Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,002cataloged exploits
31,582CVEs with public exploitation
AllExploit-DB 22,467Referência 19,780GitHub PoC 13,048VulnCheck XDB 8,060Nuclei 4,185Metasploit 3,462recentpopularrisk
13,048 exploits
GitHub PoC
CVE-2026-8181 — Burst Statistics WordPress plugin Authentication Bypass (CVSS 9.8) to Admin Account Takeover. Mass scanner with FOFA/Shodan integration and modern GUI.
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open ↗GitHub PoC
Bartixxx32/CVE-2026-43499-OnePlus15
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISK
open ↗GitHub PoC
JohannesLks/CVE-2026-50338
Azure Spring Apps Elevation of Privilege Vulnerability
38RISK
open ↗GitHub PoC
Reproducer for CVE-2026-46584: Apache Camel camel-mail mail.smtp.* header injection enabling credential theft via on-path SOCKS interception (fixed in 4.14.8/4.18.3/4.21.0)
Apache Camel Mail: The mail producer applied attacker-supplied message headers as JavaMail session properties, allowing an attacker to influence SMTP parameters
28RISK
open ↗GitHub PoC
Reproducer for CVE-2026-46457 — Apache Camel camel-nats inbound header injection (Camel control-header injection via a NATS publisher; CamelHttpUri -> SSRF)
Apache Camel: Camel-NATS: Inbound NATS message headers are mapped into the Exchange without a configured HeaderFilterStrategy, allowing a client that can publish to the subject to inject Camel control headers
41RISK
open ↗GitHub PoC★ 3
Vulnerability analysis and Proof of Concept (PoC) for CVE-2026-43499 affecting Xiaomi devices. For educational and research purposes only.
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISK
open ↗GitHub PoC★ 1
本次个人漏洞研究进展成果
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISK
open ↗GitHub PoC
CVE-2026-49049 Helix3 (JoomShaper) Joomla Unauthenticated AJAX RCE Scanner
Joomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler
41RISK
open ↗GitHub PoC★ 1
CVE-2026-40047 - Apache Camel Docling CLI Argument Injection - PoC & Analysis | CVSS 9.1 CRITICAL | AMN SECURITY
Apache Camel: Camel-Docling: Insufficient validation of custom CLI arguments enables argument injection and path traversal in DoclingProducer
48RISK
open ↗GitHub PoC
Reproducer for CVE-2026-46453 — Apache Camel camel-elasticsearch-rest-client unprefixed-header injection (operation/query override via inbound HTTP headers)
Apache Camel: Camel-Elasticsearch-Rest-Client: Exchange header constants without the Camel prefix bypass inbound HTTP header filtering, allowing untrusted clients to override the Elasticsearch query and operation
33RISK
open ↗GitHub PoC★ 1
CVE-2026-6307 - Google Chrome V8 Turbofan Type Confusion Sandbox Escape - PoC & Analysis | CVSS 8.8 HIGH | AMN SECURITY
Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code
41RISK
open ↗GitHub PoC
1beelze/CVE-2026-5118
Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'
48RISK
open ↗GitHub PoC★ 1
Android version CVE-2026-43499 tester
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISK
open ↗GitHub PoC
OPPO Find X6 Pro GhostLock (CVE-2026-43499) exploit adaptation
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISK
open ↗GitHub PoC★ 3
(Hopefully) A tool to root for (most) Android devices through CVE-2026-43499
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISK
open ↗GitHub PoC★ 2
Multi OS Support: Version for MacOS/Linux and Windows, Fully translated to English
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISK
open ↗GitHub PoC★ 1
CVE-2026-48907 - Joomla JCE Editor Unauthenticated RCE - PoC & Analysis | CVSS 9.8 CRITICAL | AMN SECURITY
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open ↗GitHub PoC★ 1
CVE-2026-46529 - Atril Evince XReader PDF Clickable Link RCE - PoC & Analysis | CVSS 7.8 HIGH | AMN SECURITY
PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
41RISK
open ↗GitHub PoC
CVE-2026-53805 - Draft
NVIDIA SIL GEN3C Unauthenticated RCE via Pickle Deserialization in Inference API
48RISK
open ↗GitHub PoC★ 11
CVE-2026-43724 - Apple's published enough advisories about the issue, I'm not getting paid for any of my kernel bugs.
The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tah
41RISK
open ↗GitHub PoC
Reproducer for CVE-2026-46454 — Apache Camel camel-cometd inbound Bayeux header injection (unauthenticated Camel control-header injection → downstream producer steering / RCE)
Apache Camel: Camel-Cometd: Inbound Bayeux message headers are mapped into the Exchange without a HeaderFilterStrategy, allowing unauthenticated clients to inject Camel control headers
48RISK
open ↗GitHub PoC
Reproducer for CVE-2026-46455 — Apache Camel camel-keycloak missing TokenVerifier.IS_ACTIVE check (expired access tokens accepted)
Apache Camel: Camel-Keycloak: The access-token validity window is not verified because the IS_ACTIVE check is missing from the TokenVerifier, allowing expired tokens to be accepted
48RISK
open ↗GitHub PoC
Reproducer for CVE-2026-46456 — Apache Camel camel-aws2-sqs inbound message-attribute header injection (Camel control-header injection via sqs:SendMessage → downstream producer steering / RCE)
Apache Camel: Camel-AWS2-SQS: Inbound message attributes are mapped into the Exchange without an inbound HeaderFilterStrategy, allowing a message sender to inject Camel control headers
48RISK
open ↗GitHub PoC
Reproducer for CVE-2026-43867 — Apache Camel camel-pqc AwsSecretsManagerKeyLifecycleManager unsafe key-metadata deserialization (RCE)
Apache Camel: Camel-PQC: The AWS Secrets Manager key-lifecycle manager deserializes persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilter
48RISK
open ↗GitHub PoC
Admin-only terminal bootstrap routes checked only for login state, which let a normal team member drive Coolify's realtime terminal backend and execute commands on team servers.
Coolify: Missing authorization on terminal websocket bootstrap routes allows low-privileged members to execute commands on team servers
48RISK
open ↗GitHub PoC★ 1
Mendeteksi versi (passive detection) & Exploitation CVE POC
Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1
78RISK
open ↗GitHub PoC
nuclei template for CVE-2026-56291
Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1
78RISK
open ↗GitHub PoC★ 3
Unauthenticated Arbitrary File/Folder Deletion in Joomla Helix Ultimate (JoomShaper) <= 2.2.6 — CVE-2026-57830
Joomla Extension - joomshaper.com - Unauthenticated arbitrary file deletion in Helix Ultimate < 2.2.7
41RISK
open ↗GitHub PoC★ 1
CVE-2026-36214 - osTicket Stored XSS via Bootstrap Tooltip - PoC & Analysis | CVSS 8.7 HIGH | AMN SECURITY
osTicket versions from 1.10 up to 1.17.7 and from 1.18.0 up to 1.18.3 are vulnerable to a stored XSS due to a vulnerable
30RISK
open ↗GitHub PoC★ 3
Unauthenticated Stored XSS in Joomla Helix Ultimate (JoomShaper) <= 2.2.6
Joomla Extension - joomshaper.com - Unauthenticated stored XSS in Helix Ultimate < 2.2.7
41RISK
open ↗page 1 / 435next →
We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.