Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
13,086 exploits
GitHub PoC★ 1
Proof of concept for CVE-2026-36027 and CVE-2026-36028
An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via
33RISK
open ↗GitHub PoC★ 1
kaleth4/CVE-2026-20896
Gitea Docker image trusts spoofable reverse-proxy headers by default
48RISK
open ↗GitHub PoC
This repository contains a proof-of-concept (PoC) exploit for CVE-2026-38751, affecting OpenSTAManager ≤ 2.10. The vulnerability allows an authenticated attacker to upload a malicious module via the module update functionality, leading to arbitrary file upload and remote code execution (RCE).
OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionali
41RISK
open ↗GitHub PoC
Hunt-Benito/llama-factory-webui-rce-cve-2026-58116-trust-remote-code-model-path-injection
LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path
48RISK
open ↗GitHub PoC
Crawl4AI <= 0.8.6 pre-auth RCE via AST sandbox escape (gi_frame.f_back.f_builtins chain) — CVSS 10.0
Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API
48RISK
open ↗GitHub PoC
BastianXploited/CVE-2026-0740-mass
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RISK
open ↗GitHub PoC★ 6
SimpleHelp OIDC Authentication Bypass PoC
SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification
48RISK
open ↗GitHub PoC
CVE-2026-54477: Admin Panel Missing Security Headers (clickjacking/XSS) - Gardyn (ICSA-26-183-03)
Gardyn IoT Hub Improper Neutralization of HTTP Headers for Scripting Syntax
33RISK
open ↗GitHub PoC
DESIGN AND IMPLEMENTATION OF A VULNERABILITY SCANNER FOR CVE-2026-45498 IN MICROSOFT DEFENDER
Microsoft Defender Denial of Service Vulnerability
75RISK
open ↗GitHub PoC
CVE-2026-13768: Privileged iothubowner IoT Hub credential — fleet enumeration, device RCE, home-network pivot — Gardyn (ICSA-26-183-03)
Gardyn IoT Hub Use of Hard-coded Credentials
48RISK
open ↗GitHub PoC
Gogs has Path Traversal in organization name that results in RCE through Git hooks
Gogs: Path Traversal in organization name results in RCE through Git hooks
48RISK
open ↗GitHub PoC
kaleth4/CVE-2026-55200
libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
48RISK
open ↗GitHub PoC
Gorse < 0.5.10 contains an authentication bypass caused by empty admin_api_key in /api/dump and /api/restore endpoints, letting unauthenticated remote attackers access and modify protected data, exploit requires default empty admin_api_key configuration.
Gorse - Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints
63RISK
open ↗GitHub PoC
emilliewatson96/spryCVE-2026-10520
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISK
open ↗GitHub PoC★ 8
CVE-2026-6307 PoC: Longinus - 2 Boundaries in One Bug https://nebusec.ai/research/v8-cve-2026-6307-writeup/)
Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code
41RISK
open ↗GitHub PoC
Safari 跨域信息读取
The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS
41RISK
open ↗GitHub PoC
rootdirective-sec/CVE-2026-56011-Lab
WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerability
41RISK
open ↗GitHub PoC
motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read
motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read
41RISK
open ↗GitHub PoC★ 48
Google Chrome CVE-2026-6307 PoC
Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code
41RISK
open ↗GitHub PoC
A flaw was found in NGINX, specifically within the ngx_http_rewrite_module. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in arbitrary code execution
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗GitHub PoC
Pivotal CRM's patch for an initial deserialization vulnerability was incomplete. The fix switched from BinaryFormatter to JSON.NET but left TypeNameHandling set to 4 without implementing SerializationBinder, allowing attackers to execute arbitrary code through malicious $type payloads. Fixed in 6.6.5.10 and Patch_CWE502_20260316.zip
An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in Pivotal CRM 6.6.5.10 a
48RISK
open ↗GitHub PoC
OpenSTAManager RCE Exploit (CVE-2026-38751)
OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionali
41RISK
open ↗GitHub PoC
CVE-2026-48907 PoC
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open ↗GitHub PoC
do4choo/CVE-2026-53694-NoMachine-LPE
Potential local privileges escalation through argument injection in the nxchmod.sh script
41RISK
open ↗GitHub PoC
CVE-2026-58138 — Conductor (3.21.21..<3.30.2) unauthenticated RCE via INLINE GraalVM evaluator (HostAccess.ALL). Lab + PoC, verified e2e (root).
Orkes Conductor 3.21.21 < 3.30.2 Unauthenticated RCE via GraalVM Script Evaluators
48RISK
open ↗GitHub PoC★ 2
Citrix NetScaler CVE Preconditions Checker as per CTX696604 | Supported CVE : CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, CVE-2026-10816, CVE-2026-10817, and CVE-2026-13474
Insufficient input validation leading to memory overread
41RISK
open ↗GitHub PoC
Kestra Auth-Bypass Vulnerability Checker
Kestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`
48RISK
open ↗GitHub PoC
CVE-2026-56121 — Feast <0.63.0 unauthenticated RCE via gRPC registry dill.loads of OnDemandFeatureView UDF (pre-auth). Lab + PoC, verified e2e.
Feast < 0.63.0 Unauthenticated RCE via ApplyFeatureView gRPC Deserialization
48RISK
open ↗GitHub PoC
POC for CVE-2026-48907
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.