Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
13,140 exploits
GitHub PoC
Basic Proof of Concept (Poc) Exploit for React RSC - CVE-2025-55182
CVE-2025-55182CRITICALunder attackransomware12 Mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
GitHub PoC
hook repo for cve-2024-32002
CVE-2024-32002CRITICAL12 Mar 2026
Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
53RISK
open
GitHub PoC
LunaLynx12/cve-2023-43208-poc
CVE-2023-43208CRITICALunder attackransomware12 Mar 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISK
open
GitHub PoC
0x0asif/CVE-2024-21762
CVE-2024-21762CRITICALunder attackransomware12 Mar 2026
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0
100RISK
open
GitHub PoC
CVE-2024-32002 Private for Capstone Project CC10
CVE-2024-32002CRITICAL12 Mar 2026
Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
53RISK
open
GitHub PoC1
Educational lab demonstrating CVE-2018-7600 (Drupalgeddon2) Remote Code Execution using a Docker-based vulnerable Drupal 7.56 environment.
CVE-2018-7600CRITICALunder attackransomware12 Mar 2026
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISK
open
GitHub PoC
Apache HTTP Server (2.4.49) üzerinde CVE-2021-42013 zafiyetini (Path Traversal & RCE) simüle eden Docker tabanlı sızma testi laboratuvarı.
CVE-2021-42013CRITICALunder attackransomware12 Mar 2026
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
100RISK
open
GitHub PoC
🚀 Complete analysis and exploitation of CVE-2025-5548 (FreeFloat FTP Server 1.0 - NOOP Buffer Overflow) Full methodology: manual tool installation, lab environment setup, fuzzing, offset calculation, bad chars, JMP ESP and working reverse shell exploit.
CVE-2025-5548MEDIUM12 Mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open
GitHub PoC
alanschmidt81/CVE-2025-5548
CVE-2025-5548MEDIUM12 Mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISK
open
GitHub PoC
Proof of concept exploit for CVE-2019-10068.
CVE-2019-10068CRITICALunder attack11 Mar 2026
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions
100RISK
open
GitHub PoC
michalAshurov/writeup-CVE-2024-3094
CVE-2024-3094CRITICAL11 Mar 2026
Xz: malicious code in distributed source
70RISK
open
GitHub PoC6
MistyFir/CVE-2024-21338-Exploit
CVE-2024-21338HIGHunder attackransomware11 Mar 2026
Windows Kernel Elevation of Privilege Vulnerability
83RISK
open
GitHub PoC
A simple Docker lab and Exploit setup for CVE-2021-3156 - "Baron Samedit".
CVE-2021-3156HIGHunder attack11 Mar 2026
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISK
open
GitHub PoC
Scripts en Python para la explotación de CVE-2024-51482 (SQLi en ZoneMinder) — HTB CCTV
CVE-2024-51482CRITICAL11 Mar 2026
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RISK
open
GitHub PoC1
CVE-2023-6329 – Authentication bypass PoC for Control iD iDSecure ≤ 4.7.43.0
CVE-2023-6329CRITICAL11 Mar 2026
Control iD iDSecure passwordCustom Authentication Bypass
75RISK
open
GitHub PoC
Advanced SMB Honeypot: CVE-2025-33073 Research & Implementation
CVE-2025-33073HIGHunder attack11 Mar 2026
Windows SMB Client Elevation of Privilege Vulnerability
83RISK
open
GitHub PoC
engranaabubakar/CVE-2022-42889
CVE-2022-4288910 Mar 2026
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
60RISK
open
GitHub PoC2
CVE-2025-66398 — Signal K Server ≤ 2.18.0 RCE PoC
CVE-2025-66398CRITICAL10 Mar 2026
Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)
53RISK
open
GitHub PoC
Writeup of the Optimum machine from Hack The Box. This walkthrough covers the exploitation of Rejetto HttpFileServer 2.3 (CVE-2014-6287) to gain initial access, followed by privilege escalation on a Windows host using enumeration techniques and post-exploitation tools.
CVE-2014-6287CRITICALunder attack10 Mar 2026
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c a
100RISK
open
GitHub PoC5
Comprehensive deobfuscated research of the Coruna iOS exploit kit targeting CVE-2024-23222. Analysis of WebKit Type Confusion, PAC Bypass, and Sandbox Escape
CVE-2024-23222HIGHunder attack10 Mar 2026
A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.
76RISK
open
GitHub PoC2
CVE-2026-6508 LiderAhenk Merkezi Yönetim Sistemi mimarisinde, uç birimler (agents) arası tüm istemcilerin birbirleri üzerinde 'root' yetkisiyle kod çalıştırılmasına (unauthorized rce & lateral movement) olanak tanıyan kritik güvenlik zafiyeti.
CVE-2026-6508CRITICAL10 Mar 2026
RCE in TUBITAK BILGEM's Liderahenk
48RISK
open
GitHub PoC1
PoC for CVE-2024-22393: Pixel Flood DoS in Apache Answer ≤1.2.1. Upload crafted 5KB image with fake 64Kx64K dimensions. Server allocates memory for 4B+ pixels and crashes. Find targets via "Powered by Apache Answer." Check bounty program rules before testing—DoS testing is often prohibited.
CVE-2024-22393CRITICAL09 Mar 2026
Apache Answer: Pixel Flood Attack by uploading the large pixel file
48RISK
open
GitHub PoC
swoon69/CVE-2025-59287-Exercise-Use
CVE-2025-59287CRITICALunder attack09 Mar 2026
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
100RISK
open
GitHub PoC
libssh Authentication Bypass (CVE-2018-10933) Lab
CVE-2018-10933CRITICAL09 Mar 2026
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client coul
85RISK
open
GitHub PoC1
ApacheHunter detects CVE-2024-22393 in Apache Answer servers. Like Wappalyzer but CLI-based. Scans headers, page content, meta tags, and paths to identify Apache versions and vulnerable installations (≤1.2.1). No output files—just real-time results.
CVE-2024-22393CRITICAL09 Mar 2026
Apache Answer: Pixel Flood Attack by uploading the large pixel file
48RISK
open
GitHub PoC
demo application showing off SQL Injection exploit in django 5.2.7
CVE-2025-64459CRITICAL09 Mar 2026
Potential SQL injection via _connector keyword argument in QuerySet and Q objects
53RISK
open
GitHub PoC
OpenSSH regreSSHion (CVE-2024-6387) Lab
CVE-2024-6387HIGH09 Mar 2026
Openssh: regresshion - race condition in ssh allows rce/dos
63RISK
open
GitHub PoC
CVE-2025-49844
CVE-2025-49844CRITICAL09 Mar 2026
Redis Lua Use-After-Free may lead to remote code execution
85RISK
open
GitHub PoC3
cupntlm
CVE-2025-33073HIGHunder attack09 Mar 2026
Windows SMB Client Elevation of Privilege Vulnerability
83RISK
open
GitHub PoC
OpenSSH User Enumeration (CVE-2018-15473) Lab
CVE-2018-15473MEDIUM09 Mar 2026
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticati
70RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.