Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
13,140 exploits
GitHub PoC
Areeba-Zehra-Jafri/CVE-2021-41773---Apache-Path-Traversal---RCE
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open ↗GitHub PoC
Cybersecurity lab demonstrating Apache CVE-2021-41773 path traversal vulnerability with vulnerable server simulation, scanner, and security reporting.
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open ↗GitHub PoC★ 1
luoluoqingge/CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗GitHub PoC
Laboratorio para el análisis y explotación del CVE-2025-5548
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open ↗GitHub PoC
Practical lab focused on vulnerability analysis and exploit development, using FreeFloat FTP Server 1.0 as an educational buffer overflow case study and documenting the setup, analysis and exploitation workflow
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open ↗GitHub PoC
SSH Exploit Tool (Educational Use Only) 📌 Description This tool demonstrates exploitation of: CVE-2008-0166 CVE-2008-1657 It connects to vulnerable SSH services and provides: Persistent interactive shell Command execution logging Automatic PDF & DOCX report generation
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that ge
45RISK
open ↗GitHub PoC
A comprehensive analysis of CVE-2021-41773 (Apache HTTP Server 2.4.49), featuring vulnerability research, controlled lab-based exploitation, Proof-of-Concept development, root cause analysis, and mitigation strategies for educational and defensive security purposes.
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open ↗GitHub PoC
A professional Python tool designed for educational penetration testing, demonstrating SSH vulnerabilities (CVE-2008-0166 / CVE-2008-1657) with interactive shell access, command logging, and automated PDF/DOCX reporting.
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that ge
45RISK
open ↗GitHub PoC
Apache 2.4.49 Path Traversal RCE
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open ↗GitHub PoC
Red Team exploitation of CVE-2021-3156 (Baron Samedit) – Heap Buffer Overflow in Sudo leading to Local Privilege Escalation on Ubuntu 20.04
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISK
open ↗GitHub PoC
jesusdominguez87/CVE-2025-5548
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open ↗GitHub PoC
CVE-2024-53677 취약점 분석 보고서
Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks
70RISK
open ↗GitHub PoC
Detailed analysis of the 2023 MOVEit Transfer data breach (CVE-2023-34362) for CS50 Cybersecurity. This project explores the technical impact of unauthenticated SQL Injection and its consequences for global data privacy, affecting 2,700+ organizations. Special thanks to Professor David J. Malan and the CS50 staff.
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.
100RISK
open ↗GitHub PoC
a PoC for the Nagios CVE-2019-15949 rce in python
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios
100RISK
open ↗GitHub PoC★ 1
uname1able/CVE-2025-29824
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RISK
open ↗GitHub PoC
REC Exploit is a Python-based security testing tool that automates detection of potential RCE conditions in web applications under authorized environments. It sends crafted POST requests to targets, analyzes server responses for execution indicators, and supports batch scanning with custom input, structured payload handling, and clear CLI output.
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗GitHub PoC
Proof-of-concept for CVE-2025-55182 (React2Shell): unauthenticated RCE in React Server Components / Next.js via Flight protocol deserialization.
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗GitHub PoC
Security research and reproduction of CVE-2025-5548: A stack-based buffer overflow in FreeFloat FTP Server 1.0. Includes binary analysis, crash replication, and environment setup for vulnerability research.
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open ↗GitHub PoC
CVE-2021-44228 Log4Shell — Penetration Test Writeup
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISK
open ↗GitHub PoC
Buffer overflow in FreeFloat FTP Server 1.0
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open ↗GitHub PoC
luisyapura/Analisis-y-Explotacion-de-CVE-2025-5548
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open ↗GitHub PoC
CVE-2022-42889 취약점 분석보고서
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
60RISK
open ↗GitHub PoC
CVE-2020-5902
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.