Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
71,062 exploits
VulnCheck XDB
initial-access
WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability
63RISK
open ↗GitHub PoC
ubaydev/CVE-2026-11551-PoC
Branda – White Label & Branding, Free Login Page Customizer <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover
48RISK
open ↗GitHub PoC
Version: Download Manager 3.3.5.2 Title: Missing Authorization - Unauthenticated IDOR Exploit
WordPress Download Manager plugin <= 3.3.52 - Broken Access Control vulnerability
33RISK
open ↗VulnCheck XDB
remote-with-credentials
n8n Vulnerable to Remote Code Execution via Expression Injection
100RISK
open ↗VulnCheck XDB
local
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open ↗GitHub PoC★ 2
CVE-2026-37149 - SQL Injection vulnerability in the scost parameter of search_products.php in GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0.
GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0 was discovered to contain a SQL injection vulnerabil
41RISK
open ↗GitHub PoC★ 1
GadaLuBau1337/CVE-2026-44578
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISK
open ↗GitHub PoC
ClearLotus-git/CVE-2026-4480-PoC
Samba: samba: remote code execution in printing subsystem via unescaped job description
68RISK
open ↗GitHub PoC
aelshimony-cloud/OpenWire-CVE-2023-46604-Investigation
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RISK
open ↗GitHub PoC
Technical analysis of Apache Tomcat CVE-2024-50379, covering root cause, exploitation conditions, detection strategies, and mitigation techniques.
Apache Tomcat: RCE due to TOCTOU issue in JSP compilation
60RISK
open ↗GitHub PoC
Time-Based Blind SQL Injection tool for MySQL - CVE-2019-9053
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISK
open ↗GitHub PoC★ 2
Missing Authorization to Unauthenticated File Modification
Simple File List <= 6.3.7 - Missing Authorization to Unauthenticated File Modification via simplefilelist_edit_job AJAX Action
41RISK
open ↗GitHub PoC★ 3
🔥 CVE-2026-41091 SolarFlare | Microsoft Defender LPE exploit. Low-privileged users gain NT AUTHORITY\SYSTEM via Cloud Files API + NTFS junction trickery. Forces Defender to write malicious payloads to System32 with SYSTEM rights. ⚠️ Actively exploited in wild. CVSS 7.8. Patch: Defender Engine 1.1.26040.8. 🛡️ Educational PoC only.
Microsoft Defender Elevation of Privilege Vulnerability
71RISK
open ↗VulnCheck XDB
initial-access
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISK
open ↗GitHub PoC
Exploitability PoC for CVE-2026-43515 (Apache Tomcat constraint bypass).
Apache Tomcat: Security constraints not correctly applied
48RISK
open ↗GitHub PoC
Saku0512/CVE-2026-54761-poc
Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services
33RISK
open ↗GitHub PoC
AlexMihailEngineer/CVE-2026-11784-Optimole-CSRF
Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization <= 4.2.6 - Cross-Site Request Forgery via 'optml_replace_file' AJAX Action
33RISK
open ↗VulnCheck XDB
initial-access
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific
100RISK
open ↗GitHub PoC★ 1
Unauthenticated Privilege Escalation via Account Takeover
Branda – White Label & Branding, Free Login Page Customizer <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover
48RISK
open ↗GitHub PoC
CVE-2026-42055 - Draft
NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability
48RISK
open ↗GitHub PoC
CVE-2026-11551: Branda Plugin - Unauthenticated Privilege Escalation via Account Takeover
Branda – White Label & Branding, Free Login Page Customizer <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover
48RISK
open ↗GitHub PoC
CVE-2026-7515: BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion TO RCE EXPLOİT
BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style
48RISK
open ↗GitHub PoC
CVE-2026-48611- authentication bypass in phpBB
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or
63RISK
open ↗GitHub PoC
xxconi/CVE-2026-4782
Avada Builder <= 3.15.2 - Authenticated (Subscriber+) Arbitrary File Read via 'custom_svg' Shortcode Parameter
33RISK
open ↗GitHub PoC★ 2
CVE-2026-10520 - CVE-2026-10523 - Ivanti Sentry
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allow
60RISK
open ↗VulnCheck XDB
info-leak
BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style
48RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.