Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
13,086 exploits
GitHub PoC
CVE-2026-9691: Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 Unauthenticated PHP Object Injection PoC, Patch Analysis & Rule
CVE-2026-9691CRITICAL17 Jun 2026
WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability
48RISK
open
GitHub PoC
CVE-2026-42758 WebinarIgnition Exploit
CVE-2026-42758CRITICAL17 Jun 2026
WordPress WebinarIgnition plugin < 4.08.253 - Privilege Escalation vulnerability
48RISK
open
GitHub PoC
Exploitation and mitigation analysis of CVE-2021-3156 heap-based buffer overflow in sudo
CVE-2021-3156HIGHunder attack17 Jun 2026
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISK
open
GitHub PoC
mandeepsohal/CVE-2025-66391
CVE-2025-66391HIGH17 Jun 2026
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o
41RISK
open
GitHub PoC
CVE-2026-49105 WP Zendesk PHP Object Injection Exploit
CVE-2026-49105CRITICAL17 Jun 2026
WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability
48RISK
open
GitHub PoC
CVE-2026-49104 Integration for Keap/Infusionsoft PHP Object Injection Exploit
CVE-2026-49104CRITICAL17 Jun 2026
WordPress Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.2.1 - PHP Object Injection vulnerability
48RISK
open
GitHub PoC
CVE-2026-49085 WP Insightly PHP Object Injection Exploit
CVE-2026-49085CRITICAL17 Jun 2026
WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability
48RISK
open
GitHub PoC
CVE-2026-49083 LatePoint Calendar Booking Plugin Privilege Escalation Exploit
CVE-2026-49083HIGH17 Jun 2026
WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability
41RISK
open
GitHub PoC
87achrafg-stack/CVE-2026-49083
CVE-2026-49083HIGH17 Jun 2026
WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability
41RISK
open
GitHub PoC1
CVE-2026-20262 - Cisco Catalyst SD-WAN Manager Arbitrary File Write Path Traversal Vulnerability (CWE-22) - Authenticated Remote File Write
CVE-2026-20262MEDIUMunder attack17 Jun 2026
Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
63RISK
open
GitHub PoC
rootdirective-sec/CVE-2026-49060-Lab
CVE-2026-49060CRITICAL17 Jun 2026
WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability
48RISK
open
GitHub PoC
CVE-2026-7654 Admin Columns PHP Object Injection RCE Exploit
CVE-2026-7654HIGH17 Jun 2026
Admin Columns <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution via Custom Field Meta Value
41RISK
open
GitHub PoC
PoC for CVE-2015-10141 – Xdebug unauthenticated RCE
CVE-2015-10141CRITICAL17 Jun 2026
Xdebug Remote Debugger Unauthenticated OS Command Execution
63RISK
open
GitHub PoC
segunakinsoyinu/CVE-2024-42009-roundcube-xss
CVE-2024-42009CRITICALunder attack17 Jun 2026
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to stea
100RISK
open
GitHub PoC
CVE-2026-8206 Kirki Plugin Unauthenticated Account Takeover Exploit
CVE-2026-8206CRITICAL17 Jun 2026
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RISK
open
GitHub PoC
CVE-2026-49079 JetSearch SQL Injection Exploit
CVE-2026-49079CRITICAL17 Jun 2026
WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability
48RISK
open
GitHub PoC132
PACKET_EDIT_MEME.c (aka CVE-2026-46331): yet another page cache poisoning nightmare
CVE-2026-46331HIGH17 Jun 2026
net/sched: fix pedit partial COW leading to page cache corruption
41RISK
open
GitHub PoC4
Manage and recover BitLocker encrypted drives with this tool for Windows 11 recovery key management and educational study of CVE-2026-45585.
CVE-2026-45585MEDIUM16 Jun 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RISK
open
GitHub PoC1
PoC exploit for CVE-2025-55182 (React2Shell) — Pre-auth RCE in React Server Components | CVSS 10.0
CVE-2025-55182CRITICALunder attackransomware16 Jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
GitHub PoC1
A script that gives you the credentials of a Pterodactyl panel vulnerable to CVE-2025-49132
CVE-2025-49132CRITICAL16 Jun 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISK
open
GitHub PoC
CVE-2025-30208 exploit script
CVE-2025-30208MEDIUM16 Jun 2026
Vite bypasses server.fs.deny when using `?raw??`
70RISK
open
GitHub PoC
Penetration testing assessment of a vulnerable IIS 6.0 WebDAV server, demonstrating reconnaissance, enumeration, exploitation (CVE-2017-7269), and privilege escalation to SYSTEM, along with risk analysis and remediation strategies.
CVE-2017-7269CRITICALunder attack16 Jun 2026
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in
100RISK
open
GitHub PoC8
This is a Linux Kernel Local Privilege Escalation PoC code for CVE-2026-52943 a use-after-free in skbuff.c, my first 0day found by me in linux kernel
CVE-2026-52943HIGH16 Jun 2026
net: skbuff: fix missing zerocopy reference in pskb_carve helpers
41RISK
open
GitHub PoC
This is an exploit poc for CVE-2026-4480
CVE-2026-4480CRITICAL16 Jun 2026
Samba: samba: remote code execution in printing subsystem via unescaped job description
68RISK
open
GitHub PoC
mahfuzreham/litespeed-cpanel-cve-2026-54420-fix
CVE-2026-54420HIGHunder attack16 Jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RISK
open
GitHub PoC1
CVE-2026-54420
CVE-2026-54420HIGHunder attack16 Jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RISK
open
GitHub PoC
CVE-2025-49844 exploit script
CVE-2025-49844CRITICAL16 Jun 2026
Redis Lua Use-After-Free may lead to remote code execution
85RISK
open
GitHub PoC
CVE-2026-47101, CVE-2026-47102, CVE-2026-40217
CVE-2026-47101HIGH16 Jun 2026
LiteLLM < 1.83.14 Privilege Escalation via API Key Generation
41RISK
open
GitHub PoC
CVE-2026-20262 - Draft
CVE-2026-20262MEDIUMunder attack16 Jun 2026
Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
63RISK
open
GitHub PoC
Resellnom/litespeed-cpanel-cve-2026-54420-fix
CVE-2026-54420HIGHunder attack16 Jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.