Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
13,086 exploits
GitHub PoC
This is an exploit poc for CVE-2026-4480
CVE-2026-4480CRITICAL16 Jun 2026
Samba: samba: remote code execution in printing subsystem via unescaped job description
68RISK
open
GitHub PoC
Self-contained Docker reproduction and analysis of CVE-2024-23897, the Jenkins CLI arbitrary file read via the args4j @-syntax argument expansion.
CVE-2024-23897CRITICALunder attackransomware16 Jun 2026
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RISK
open
GitHub PoC
CVE-2026-20262 - Draft
CVE-2026-20262MEDIUMunder attack16 Jun 2026
Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
63RISK
open
GitHub PoC1
CVE-2026-54420
CVE-2026-54420HIGHunder attack16 Jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RISK
open
GitHub PoC
Resellnom/litespeed-cpanel-cve-2026-54420-fix
CVE-2026-54420HIGHunder attack16 Jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RISK
open
GitHub PoC8
This is a Linux Kernel Local Privilege Escalation PoC code for CVE-2026-52943 a use-after-free in skbuff.c, my first 0day found by me in linux kernel
CVE-2026-52943HIGH16 Jun 2026
net: skbuff: fix missing zerocopy reference in pskb_carve helpers
41RISK
open
GitHub PoC
testing
CVE-2026-0257HIGHunder attack15 Jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open
GitHub PoC2
DylanZahedi/CVE-2026-9277
CVE-2026-9277CRITICAL15 Jun 2026
shell-quote `quote()` does not validate object-token shapes, allowing command injection via line terminators in `.op`
48RISK
open
GitHub PoC
rootdirective-sec/CVE-2026-10795-Lab
CVE-2026-10795HIGH15 Jun 2026
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RISK
open
GitHub PoC
Research and analysis of the ServiceNow Virtual Agent vulnerability (CVE-2025-12420), including attack flow, MITRE ATT&CK mapping, detection strategies, and mitigation recommendations.
CVE-2025-12420CRITICAL15 Jun 2026
Unauthenticated Privilege Escalation in ServiceNow AI Platform
60RISK
open
GitHub PoC4
HTTP.sys Denial of Service Vulnerability & HTTP.sys Remote Code Execution Vulnerability
CVE-2026-49160HIGH15 Jun 2026
HTTP.sys Denial of Service Vulnerability
53RISK
open
GitHub PoC
webapp vulnerable to CVE-2021-44228
CVE-2021-44228CRITICALunder attackransomware15 Jun 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISK
open
GitHub PoC
TryHackMe SOC Level 1 — Follina CVE-2022-30190, Nim C2, Chisel, PrintSpoofer, backdoor accounts
CVE-2022-30190HIGHunder attackransomware15 Jun 2026
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISK
open
GitHub PoC
ElianGonzi00/CVE-2025-2783
CVE-2025-2783HIGHunder attack15 Jun 2026
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allow
71RISK
open
GitHub PoC
ikarolaborda/CVE-2026-40176
CVE-2026-40176HIGH15 Jun 2026
Composer is vulnerable to Command Injection via Malicious Perforce Repository
41RISK
open
GitHub PoC3
PoC exploit for CVE-2026-53519.
CVE-2026-53519CRITICAL15 Jun 2026
Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key
48RISK
open
GitHub PoC
CVE-2026-38812 RuoYi v4.8.2 SQL Injection
CVE-2026-38812CRITICAL15 Jun 2026
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generatio
48RISK
open
GitHub PoC1
This repository documents CVE-2026-48849, a Stored Cross-Site Scripting (XSS), HTML Injection, and CSS Injection vulnerability discovered in Roundcube Webmai
CVE-2026-48849MEDIUM15 Jun 2026
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored valu
33RISK
open
GitHub PoC
webshellseo8/CVE-2026-53787-POC-
CVE-2026-53787CRITICAL14 Jun 2026
Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload
63RISK
open
GitHub PoC
CVE-2026-5513 — Bookly ≤ 27.2 Stored XSS via Cookie
CVE-2026-5513HIGH14 Jun 2026
Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie
41RISK
open
GitHub PoC
CVE-2026-5513: Bookly <= 27.2 Stored XSS via Cookie (Unauthenticated)
CVE-2026-5513HIGH14 Jun 2026
Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie
41RISK
open
GitHub PoC1
Defensive research notes for CVE-2026-5950, a BIND 9 resolver DoS vulnerability credited to Billy Baraja (BielraX).
CVE-2026-5950MEDIUM14 Jun 2026
Unbounded resend loop in BIND 9 resolver
33RISK
open
GitHub PoC
CVE-2026-20253 - Splunk Enterprise
CVE-2026-20253CRITICALunder attack14 Jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RISK
open
GitHub PoC
CVE-2025-14847 mongobleed python file
CVE-2025-14847HIGHunder attack14 Jun 2026
Zlib compressed protocol header length confusion may allow memory read
100RISK
open
GitHub PoC
CVE-2026-20127
CVE-2026-20127CRITICALunder attack14 Jun 2026
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISK
open
GitHub PoC
rohit-sundar/cve-2026-23744
CVE-2026-23744CRITICAL14 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
GitHub PoC
Python RCE PoC with reverse-shell listener for CVE-2026-42945 (NGINX Rift)
CVE-2026-42945CRITICAL14 Jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC4
CVE-2026-20245
CVE-2026-20245HIGHunder attack14 Jun 2026
Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability
76RISK
open
GitHub PoC1
CVE-2024-3094 XZ Utils backdoor research - attack surface visualiser, system vulnerability checker, and general Linux CVE assessment tool
CVE-2024-3094CRITICAL14 Jun 2026
Xz: malicious code in distributed source
70RISK
open
GitHub PoC1
CVE-2017-0144
CVE-2017-0144HIGHunder attackransomware14 Jun 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.