub PoC
CVE-2021-44228 Log4Shell — Penetration Test Writeup
CVE-2021-44228CRITICALunder attackransomware17 Mar 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISK
open
GitHub PoC
Buffer overflow in FreeFloat FTP Server 1.0
CVE-2025-5548MEDIUM17 Mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open
GitHub PoC
PopClom/CVE-2025-5548
CVE-2025-5548MEDIUM17 Mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open
GitHub PoC
Alvarosr16/CVE-2025-5548
CVE-2025-5548MEDIUM17 Mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open
GitHub PoC
Diego57709/CVE-2025-5548
CVE-2025-5548MEDIUM16 Mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open
GitHub PoC
luisyapura/Analisis-y-Explotacion-de-CVE-2025-5548
CVE-2025-5548MEDIUM16 Mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open
GitHub PoC
CVE-2022-42889 취약점 분석보고서
CVE-2022-4288916 Mar 2026
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
60RISK
open
GitHub PoC
CVE-2020-5902
CVE-2020-5902CRITICALunder attackransomware16 Mar 2026
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic
100RISK
open
GitHub PoC
jgs-developer/CVE-2025-5548
CVE-2025-5548MEDIUM16 Mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.