Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
13,140 exploits
GitHub PoC1
Technical analysis and proof-of-concept for CVE-2024-1086, a Linux kernel nf_tables use-after-free vulnerability leading to local privilege escalation. Includes vulnerability breakdown, affected versions, exploitation methodology, and mitigation guidance for research and educational purposes.
CVE-2024-1086HIGHunder attackransomware04 Mar 2026
Use-after-free in Linux kernel's netfilter: nf_tables component
76RISK
open
GitHub PoC
HazaVVIP/CVE-2025-30208
CVE-2025-30208MEDIUM04 Mar 2026
Vite bypasses server.fs.deny when using `?raw??`
70RISK
open
GitHub PoC1
Faridi-m/CVE-2021-22911-RocketChat
CVE-2021-2291104 Mar 2026
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenti
60RISK
open
GitHub PoC
arrhenius975/CVE-2024-38063-Exploit-Refactoring
CVE-2024-38063CRITICAL04 Mar 2026
Windows TCP/IP Remote Code Execution Vulnerability
70RISK
open
GitHub PoC
CVE-2025-32463
CVE-2025-32463CRITICALunder attack03 Mar 2026
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open
GitHub PoC
CVE-2023-3452 exploit for WordPress Canto plugin RCE, HTTPS support included
CVE-2023-3452CRITICAL03 Mar 2026
Canto <= 3.0.4 - Unauthenticated Remote File Inclusion
63RISK
open
GitHub PoC
CVE-2024-23897: Jenkins Arbitrary File Read Lead to RCE
CVE-2024-23897CRITICALunder attackransomware03 Mar 2026
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RISK
open
GitHub PoC1
Demonstrate a proof-of-concept exploit for CVE-2026-2441, a high-risk Chrome use-after-free vulnerability in the Blink CSS engine.
CVE-2026-2441HIGHunder attack03 Mar 2026
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside
76RISK
open
GitHub PoC
CVE-2025-68613 — n8n RCE via Expression Injection
CVE-2025-68613CRITICALunder attack03 Mar 2026
n8n Vulnerable to Remote Code Execution via Expression Injection
100RISK
open
GitHub PoC19
Dahua IP camera CVE research toolkit (CVE-2021-33044/33045, CVE-2025-31700/31701)
CVE-2021-33044CRITICALunder attack03 Mar 2026
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can by
100RISK
open
GitHub PoC
CVE-2025-5777
CVE-2025-5777CRITICALunder attackransomware02 Mar 2026
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
100RISK
open
GitHub PoC
Metasploit module to exploit CVE-2024-46987 - an authenticated path traversal vulnerability in Camaleon CMS versions 2.8.0 through 2.8.2 and 2.9.0
CVE-2024-46987HIGH02 Mar 2026
Arbitrary path traversal in Camaleon CMS
61RISK
open
GitHub PoC
Aryan20057/CVE-2023-4911
CVE-2023-4911HIGHunder attack02 Mar 2026
Glibc: buffer overflow in ld.so leading to privilege escalation
100RISK
open
GitHub PoC9
gowonisgood/CVE-2025-62215-POC
CVE-2025-62215HIGHunder attack02 Mar 2026
Windows Kernel Elevation of Privilege Vulnerability
71RISK
open
GitHub PoC
PoC of CVE-2021-4034 (PwnKit) for personal training purposes.
CVE-2021-4034HIGHunder attack02 Mar 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open
GitHub PoC1
CVE-2025-43529 Test
CVE-2025-43529HIGHunder attack02 Mar 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and
71RISK
open
GitHub PoC
Black box penetration test — WordPress exploitation, privilege escalation via CVE-2022-0847
CVE-2022-0847HIGHunder attack01 Mar 2026
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in cop
100RISK
open
GitHub PoC
Laravel-RCE: CVE-2017-9841
CVE-2017-9841CRITICALunder attack01 Mar 2026
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
100RISK
open
GitHub PoC
Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation
CVE-2021-4034HIGHunder attack01 Mar 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open
GitHub PoC
Time-Based Blind SQL Injection Exploit for the OpenSIPs Control Panel (or my first CVE!)
CVE-2026-36670HIGH01 Mar 2026
A Time-Based Blind SQL Injection vulnerability in the alias_management module of OpenSIPS Control Panel (opensips-cp) pr
41RISK
open
GitHub PoC
CVE-2014-0160
CVE-2014-0160HIGHunder attack01 Mar 2026
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
100RISK
open
GitHub PoC
This repository provides production-ready detection engineering content for **CVE-2025-25257**, a pre-authentication SQL Injection vulnerability in Fortinet FortiWeb Fabric Connector versions 7.0 through 7.6.x. Successful exploitation can lead to Remote Code Execution without any prior authentication.
CVE-2025-25257CRITICALunder attack01 Mar 2026
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISK
open
GitHub PoC
7rootsec/CVE-2022-21661-Technical-Analysis
CVE-2022-21661HIGH01 Mar 2026
SQL injection in WordPress
78RISK
open
GitHub PoC
CVE-2022-22965
CVE-2022-22965CRITICALunder attack01 Mar 2026
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RISK
open
GitHub PoC
CVE-2017-9805 S2-052 PoC
CVE-2017-9805HIGHunder attack28 Feb 2026
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with a
100RISK
open
GitHub PoC2
Async RCE scanner for CVE-2025-55182 / CVE-2025-66478 — prototype-pollution → code execution via React Server Actions.
CVE-2025-55182CRITICALunder attackransomware28 Feb 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
GitHub PoC
Controlled penetration testing lab demonstrating CVE-2011-2523 exploitation and mitigation techniques.
CVE-2011-252328 Feb 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISK
open
GitHub PoC
Metasploit exploit for the CVE-2025-50286.
CVE-2025-50286HIGH28 Feb 2026
A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plug
56RISK
open
GitHub PoC1
Authenticated remote code execution in Pluck CMS before 4.7.13.
CVE-2020-2960728 Feb 2026
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access
35RISK
open
GitHub PoC
GarethMSheldon/CVE-2025-60787-Detection-motionEye-RCE-via-Config-Injection
CVE-2025-60787HIGH28 Feb 2026
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.