Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
71,062 exploits
GitHub PoC★ 1
Proof of concept for CVE-2026-36027 and CVE-2026-36028
An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via
33RISK
open ↗GitHub PoC
Gogs has Path Traversal in organization name that results in RCE through Git hooks
Gogs: Path Traversal in organization name results in RCE through Git hooks
48RISK
open ↗VulnCheck XDB
remote-with-credentials
Gogs: Path Traversal in organization name results in RCE through Git hooks
48RISK
open ↗GitHub PoC
attarwahyup/Netscaler-CVE-2026-8451
Insufficient input validation leading to memory overread
41RISK
open ↗GitHub PoC
Gorse < 0.5.10 contains an authentication bypass caused by empty admin_api_key in /api/dump and /api/restore endpoints, letting unauthenticated remote attackers access and modify protected data, exploit requires default empty admin_api_key configuration.
Gorse - Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints
63RISK
open ↗VulnCheck XDB
initial-access
SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification
48RISK
open ↗GitHub PoC★ 1
kaleth4/CVE-2026-20896
Gitea Docker image trusts spoofable reverse-proxy headers by default
48RISK
open ↗GitHub PoC
Hunt-Benito/llama-factory-webui-rce-cve-2026-58116-trust-remote-code-model-path-injection
LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path
48RISK
open ↗GitHub PoC
Crawl4AI <= 0.8.6 pre-auth RCE via AST sandbox escape (gi_frame.f_back.f_builtins chain) — CVSS 10.0
Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API
48RISK
open ↗GitHub PoC
kaleth4/CVE-2026-55200
libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
48RISK
open ↗VulnCheck XDB
initial-access
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISK
open ↗GitHub PoC
Pivotal CRM's patch for an initial deserialization vulnerability was incomplete. The fix switched from BinaryFormatter to JSON.NET but left TypeNameHandling set to 4 without implementing SerializationBinder, allowing attackers to execute arbitrary code through malicious $type payloads. Fixed in 6.6.5.10 and Patch_CWE502_20260316.zip
An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in Pivotal CRM 6.6.5.10 a
48RISK
open ↗GitHub PoC
Safari 跨域信息读取
The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS
41RISK
open ↗GitHub PoC
motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read
motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read
41RISK
open ↗GitHub PoC
rootdirective-sec/CVE-2026-56011-Lab
WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerability
41RISK
open ↗GitHub PoC
A flaw was found in NGINX, specifically within the ngx_http_rewrite_module. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in arbitrary code execution
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗GitHub PoC
emilliewatson96/spryCVE-2026-10520
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISK
open ↗GitHub PoC
CVE-2026-48907 PoC
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open ↗VulnCheck XDB
client-side
WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerability
41RISK
open ↗VulnCheck XDB
initial-access
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic
100RISK
open ↗GitHub PoC★ 8
CVE-2026-6307 PoC: Longinus - 2 Boundaries in One Bug https://nebusec.ai/research/v8-cve-2026-6307-writeup/)
Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code
41RISK
open ↗GitHub PoC
OpenSTAManager RCE Exploit (CVE-2026-38751)
OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionali
41RISK
open ↗GitHub PoC★ 48
Google Chrome CVE-2026-6307 PoC
Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code
41RISK
open ↗VulnCheck XDB
initial-access
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISK
open ↗GitHub PoC
do4choo/CVE-2026-53694-NoMachine-LPE
Potential local privileges escalation through argument injection in the nxchmod.sh script
41RISK
open ↗GitHub PoC
Defensive validation of CVE-2026-46331 / pedit COW with auditd, AppArmor, mitigation comparison and detection logic.
net/sched: fix pedit partial COW leading to page cache corruption
41RISK
open ↗GitHub PoC
CVE-2026-56121 — Feast <0.63.0 unauthenticated RCE via gRPC registry dill.loads of OnDemandFeatureView UDF (pre-auth). Lab + PoC, verified e2e.
Feast < 0.63.0 Unauthenticated RCE via ApplyFeatureView gRPC Deserialization
48RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.