Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
71,062 exploits
GitHub PoC
TryHackMe SOC Level 1 — Follina CVE-2022-30190, Nim C2, Chisel, PrintSpoofer, backdoor accounts
CVE-2022-30190HIGHunder attackransomware15 Jun 2026
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISK
open
GitHub PoC
webapp vulnerable to CVE-2021-44228
CVE-2021-44228CRITICALunder attackransomware15 Jun 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISK
open
GitHub PoC1
CVE-2024-3094 XZ Utils backdoor research - attack surface visualiser, system vulnerability checker, and general Linux CVE assessment tool
CVE-2024-3094CRITICAL14 Jun 2026
Xz: malicious code in distributed source
70RISK
open
GitHub PoC
kaleth4/CVE-2022-30190
CVE-2022-30190HIGHunder attackransomware14 Jun 2026
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISK
open
GitHub PoC
Apache HTTP Server 2.4.49 Path Traversal Vulnerability Reproduction
CVE-2021-41773HIGHunder attackransomware14 Jun 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
GitHub PoC1
CVE-2017-0144
CVE-2017-0144HIGHunder attackransomware14 Jun 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL14 Jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC
CVE-2026-5513: Bookly <= 27.2 Stored XSS via Cookie (Unauthenticated)
CVE-2026-5513HIGH14 Jun 2026
Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie
41RISK
open
GitHub PoC
CVE-2026-5513 — Bookly ≤ 27.2 Stored XSS via Cookie
CVE-2026-5513HIGH14 Jun 2026
Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie
41RISK
open
VulnCheck XDB
info-leak
CVE-2025-14847HIGHunder attack14 Jun 2026
Zlib compressed protocol header length confusion may allow memory read
100RISK
open
GitHub PoC4
CVE-2026-20245
CVE-2026-20245HIGHunder attack14 Jun 2026
Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability
76RISK
open
GitHub PoC1
Defensive research notes for CVE-2026-5950, a BIND 9 resolver DoS vulnerability credited to Billy Baraja (BielraX).
CVE-2026-5950MEDIUM14 Jun 2026
Unbounded resend loop in BIND 9 resolver
33RISK
open
VulnCheck XDB
initial-access
CVE-2017-0144HIGHunder attackransomware14 Jun 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open
GitHub PoC
CVE-2026-20253 - Splunk Enterprise
CVE-2026-20253CRITICALunder attack14 Jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RISK
open
GitHub PoC
Python RCE PoC with reverse-shell listener for CVE-2026-42945 (NGINX Rift)
CVE-2026-42945CRITICAL14 Jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC
webshellseo8/CVE-2026-53787-POC-
CVE-2026-53787CRITICAL14 Jun 2026
Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload
63RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL14 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
info-leak
CVE-2021-41773HIGHunder attackransomware14 Jun 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
GitHub PoC
CVE-2026-20127
CVE-2026-20127CRITICALunder attack14 Jun 2026
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISK
open
GitHub PoC
rohit-sundar/cve-2026-23744
CVE-2026-23744CRITICAL14 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
GitHub PoC
CVE-2025-14847 mongobleed python file
CVE-2025-14847HIGHunder attack14 Jun 2026
Zlib compressed protocol header length confusion may allow memory read
100RISK
open
GitHub PoC
CVE-2018-9276 — PRTG Network Monitor < 18.2.39 Authenticated RCE. For educational purposes and authorized penetration testing only.
CVE-2018-9276HIGHunder attack13 Jun 2026
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RISK
open
GitHub PoC
J1nKsC/CVE-2024-4367_test
CVE-2024-4367MEDIUM13 Jun 2026
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js c
55RISK
open
GitHub PoC1
CVE-2021-21425 - GravCMS 1.10.7 Unauthenticated RCE via Scheduler. Improved exploit with CLI args and auto base64 encoding.
CVE-2021-21425CRITICAL13 Jun 2026
Unauthenticated Arbitrary YAML Write/Update leads to Code Execution
85RISK
open
GitHub PoC1
HTTP/2 Bomb: HPACK indexed-reference amplification + flow-control stall. A high school student's full protocol analysis (LaTeX). CVE-2026-49975, CVE-2026-47774.
CVE-2026-49975HIGH13 Jun 2026
Apache HTTP Server: mod_http2 denial of service
46RISK
open
GitHub PoC
Technical writeup and Proof of Concept (PoC) for CVE-2026-11417: OS Command Injection / Remote Code Execution (RCE) in AWS CDK's NodejsFunction.
CVE-2026-11417HIGH13 Jun 2026
OS Command Injection in NodejsFunction Bundling in aws-cdk-lib
41RISK
open
VulnCheck XDB
local
CVE-2021-4034HIGHunder attack13 Jun 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware13 Jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
GitHub PoC2
HTTP/2 Bomb (CVE-2026-49975) non-destructive vulnerability detector for Nginx / Apache httpd. Zero-dependency Python.
CVE-2026-49975HIGH13 Jun 2026
Apache HTTP Server: mod_http2 denial of service
46RISK
open
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALunder attack13 Jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open
previouspage 24 / 2,369next

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.