Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
13,140 exploits
GitHub PoC
VX Search Enterprise v10.1.12 Remote Buffer Overflow
CVE-2017-1522009 Mar 2026
Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginni
23RISK
open
GitHub PoC
learning github
CVE-2021-2476209 Mar 2026
Perfect Survey < 1.5.2 - Unauthenticated SQL Injection
60RISK
open
GitHub PoC
libssh Authentication Bypass (CVE-2018-10933) Lab
CVE-2018-10933CRITICAL09 Mar 2026
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client coul
85RISK
open
GitHub PoC
demo application showing off SQL Injection exploit in django 5.2.7
CVE-2025-64459CRITICAL09 Mar 2026
Potential SQL injection via _connector keyword argument in QuerySet and Q objects
53RISK
open
GitHub PoC3
cupntlm
CVE-2025-33073HIGHunder attack09 Mar 2026
Windows SMB Client Elevation of Privilege Vulnerability
83RISK
open
GitHub PoC
0axz-tools/CVE-2025-6440
CVE-2025-6440CRITICAL08 Mar 2026
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RISK
open
GitHub PoC
A demo and explanation of CVE-2026-31431
CVE-2026-31431HIGHunder attack08 Mar 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
gustavorobertux/cisco-cve-2023-20198-checker
CVE-2023-20198CRITICALunder attack08 Mar 2026
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS
100RISK
open
GitHub PoC
ZoneMinder Time-Based SQL Injection (CVE-2024-51482) Exploit POC
CVE-2024-51482CRITICAL08 Mar 2026
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RISK
open
GitHub PoC2
lil0xplorer/CVE-2025-60787_PoC
CVE-2025-60787HIGH08 Mar 2026
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RISK
open
GitHub PoC
An automated, high-precision zero-shot evaluation pipeline for OpenAI's CLIP model on CIFAR-10. Features 88.80% accuracy, Safetensors security mitigation (CVE-2025-32434), and AI Native (Trae) workflow.
CVE-2025-32434CRITICAL08 Mar 2026
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution
48RISK
open
GitHub PoC3
CVE-2023-38831 is a Zero-day WinRAR vulnerability that lets attackers disguise malicious files in archives, tricking users into executing harmful content.
CVE-2023-38831HIGHunder attackransomware08 Mar 2026
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a
100RISK
open
GitHub PoC202
CVE-2026-24061 exploit PoC
CVE-2026-24061CRITICALunder attack08 Mar 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
GitHub PoC
Penetration testing lab demonstrating CVE-2024-21413 moniker link exploitation for NTLM credential theft, including attack execution, hash cracking, and defensive countermeasures
CVE-2024-21413CRITICALunder attack08 Mar 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RISK
open
GitHub PoC8
ZenoMinder Blind SQL Injection PoC
CVE-2024-51482CRITICAL08 Mar 2026
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RISK
open
GitHub PoC
Dockerized vulnerable lab demonstrating CVE-2024-2083 in ZenML, a path traversal vulnerability in the step logs API allowing arbitrary file read.
CVE-2024-2083CRITICAL08 Mar 2026
Directory Traversal in zenml-io/zenml
60RISK
open
GitHub PoC10
PoC for CVE-2025-60787 - Authenticated RCE in motionEye for all versions up to 0.43.1b4 (included)
CVE-2025-60787HIGH08 Mar 2026
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RISK
open
GitHub PoC1
Professional PoC for CVE-2025-60787: Remote Code Execution in MotionEye (<= 0.43.1b4). This exploit demonstrates an OS Command Injection vulnerability through client-side validation bypass, allowing attackers to execute arbitrary commands via configuration files.
CVE-2025-60787HIGH07 Mar 2026
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RISK
open
GitHub PoC
Exploit for CVE-2023-27372 with interactiev shell
CVE-2023-27372CRITICAL07 Mar 2026
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. T
85RISK
open
GitHub PoC2
Go PoC for CVE-2025-32433 — unauthenticated RCE in Erlang/OTP SSH.
CVE-2025-32433CRITICALunder attack07 Mar 2026
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISK
open
GitHub PoC14
Authenticated time-based blind SQL injection PoC for ZoneMinder CVE-2024-51482 (v1.37.* <= 1.37.64)
CVE-2024-51482CRITICAL07 Mar 2026
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RISK
open
GitHub PoC
CVE-2020-1350的PoC
CVE-2020-1350CRITICALunder attack07 Mar 2026
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle req
100RISK
open
GitHub PoC
CVE-2014-6271
CVE-2014-6271CRITICALunder attack06 Mar 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISK
open
GitHub PoC
this is a metasploit exploit module for CVE-2024-25096 and CVE-2023-3452
CVE-2023-3452CRITICAL06 Mar 2026
Canto <= 3.0.4 - Unauthenticated Remote File Inclusion
63RISK
open
GitHub PoC
Full-cycle Pentest on Metasploitable (VMware/Kali). Scanned services (Apache Tomcat/8180), researched CVE-2002-0936 via Exploit-DB, and gained access using default creds (Metasploit). Performed local enumeration for SUID misconfigs, exploiting a legacy Nmap binary to escalate privileges to Root.
CVE-2002-093606 Mar 2026
The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the w
28RISK
open
GitHub PoC
luoqichen/CVE-2025-55182-POC
CVE-2025-55182CRITICALunder attackransomware06 Mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
GitHub PoC
Asus Router Arbitrary File Write to Remote Code Execution PoC - Fk Mirai
CVE-2024-3912CRITICAL06 Mar 2026
ASUS Router - Upload arbitrary firmware
48RISK
open
GitHub PoC
shakyanayann/CVE-2022-0185
CVE-2022-0185HIGHunder attack05 Mar 2026
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functio
76RISK
open
GitHub PoC2
yonathanpy/CVE-2025-32462-CVE-2025-32463-PoC-Lab
CVE-2025-32462LOW05 Mar 2026
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allo
28RISK
open
GitHub PoC
prabeershakya/CVE-2022-0185-POC
CVE-2022-0185HIGHunder attack04 Mar 2026
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functio
76RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.