Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,044cataloged exploits
31,616CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,077VulnCheck XDB 8,060Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
13,077 exploits
GitHub PoC
CVE-2026-15410 - More: https://github.com/HORKimhab/poc-cve-collection
Post-authentication improper control of generation of code ('Code Injection') vulnerability has been identified in the S
71RISK
open ↗GitHub PoC
Blog on CVE-2026-59827, Unsafe H2 query ouput deserialization
Metabase: Unsafe Deserialization of H2 Query Results
48RISK
open ↗GitHub PoC
CVE-2026-56164 EOP Exploit
Microsoft SharePoint Server Elevation of Privilege Vulnerability
63RISK
open ↗GitHub PoC
NeseOS-Corp/CVE-2026-50657
Microsoft Defender for Endpoint for Mac Information Disclosure Vulnerability
33RISK
open ↗GitHub PoC
Podlove Podcast Publisher Unauthenticated File Upload RCE via is_image() vs extract_file_extension() Mismatch | CVSS 9.8
Podlove Podcast Publisher <= 4.5.1 - Unauthenticated Arbitrary File Upload via podlove_image_cache_url Parameter
48RISK
open ↗GitHub PoC★ 1
Raimu0x19/CVE-2026-13001
Podlove Podcast Publisher <= 4.5.1 - Unauthenticated Arbitrary File Upload via podlove_image_cache_url Parameter
48RISK
open ↗GitHub PoC
CVE-2026-15409
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A
78RISK
open ↗GitHub PoC★ 2
This repo contains a proof-of-concept exploit for CVE-2026-15409. It establishes non-root remote code execution on SonicWall SMA 1000 by implementing the Erlang protocol expected by localhost:1050 and tunneling it through the websocket for file r/w and arbitrary code execution via RPC calls.
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A
78RISK
open ↗GitHub PoC
Proof of concept for CVE-2026-58635
Windows Narrator Braille Elevation of Privilege Vulnerability
41RISK
open ↗GitHub PoC
Samsung libimagecodec.quram.so OOB Write PoC
Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote
41RISK
open ↗GitHub PoC
CVE-2026-15409 - Dectect
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A
78RISK
open ↗GitHub PoC
Reproducer for CVE-2026-46588: Apache Camel camel-couchdb CouchDb* header injection (operation confusion) subverting a write-only endpoint into read + delete of arbitrary documents (fixed in 4.14.8/4.18.3/4.21.0)
Apache Camel: CouchDB: Non-Camel-prefixed Exchange headers bypass HeaderFilterStrategy allowing operation override from untrusted input
41RISK
open ↗GitHub PoC
Panduan mitigasi Januscape (CVE-2026-53359) AlmaLinux 9.5 production-safe + scripts
KVM: x86: Fix shadow paging use-after-free due to unexpected role
23RISK
open ↗GitHub PoC
seqra/cve-2026-58138
Orkes Conductor 3.21.21 < 3.30.2 Unauthenticated RCE via GraalVM Script Evaluators
48RISK
open ↗GitHub PoC
arpit-bansal15/cve-2026-48282-pentest-lab
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
68RISK
open ↗GitHub PoC★ 1
CVE-2026-58138 — Conductor (3.21.21..<3.30.2) unauthenticated RCE via INLINE GraalVM evaluator (HostAccess.ALL). Lab + PoC, verified e2e (root).
Orkes Conductor 3.21.21 < 3.30.2 Unauthenticated RCE via GraalVM Script Evaluators
48RISK
open ↗GitHub PoC
A 16-year-old bug in the Linux kernel lets a rented VM break out and attack the host it runs on. Intel and AMD alike. Januscape is a use-after-free vulnerability in the KVM code that has been sitting there since 2010.
KVM: x86: Fix shadow paging use-after-free due to unexpected role
23RISK
open ↗GitHub PoC
Reproducer for CVE-2026-46585: Apache Camel camel-lucene QUERY header injection enabling authorization bypass / index data exfiltration (fixed in 4.14.8/4.18.3/4.21.0)
Apache Camel Lucene: The query control headers used non-Camel-prefixed names (QUERY, RETURN_LUCENE_DOCS) that bypass the HTTP header filter, allowing an HTTP client to inject the full-text search query
41RISK
open ↗GitHub PoC
Reproducer for CVE-2026-46590: Apache Camel camel-pqc key-lifecycle unsafe deserialization (FileBasedKeyLifecycleManager legacy .key migration via ObjectInputStream), incomplete remediation of CVE-2026-40048 (fixed in 4.18.3/4.21.0)
Apache Camel: Camel-PQC: The HashiCorp Vault and AWS Secrets Manager key-lifecycle managers deserialize persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilter (incomplete remediation of CVE-2026-40048)
41RISK
open ↗GitHub PoC
Reproducer for CVE-2026-46591: Apache Camel camel-neo4j Cypher injection via property names in CamelNeo4jMatchProperties, enabling authorization bypass / cross-label data exfiltration (fixed in 4.14.8/4.18.3/4.21.0)
Apache Camel: Camel-Neo4j: JSON property names from the CamelNeo4jMatchProperties header are interpolated into the Cypher WHERE clause without validation, allowing Cypher injection (incomplete remediation of CVE-2025-66169)
41RISK
open ↗GitHub PoC
Reproducer for CVE-2026-46587: Apache Camel camel-couchbase CCB_* header injection enabling document disclosure, tampering, and TTL-forced data destruction (fixed in 4.14.8/4.18.3/4.21.0)
Apache Camel: Couchbase: Non-Camel-prefixed Exchange headers bypass HeaderFilterStrategy allowing operation override from untrusted input
41RISK
open ↗GitHub PoC
JohannesLks/CVE-2026-50338
Azure Spring Apps Elevation of Privilege Vulnerability
41RISK
open ↗GitHub PoC
Bartixxx32/CVE-2026-43499-OnePlus15
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISK
open ↗GitHub PoC★ 1
本次个人漏洞研究进展成果
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISK
open ↗GitHub PoC
Reproducer for CVE-2026-46584: Apache Camel camel-mail mail.smtp.* header injection enabling credential theft via on-path SOCKS interception (fixed in 4.14.8/4.18.3/4.21.0)
Apache Camel Mail: The mail producer applied attacker-supplied message headers as JavaMail session properties, allowing an attacker to influence SMTP parameters
28RISK
open ↗GitHub PoC
Reproducer for CVE-2026-46457 — Apache Camel camel-nats inbound header injection (Camel control-header injection via a NATS publisher; CamelHttpUri -> SSRF)
Apache Camel: Camel-NATS: Inbound NATS message headers are mapped into the Exchange without a configured HeaderFilterStrategy, allowing a client that can publish to the subject to inject Camel control headers
41RISK
open ↗GitHub PoC★ 3
Vulnerability analysis and Proof of Concept (PoC) for CVE-2026-43499 affecting Xiaomi devices. For educational and research purposes only.
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISK
open ↗GitHub PoC
CVE-2026-8181 — Burst Statistics WordPress plugin Authentication Bypass (CVSS 9.8) to Admin Account Takeover. Mass scanner with FOFA/Shodan integration and modern GUI.
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open ↗GitHub PoC
A Cross-Site Request Forgery (CSRF) vulnerability exists in the xxl-job-admin web application that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affected endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods via a permissive request mapping
A Cross-Site Request Forgery (CSRF) vulnerability exists in the xxl-job-admin web application v.3.0.0 that allows an att
20RISK
open ↗page 1 / 436next →
We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.