Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
13,140 exploits
GitHub PoC
A deep-dive security analysis into the 2020 Virgin Mobile KSA data breach. This study dissects the exploitation of CVE-2020-0688, evaluates the impact of delayed patch management, and proposes a robust multi-layered defense architecture to prevent sophisticated exfiltration tactics.
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle o
100RISK
open ↗GitHub PoC
ross-ns/WSUS-CVE-2025-59287
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
100RISK
open ↗GitHub PoC
Interactive shell client for React Server Components RCE exploitation via __proto__ pollution (CVE-2025-55182)
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗GitHub PoC
andres101c/Shellshock-CVE-2014-6271
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISK
open ↗GitHub PoC
PoC and explanation for CVE-2025-4517 used in a CTF I was playing.
Arbitrary writes via tarfile realpath overflow
48RISK
open ↗GitHub PoC
New CVE-2019-7609 which works with python 13
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker
100RISK
open ↗GitHub PoC
Proof-of-concept exploit for CVE-2023-20198, an authentication bypass vulnerability affecting Cisco IOS XE Web UI
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS
100RISK
open ↗GitHub PoC★ 2
CVE-2025-47812 POC
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISK
open ↗GitHub PoC
Authenticated RCE in Netgate pfSense CE 2.7.2 and 2.8.0
Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP ob
48RISK
open ↗GitHub PoC
A high-performance Python toolkit to automate the CVE-2025-4517 PATH_MAX bypass exploit. Specifically tuned for the WingData HTB challenge to achieve arbitrary file writes and root persistence
Arbitrary writes via tarfile realpath overflow
48RISK
open ↗GitHub PoC★ 4
CVE For Pterodactyl (For Study and Education)
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISK
open ↗GitHub PoC
rogerzeferino/Apache-Solr-RCE-CVE-2019-17558
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A V
100RISK
open ↗GitHub PoC★ 2
CVE-2025-4517 (CVSS 9.4 – Critical) A vulnerability in Python's `tarfile`
Arbitrary writes via tarfile realpath overflow
48RISK
open ↗GitHub PoC
CVE-2025-47812: Wing FTP Server 7.4.3 UnauthN RCE in sh
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISK
open ↗GitHub PoC★ 8
Python tarfile data filter bypass via PATH_MAX overflow in os.path.realpath() - CVE-2025-4517 / CVE-2025-4330
Arbitrary writes via tarfile realpath overflow
48RISK
open ↗GitHub PoC★ 2
CVE‑2025‑4517 Proof‑of‑Concept Script
Arbitrary writes via tarfile realpath overflow
48RISK
open ↗GitHub PoC
Modified Exploit-DB proof-of-concept for CVE-2014-4688 (pfSense status_rrd_graph_img.php command injection)
pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_
23RISK
open ↗GitHub PoC
[AtHack 2026] Pwn challenge about telnetd CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open ↗GitHub PoC★ 1
simple CVE-2017-7921 rewrite in python by me. for educational purposes only!
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 16
100RISK
open ↗GitHub PoC★ 8
Privilege Escalation script for CVE-2025-4517
Arbitrary writes via tarfile realpath overflow
48RISK
open ↗GitHub PoC★ 2
Herramienta avanzada de explotación transversal de ruta de WinRAR para CVE-2025-8088
Path traversal vulnerability in WinRAR
93RISK
open ↗GitHub PoC
Samba 3.0.20 CVE-2007-2447 Exploit
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RISK
open ↗GitHub PoC
CVE-2024-37383 Proof of Concept
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
85RISK
open ↗GitHub PoC
Домашняя работа по Pyton № 10 CVE-2020-11022 Краткое описание CVE-2020-11022 — уязвимость типа Reflected XSS (межсайтовый скриптинг), связанная с некорректной обработкой пользовательского ввода, который отражается в HTML-ответе без экранирования. Атакующий может внедрить JavaScript-код, который выполнится в браузере пользователя.
jQuery has a potential XSS vulnerability
55RISK
open ↗GitHub PoC
nik123-py/CVE-2025-49132_HTB_SEASON10
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISK
open ↗GitHub PoC★ 5
A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field.
A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows aut
48RISK
open ↗GitHub PoC★ 49
The PoC for CVE-2025-70795 / CVE-2026-0828 and updated driver
STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCT
33RISK
open ↗GitHub PoC★ 12
UAF and AOP coprocessor panic in IOHIDEventServiceFastPathUserClient. No entitlements, reachable from app sandbox.
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7
33RISK
open ↗GitHub PoC
BIG02-bot/React2Shell-CVE-2025-55182-An-lise-T-cnica
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗GitHub PoC★ 1
CVE-2024-34102 exploit for python3
XXE can expose crypt key and other secrets granting full admin access
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.