Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,105cataloged exploits
31,648CVEs with public exploitation
0lab-tested
71,062 exploits
VulnCheck XDB
local
CVE-2023-32629HIGH10 Jun 2026
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks
56RISK
open
GitHub PoC
1-day exploit for CVE-2026-45258
CVE-2026-45258HIGH10 Jun 2026
Multiple vulnerabilities in the sound(4) mmap path
41RISK
open
VulnCheck XDB
initial-access
CVE-2025-24813CRITICALunder attack10 Jun 2026
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RISK
open
GitHub PoC
FreeBSD LPE
CVE-2026-49413HIGH10 Jun 2026
Flaw in Linuxulator execution of setugid binaries
41RISK
open
VulnCheck XDB
initial-access
CVE-2025-29927CRITICAL10 Jun 2026
Authorization Bypass in Next.js Middleware
85RISK
open
GitHub PoC
CVE-2026-44963 - Draft - Veeam
CVE-2026-44963CRITICAL10 Jun 2026
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
48RISK
open
GitHub PoC2
HTTP.sys RCE
CVE-2026-47291CRITICAL10 Jun 2026
HTTP.sys Remote Code Execution Vulnerability
53RISK
open
GitHub PoC
1-day exploit for CVE-2026-49417
CVE-2026-49417HIGH10 Jun 2026
Multiple vulnerabilities in the sound(4) mmap path
41RISK
open
GitHub PoC1
SolarWinds Serv-U CVE-2026-28318: unauthenticated Content-Encoding: deflate crash. Root-cause analysis (invalid free of an interior pointer -> heap corruption) + DoS-only PoC. Fixed in 15.5.4 Hotfix 1.
CVE-2026-28318HIGHunder attack10 Jun 2026
SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability
76RISK
open
VulnCheck XDB
local
CVE-2023-2640HIGH10 Jun 2026
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlay
61RISK
open
GitHub PoC3
Schema & Structured Data for WP & AMP < 1.60 - Unauthenticated Arbitrary Media Upload [POC & Xploit]
CVE-2026-9067CRITICAL10 Jun 2026
Schema & Structured Data for WP & AMP < 1.60 - Unauthenticated Arbitrary Media Upload
48RISK
open
GitHub PoC1
Validation report for the RoguePlanet Microsoft Defender PoC in a controlled Windows 11 lab environment, including build notes, Defender detection results, risk assessment, and mitigation recommendations.
CVE-2026-50656HIGH10 Jun 2026
Microsoft Defender Elevation of Privilege Vulnerability
41RISK
open
GitHub PoC
Saku0512/CVE-2026-48732-poc
CVE-2026-48732HIGH10 Jun 2026
Warp: Remote SSH cwd can lead to unauthorized remote command execution
41RISK
open
VulnCheck XDB
initial-access
CVE-2026-50751CRITICALunder attackransomware10 Jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-5027HIGH10 Jun 2026
Langflow - Path Traversal Arbitrary File Write via upload_user_file
68RISK
open
VulnCheck XDB
initial-access
CVE-2026-0257HIGHunder attack10 Jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open
GitHub PoC2
CVE-2026-49975
CVE-2026-49975HIGH10 Jun 2026
Apache HTTP Server: mod_http2 denial of service
46RISK
open
GitHub PoC
Dhananjayasj/CVE-2025-24813-Apache-Tomcat-Partial-PUT-Deserialization-RCE-
CVE-2025-24813CRITICALunder attack10 Jun 2026
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RISK
open
GitHub PoC
CVE-2026-42945 Nginx Rift
CVE-2026-42945CRITICAL10 Jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC1
Vulnerability: Logic flow weakness in Remote Access and Mobile Access
CVE-2026-50751CRITICALunder attackransomware10 Jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RISK
open
GitHub PoC1
Vulnerability: On affected Arista EOS platforms with tunnel decapsulation
CVE-2026-7473MEDIUMunder attack10 Jun 2026
Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass
63RISK
open
GitHub PoC
WORDPRESS
CVE-2026-5718HIGH10 Jun 2026
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RISK
open
GitHub PoC
CVE-2026-50751 Check Point IKEv1 vulnerability scanner
CVE-2026-50751CRITICALunder attackransomware10 Jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RISK
open
GitHub PoC5
watchtowrlabs/watchTowr-vs-Check-Point-CVE-2026-50751
CVE-2026-50751CRITICALunder attackransomware10 Jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RISK
open
GitHub PoC
CLI rewrite of the Drupalgeddon2 (CVE-2018-7600) PoC — for authorised testing/education
CVE-2018-7600CRITICALunder attackransomware10 Jun 2026
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISK
open
GitHub PoC
Layer-6/CVE-2026-5027-Langflow
CVE-2026-5027HIGH10 Jun 2026
Langflow - Path Traversal Arbitrary File Write via upload_user_file
68RISK
open
GitHub PoC2
CVE-2026-10520 - Ivanti Sentry Pre-Auth OS Command Injection Mass Scanner
CVE-2026-10520CRITICAL10 Jun 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISK
open
GitHub PoC3
# CVE-2026-11645 - Chrome V8 Out-of-Bounds Read/Write Exploit
CVE-2026-11645HIGHunder attack10 Jun 2026
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitra
71RISK
open
VulnCheck XDB
initial-access
CVE-2018-7600CRITICALunder attackransomware10 Jun 2026
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISK
open
GitHub PoC1
GrayXploit Security research and defensive team validate this toolkit for CVE-2026-0257 (PAN-OS GlobalProtect Authentication Bypass). Includes vulnerability assessment, detection guidance, technical analysis, indicators of compromise (IOCs), and remediation validation resources for security teams and defenders.
CVE-2026-0257HIGHunder attack10 Jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open
previouspage 28 / 2,369next

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.