Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
13,086 exploits
GitHub PoC
Fuzzing the Microsoft Windows DNS client library. Inspired by CVE-2026-41096.
Windows DNS Client Remote Code Execution Vulnerability
48RISK
open ↗GitHub PoC★ 1
CVE-2026-11837: local privilege escalation in the ansible.posix authorized_key module via symlink-following chown. Technical writeup; sibling of CVE-2024-9902.
Ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown
41RISK
open ↗GitHub PoC★ 3
Proof of Concept (PoC) for the TP-Link DHCP Option 66 Unauthenticated RCE (CVE-2026-11834)
Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers
41RISK
open ↗GitHub PoC
fuchiuebusi-lab/nginx-ui-CVE-2026-42221-CVE-2026-42238-
nginx-ui: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim
41RISK
open ↗GitHub PoC★ 7
anyanything/CVE-2026-8461-PoC
Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder
41RISK
open ↗GitHub PoC★ 10
CVE-2026-55200
libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
48RISK
open ↗GitHub PoC
Prueba de concepto de CVE-2021-41773
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open ↗GitHub PoC★ 10
CVE-2026-42978 — Use-After-Free race condition in Windows Push Notifications (WpnService). Patch diff, root cause analysis, TOCTOU lab, Sysmon/ETW detection rules.
Windows Push Notifications Elevation of Privilege Vulnerability
41RISK
open ↗GitHub PoC
Public advisory for CVE-2026-39253, addressing an insecure deserialisation in Pivotal CRM 6.6.04.08 allowing remote code execution via unsafe BinaryFormatter usage in Smart Client and PBS components. Includes vulnerability details, affected versions, and remediation guidance.
An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker to execute arbitrary code via the Pivotal.Core.Common.dll a
41RISK
open ↗GitHub PoC
eliHiHo/portfolio-drupal-cve-2026-9082
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISK
open ↗GitHub PoC
mythicaltree/CVE-2019-2215
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interacti
100RISK
open ↗GitHub PoC
s1lentf00thold/CVE-2020-11651-Poc
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISK
open ↗GitHub PoC
Apache Tomcat CGI Servlet RCE (Windows) — Educational PoC
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0
60RISK
open ↗GitHub PoC★ 1
Ethical, network-isolated Docker lab reproducing CVE-2026-26030 — Semantic Kernel in-memory vector store filter eval() RCE (patched in 1.39.4)
Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
48RISK
open ↗GitHub PoC★ 2
CVE-2026-49772 — The Events Calendar (WordPress) unauthenticated blind SQLi PoC
WordPress The Events Calendar plugin 6.15.12-6.16.2 - SQL Injection vulnerability
48RISK
open ↗GitHub PoC★ 1
Technical analysis of CVE-2026-42945 (NGINX Rift), a critical heap buffer overflow in NGINX's rewrite engine caused by a state mismatch between length calculation and copy operations, enabling worker crashes and potential remote code execution.
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗GitHub PoC
CVE-2026-4020 - Draft
Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API
68RISK
open ↗GitHub PoC★ 2
CVE-2025-48907 - Unauthenticated RCE exploit for Joomla JCE < 2.9.99.5
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open ↗GitHub PoC★ 1
sec0x/CVE-2026-48907
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open ↗GitHub PoC
drolley919/joomla-cve-2015-8562-exploit-and-linux-forensic-analysis
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbi
60RISK
open ↗GitHub PoC★ 13
Unauthenticated RCE PoC for CVE-2026-48908 — SP Page Builder for Joomla (≤ 6.6.1): arbitrary file upload via asset.uploadCustomIcon. Self-cleaning, token-guarded. Authorized testing only.
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISK
open ↗GitHub PoC
CVE-2026-39031 — offline plaintext password recovery for Lansweeper lsrunase 2.0 / lsencrypt 2.0 via a hardcoded RC4 key. PoC + technical advisory.
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt crede
33RISK
open ↗GitHub PoC
Vulnerability proof of concept reworked from https://github.com/utmost3/cve/issues/2 I take no credit for discovering the vulnerability. This is for educational and portfolio purposes only.
Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection
41RISK
open ↗GitHub PoC★ 2
Technical analysis of CVE-2026-46300 (Fragnesia), a Linux kernel page-cache write vulnerability that enables local privilege escalation through SKBFL_SHARED_FRAG invariant violations in the networking stack.
net: skbuff: preserve shared-frag marker during coalescing
41RISK
open ↗GitHub PoC
React2Shell POC
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗GitHub PoC
Detection & remediation toolkit for the Miasma / Shai-Hulud worm and CVE-2026-35603 (AI-agent/IDE config injection)
Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows
33RISK
open ↗GitHub PoC★ 1
El exploit para obtener root usado la vulnerabilidad del CVE-2021-4034 o tambien llamado PwnKit el cual permite teniendo un shell hacer una escalada de privilegios siempre y cuando la version de pkexec sea = o < que la v0.105
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open ↗GitHub PoC
POC for CVE-2026-23744 for a python revshell
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open ↗GitHub PoC
Chaelsoo/CVE-2022-23131-Wrappers
Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.