Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
71,062 exploits
VulnCheck XDB
initial-access
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RISK
open ↗GitHub PoC
A public share looked clean in the page tree, but the search endpoint told a different story. In Docmost, restricted child pages hidden from public share viewers could still leak through public share search results.
Docmost's Public Share Search Exposes Metadata of Restricted Children
33RISK
open ↗GitHub PoC
A low-privileged Docmost user could supply a victim attachmentId to the generic upload endpoint and overwrite another page's stored attachment inside the same workspace.
Docmost has cross-page attachment overwrite via flawed attachmentId overwrite validation
33RISK
open ↗GitHub PoC
12hrformat/CVE-2026-35273-POC
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana
100RISK
open ↗GitHub PoC★ 3
CVE-2026-20251 — Splunk Secure Gateway jsonpickle deserialization RCE (CVSS 8.8) | ReactiveZero Security Research
Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway
41RISK
open ↗GitHub PoC
fevar54/CVE-2026-20253-Splunk-Enterprise-Pre-Auth-RCE-
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RISK
open ↗GitHub PoC
Docmost accepted a javascript: URL inside an attachment node, preserved it through storage and rendering, and turned it back into a clickable anchor in the Docmost origin.
Docmost page content has stored XSS via unsanitized attachment URLs
33RISK
open ↗GitHub PoC★ 15
mooder1/dirtyclone-CVE-2026-43503
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RISK
open ↗GitHub PoC★ 4
aexdyhaxor/CVE-2026-43503-DirtyClone
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RISK
open ↗GitHub PoC
sec0x/CVE-2026-43503
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RISK
open ↗GitHub PoC
Penpot's remote image import let an authenticated file editor turn a normal media convenience feature into backend-origin SSRF because attacker-controlled URLs crossed into a redirect-following server fetch path without destination filtering.
Penpot: Authenticated SSRF in remote image import via create-file-media-object-from-url
38RISK
open ↗GitHub PoC
e-corp-demo/CVE-2026-44788
SharpCompress: Directory traversal via directory entries in WriteToDirectory (zip slip variant)
33RISK
open ↗GitHub PoC★ 24
CVE-2026-43503
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RISK
open ↗VulnCheck XDB
local
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RISK
open ↗GitHub PoC★ 1
W5M1n9/Cisco-Unified-Communications-Manager-Server-Side-Forgery-Request-Vulnerability-CVE-2026-20230
Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability
53RISK
open ↗GitHub PoC★ 1
CVE-2026-7574
Anthropic Claude Desktop Cowork VM Image Contents Not Validated Before Use
41RISK
open ↗VulnCheck XDB
local
The GameDriverX64.sys kernel-mode anti-cheat driver (v7.23.4.7 and earlier) contains an access control vulnerability in
33RISK
open ↗VulnCheck XDB
initial-access
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open ↗VulnCheck XDB
initial-access
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS
100RISK
open ↗GitHub PoC
7whyex/CVE-2026-45321-Tanstack
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISK
open ↗GitHub PoC
Squamity/CVE-2026-8181-PoC
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open ↗GitHub PoC
POC of CVE-2026-53075
ppp: require CAP_NET_ADMIN in target netns for unattached ioctls
41RISK
open ↗VulnCheck XDB
initial-access
Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability
53RISK
open ↗GitHub PoC★ 1
CVE-2026-8461 - Draft
Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder
41RISK
open ↗GitHub PoC★ 1
CVE-2026-48908
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.