Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
13,086 exploits
GitHub PoC★ 1
CVE-2026-12485
GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command
48RISK
open ↗GitHub PoC★ 2
DirtyClone - local privilege escalation (LPE) proof-of-concept targeting a kernel/XFRM-related vulnerability described in the source as CVE-2026-43503
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RISK
open ↗GitHub PoC
Unauthenticated RCE PoC for CVE-2026-48908 SP Page Builder (Joomla) arbitrary file upload and remote code execution exploit with mass scaning support.
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISK
open ↗GitHub PoC★ 192
CVE-2026-41940 authentication bypass vulnerability proof-of-concept
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open ↗GitHub PoC★ 1
CVE-2026-49048 — JoomCCK 6.4.0 Unauthenticated SQL Injection (CVSS 9.8)
Joomla Extension - joomcoder.com - Unauthenticated SQL Injection in JoomCCK extension for Joomla < 6.4.1
41RISK
open ↗GitHub PoC
POC for CVE-2026-41179
RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution
63RISK
open ↗GitHub PoC
Double-free in Apache httpd mod_http2 stream cleanup leading to pre-auth RCE
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISK
open ↗GitHub PoC★ 5
CVE-2026-46331 — Linux Kernel Local Privilege Escalation TC pedit + IPsec TEE Page Cache Corruption · Affected kernels: ≤ 6.12.9
net/sched: fix pedit partial COW leading to page cache corruption
41RISK
open ↗GitHub PoC
patched ffmpeg-tools for jellyfin to patch CVE-2026-8461 aka PixelSmash
Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder
41RISK
open ↗GitHub PoC
CVE-2026-46331 - Draft
net/sched: fix pedit partial COW leading to page cache corruption
41RISK
open ↗GitHub PoC★ 105
CVE-2026-43499 PoC
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISK
open ↗GitHub PoC
PoC for CVE-2026-5366: git argument injection in Prefect's GitRepository leading to RCE on the worker.
Git Argument Injection in prefecthq/prefect
48RISK
open ↗GitHub PoC★ 1
WP Full Stripe Free <= 8.4.3 - Missing Authorization
Stripe Payment Forms by WP Full Pay <= 8.4.3 - Missing Authorization to Unauthenticated Payment Record Manipulation via 'paymentIntentId' Parameter
33RISK
open ↗GitHub PoC
CVE-2026-48907 is a CVSS 10.0 pre-auth RCE in Joomla Content Editor affecting all versions ≤ 2.9.99.4. The Grayxploit team breaks down the 3-weakness chain — missing auth, no extension validation, and an unsafe upload flag — that lets attackers pop a shell in 3 HTTP requests.
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open ↗GitHub PoC★ 7
OpenSTAManager-RCE-Exploit-CVE-2026-38751
OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionali
41RISK
open ↗GitHub PoC★ 2
CVE-2026-0073-Android-ADBD-bypass-POC汉化版
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RISK
open ↗GitHub PoC★ 56
cve-2026-48907 scanner
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open ↗GitHub PoC★ 2
Educational, defensive kit for two Linux page-cache-corruption LPEs (DirtyClone CVE-2026-43503, pedit COW CVE-2026-46331): hardening, detection, verification, seccomp + validation harness. Detection and prevention only — no exploit code. TLP:CLEAR.
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RISK
open ↗GitHub PoC
Hunt-Benito/traefik-stripprefix-auth-bypass-cve-2026-48020-path-normalization
Traefik StripPrefix Route-Level Auth Bypass via Path Normalization
41RISK
open ↗GitHub PoC★ 4
CVE-2026-8461
Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder
41RISK
open ↗GitHub PoC
CVE-2026-54807 WooCommerce Privilege Escalation ║ ║ Unauthenticated Admin Role Assignment via Reg. Form
WordPress Registration Form for WooCommerce plugin <= 1.0.9 - Privilege Escalation vulnerability
48RISK
open ↗GitHub PoC
A local package installation helper trusted caller-supplied package names too much. In yeoman-environment, missing generators could be installed without user confirmation, turning attacker-controlled project metadata into a package-install and code-execution path.
yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation
41RISK
open ↗GitHub PoC★ 26
CVE-2026-46331
net/sched: fix pedit partial COW leading to page cache corruption
41RISK
open ↗GitHub PoC
12hrformat/CVE-2026-35273-POC
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana
100RISK
open ↗GitHub PoC
A low-privileged Docmost user could supply a victim attachmentId to the generic upload endpoint and overwrite another page's stored attachment inside the same workspace.
Docmost has cross-page attachment overwrite via flawed attachmentId overwrite validation
33RISK
open ↗GitHub PoC
Docmost accepted a javascript: URL inside an attachment node, preserved it through storage and rendering, and turned it back into a clickable anchor in the Docmost origin.
Docmost page content has stored XSS via unsanitized attachment URLs
33RISK
open ↗GitHub PoC
CVE-2026-12415-or-CVE-2026-12416.py
Invoice Generator <= 1.0.0 - Unauthenticated Privilege Escalation via Account Takeover via 'user_id' Parameter
48RISK
open ↗GitHub PoC
A public share looked clean in the page tree, but the search endpoint told a different story. In Docmost, restricted child pages hidden from public share viewers could still leak through public share search results.
Docmost's Public Share Search Exposes Metadata of Restricted Children
33RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.