Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,002cataloged exploits
31,582CVEs with public exploitation
AllExploit-DB 22,467Referência 19,780GitHub PoC 13,048VulnCheck XDB 8,060Nuclei 4,185Metasploit 3,462recentpopularrisk
71,002 exploits
GitHub PoC
Reproducer for CVE-2026-46455 — Apache Camel camel-keycloak missing TokenVerifier.IS_ACTIVE check (expired access tokens accepted)
Apache Camel: Camel-Keycloak: The access-token validity window is not verified because the IS_ACTIVE check is missing from the TokenVerifier, allowing expired tokens to be accepted
48RISK
open ↗GitHub PoC
Reproducer for CVE-2026-46454 — Apache Camel camel-cometd inbound Bayeux header injection (unauthenticated Camel control-header injection → downstream producer steering / RCE)
Apache Camel: Camel-Cometd: Inbound Bayeux message headers are mapped into the Exchange without a HeaderFilterStrategy, allowing unauthenticated clients to inject Camel control headers
48RISK
open ↗GitHub PoC
1beelze/CVE-2026-5118
Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'
48RISK
open ↗GitHub PoC★ 11
CVE-2026-43724 - Apple's published enough advisories about the issue, I'm not getting paid for any of my kernel bugs.
The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tah
41RISK
open ↗GitHub PoC
CVE-2026-49049 Helix3 (JoomShaper) Joomla Unauthenticated AJAX RCE Scanner
Joomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler
41RISK
open ↗GitHub PoC★ 136
CVE-2026-43499 Implementation for 6.12.23-android16-5-g75e9b1c7ae7c-abogki463945075-4k
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISK
open ↗VulnCheck XDB
initial-access
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0
60RISK
open ↗GitHub PoC★ 61
基于 CVE-2026-43499 的 8E5 机型自动化解锁辅助工具,仅限授权安全研究与自有设备使用。
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISK
open ↗GitHub PoC★ 2
GhostLock (CVE-2026-43499) kernel exploit for OnePlus devices with locked bootloader
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISK
open ↗GitHub PoC
Reproducer for CVE-2026-43866 — Apache Camel camel-jms forged DefaultExchangeHolder bypass of the CVE-2026-40860 deserialization filter (Exchange-state injection)
Apache Camel, Apache Camel: Camel JMS - CVE-2026-40860 fix bypass via DefaultExchangeHolder
41RISK
open ↗GitHub PoC
Reproducer for CVE-2026-43865 — Apache Camel camel-hazelcast default-configured instance unsafe Java deserialization (RCE)
Apache Camel: Camel-Hazelcast: Unsafe Java deserialization in default-configured managed Hazelcast instances enables remote code execution
41RISK
open ↗GitHub PoC
Write-up and exploitation steps for the pedit COW vulnerability (CVE-2026-46331)
net/sched: fix pedit partial COW leading to page cache corruption
41RISK
open ↗GitHub PoC★ 1
GhostLock - CVE-2026-43499 backport patch for openVZ 7
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISK
open ↗VulnCheck XDB
initial-access
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISK
open ↗VulnCheck XDB
initial-access
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0
60RISK
open ↗VulnCheck XDB
initial-access
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open ↗VulnCheck XDB
initial-access
Cockpit: cockpit: unauthenticated remote code execution due to ssh command-line argument injection
68RISK
open ↗GitHub PoC★ 1
Hunt-Benito/samsung-bixby-command-execution-cve-2026-21055-improper-component-export
Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute a
41RISK
open ↗GitHub PoC★ 1
Dahua CVE-2026-29114
A vulnerability has been found in some Dahua products. An attacker
may obtain the device’s CA root certificate. If that
28RISK
open ↗VulnCheck XDB
initial-access
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[
50RISK
open ↗VulnCheck XDB
initial-access
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnera
100RISK
open ↗VulnCheck XDB
initial-access
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RISK
open ↗VulnCheck XDB
initial-access
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open ↗VulnCheck XDB
initial-access
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/
100RISK
open ↗VulnCheck XDB
local
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RISK
open ↗VulnCheck XDB
initial-access
Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1
78RISK
open ↗GitHub PoC★ 4
CVE-2026-46331 act_pedit page-cache corruption exploit, with Alpine PIE fix
net/sched: fix pedit partial COW leading to page cache corruption
41RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.