Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
13,140 exploits
GitHub PoC
Vulnerable Docker lab and exploit for Apache HTTP Server 2.4.49 path traversal vulnerability (CVE‑2021‑41773)
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open ↗GitHub PoC
12-test-12/CVE-2025-3248
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RISK
open ↗GitHub PoC
luisyapura/Analisis-y-Explotacion-de-CVE-2025-5548
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open ↗GitHub PoC
Binary exploitation laboratory: Environment setup and step-by-step walkthrough for exploiting CVE-2025-5548 using Ghidra, Immunity Debugger, and Python.
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open ↗GitHub PoC
POC for log4shll Vulnerablity (CVE-2021-44228)
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISK
open ↗GitHub PoC★ 2
Security research and technical analysis of CVE-2025-5548, a buffer overflow vulnerability affecting FreeFloat FTP Server 1.0. This repository documents vulnerability behavior, attack surface, controlled proof of concept testing, and defensive insights within a structured research environment for cybersecurity learning and analysis.
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open ↗GitHub PoC
Laboratorio de análisis y explotación de la vulnerabilidad CVE-2025-5548 en FreeFloat FTP Server 1.0
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open ↗GitHub PoC
Apache ActiveMQ OpenWire 역직렬화 RCE 취약점 기술 분석
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RISK
open ↗GitHub PoC
exploit para a CVE-2021-41773:Path Traversal cgi-bin
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open ↗GitHub PoC
sumaiyafathima-code/CVE-2023-27524
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RISK
open ↗GitHub PoC
LorenzoPorrasDuque/CVE-2025-5548-POC
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open ↗GitHub PoC
CVE-2018-6606
An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows
23RISK
open ↗GitHub PoC
Script and node.proto for exploit CVE-2025-68926
RustFS has a gRPC Hardcoded Token Authentication Bypass
53RISK
open ↗GitHub PoC
MotionEye v0.43.1b4 OS Command Injection
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RISK
open ↗GitHub PoC
Explotación de la vulnerabilidad CVE-2025-5548, paso a paso
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open ↗GitHub PoC
Análisis técnico, preparación de entorno de laboratorio y desarrollo de exploit (RCE) para la vulnerabilidad CVE-2025-5548 en FreeFloat FTP Server.
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open ↗GitHub PoC
Heap Buffer Overflow in CVE-2025-5548
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open ↗GitHub PoC
Research of CVE-2024-3094 vulnerability.
Xz: malicious code in distributed source
70RISK
open ↗GitHub PoC
0xTerror/CVE-2025-6934
Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user'
68RISK
open ↗GitHub PoC★ 1
Proof‑of‑concept Python script demonstrating CVE‑2023‑43208 in Mirth Connect, allowing version checks and command execution on vulnerable instances.
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISK
open ↗GitHub PoC
d3vn0mi/CVE-2025-60787-POC
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RISK
open ↗GitHub PoC★ 10
Adaptation of Cassowary CVE-2024-23222 for Linux x86_64
A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.
76RISK
open ↗GitHub PoC
Entorno y explotación de la vulnerabilidad CVE-2025-5548
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open ↗GitHub PoC
Basic Proof of Concept (Poc) Exploit for React RSC - CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗GitHub PoC★ 1
Educational lab demonstrating CVE-2018-7600 (Drupalgeddon2) Remote Code Execution using a Docker-based vulnerable Drupal 7.56 environment.
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.