Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
71,062 exploits
GitHub PoC1
CVE-2025-45422: Proximus b-box UPnP Persistence & Access Control Bypass
CVE-2025-45422HIGH30 Jun 2026
Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and mak
41RISK
open
GitHub PoC
CVE-2026-46817 - Draft
CVE-2026-46817CRITICALunder attack30 Jun 2026
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versi
78RISK
open
VulnCheck XDB
info-leak
CVE-2026-4020HIGH30 Jun 2026
Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API
68RISK
open
GitHub PoC
CVE-2026-46490 — samlify <2.13.0 SAML AttributeValue XML injection -> signed-assertion privilege escalation. Self-contained PoC, verified e2e.
CVE-2026-46490HIGH30 Jun 2026
samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions
41RISK
open
GitHub PoC2
Citrix NetScaler CVE Preconditions Checker as per CTX696604 | Supported CVE : CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, CVE-2026-10816, CVE-2026-10817, and CVE-2026-13474
CVE-2026-8451HIGH30 Jun 2026
Insufficient input validation leading to memory overread
41RISK
open
GitHub PoC
Defensive validation of CVE-2026-46331 / pedit COW with auditd, AppArmor, mitigation comparison and detection logic.
CVE-2026-46331HIGH30 Jun 2026
net/sched: fix pedit partial COW leading to page cache corruption
41RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2026-55255HIGH30 Jun 2026
Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow
41RISK
open
GitHub PoC
POC for CVE-2026-48907
CVE-2026-48907CRITICALunder attack30 Jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open
GitHub PoC
CVE-2026-8037 - Draft
CVE-2026-8037CRITICAL30 Jun 2026
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
75RISK
open
VulnCheck XDB
initial-access
CVE-2012-1823CRITICALunder attack30 Jun 2026
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not
100RISK
open
GitHub PoC
CVE-2026-58138 — Conductor (3.21.21..<3.30.2) unauthenticated RCE via INLINE GraalVM evaluator (HostAccess.ALL). Lab + PoC, verified e2e (root).
CVE-2026-58138CRITICAL30 Jun 2026
Orkes Conductor 3.21.21 < 3.30.2 Unauthenticated RCE via GraalVM Script Evaluators
48RISK
open
GitHub PoC
CVE-2026-44789 — n8n <1.123.43 HTTP Request pagination prototype pollution to RCE (NODE_OPTIONS runner-spawn gadget). Lab + automated PoC, verified e2e.
CVE-2026-44789CRITICAL30 Jun 2026
n8n: HTTP Request Node Pagination Prototype Pollution to RCE
48RISK
open
GitHub PoC1
CVE-2026-43284 - CVE-2026-43500 - CVE-2026-46300 Variant of dirtyfrag exploit
CVE-2026-46300HIGH30 Jun 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISK
open
GitHub PoC
PoC exploit for CVE-2026-10580 - Authentication Bypass in Hippoo Mobile App for WooCommerce <= 1.9.4 leading to Admin Account Takeover
CVE-2026-10580CRITICAL30 Jun 2026
Hippoo Mobile App for WooCommerce <= 1.9.4 - Unauthenticated Authentication Bypass to Administrator Account Takeover via REST API
63RISK
open
GitHub PoC
Defensive validation of CVE-2026-46331 / pedit COW with auditd, AppArmor, mitigation comparison and detection logic.
CVE-2026-46331HIGH30 Jun 2026
net/sched: fix pedit partial COW leading to page cache corruption
41RISK
open
GitHub PoC14
Linux kernel FUSE readdir cache out-of-bounds write (CVE-2026-31694): a malicious FUSE server overflows a page-cache page by 24 bytes. PoC plus an unprivileged local-root exploit via /etc/passwd page-cache corruption. Run only inside a VM.
CVE-2026-31694HIGH30 Jun 2026
fuse: reject oversized dirents in page cache
41RISK
open
VulnCheck XDB
initial-access
CVE-2023-41892CRITICAL30 Jun 2026
Craft CMS Remote Code Execution vulnerability
85RISK
open
GitHub PoC
rootdirective-sec/CVE-2026-55255-Lab
CVE-2026-55255HIGH30 Jun 2026
Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow
41RISK
open
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALunder attack30 Jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open
VulnCheck XDB
local
CVE-2019-2215HIGHunder attack30 Jun 2026
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interacti
100RISK
open
GitHub PoC
CVE-2026-56121 — Feast <0.63.0 unauthenticated RCE via gRPC registry dill.loads of OnDemandFeatureView UDF (pre-auth). Lab + PoC, verified e2e.
CVE-2026-56121CRITICAL30 Jun 2026
Feast < 0.63.0 Unauthenticated RCE via ApplyFeatureView gRPC Deserialization
48RISK
open
GitHub PoC
Kestra Auth-Bypass Vulnerability Checker
CVE-2026-49869CRITICAL30 Jun 2026
Kestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`
48RISK
open
VulnCheck XDB
info-leak
CVE-2026-8451HIGH30 Jun 2026
Insufficient input validation leading to memory overread
41RISK
open
GitHub PoC
Chequeo y Fix de la vulnerabilidad "pedit COW"
CVE-2026-46331HIGH30 Jun 2026
net/sched: fix pedit partial COW leading to page cache corruption
41RISK
open
VulnCheck XDB
initial-access
CVE-2026-28496CRITICAL29 Jun 2026
FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE
63RISK
open
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALunder attack29 Jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open
GitHub PoC
POC for CVE-2026-20253
CVE-2026-20253CRITICALunder attack29 Jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RISK
open
GitHub PoC
DirtyClone - local privilege escalation (LPE) proof-of-concept targeting a kernel/XFRM-related vulnerability described in the source as CVE-2026-43503
CVE-2026-43503HIGH29 Jun 2026
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RISK
open
GitHub PoC
CVE-2026-56782 — Gorse <0.5.10 unauthenticated DB dump/restore (admin_api_key fail-open). Lab + PoC, verified e2e.
CVE-2026-56782CRITICAL29 Jun 2026
Gorse - Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints
63RISK
open
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALunder attack29 Jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open
previouspage 12 / 2,369next

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.