Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,105cataloged exploits
31,648CVEs with public exploitation
0lab-tested
13,098 exploits
GitHub PoC
Jeanback1/CVE-2019-9053-exploit
CVE-2019-905331 May 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISK
open
GitHub PoC
Dungsocool/CVE-2014-3120
CVE-2014-3120HIGHunder attack31 May 2026
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execut
100RISK
open
GitHub PoC
Remote Code Execution in MCPJam 1.4.2 and older.
CVE-2026-23744CRITICAL31 May 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
GitHub PoC
CVE-2026-23744 — Proof of concept exploit for an unauthenticated Remote Code Execution vulnerability in MCPJam Inspector <= 1.4.2.
CVE-2026-23744CRITICAL31 May 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
GitHub PoC
b1nhack/CVE-2024-1086
CVE-2024-1086HIGHunder attackransomware31 May 2026
Use-after-free in Linux kernel's netfilter: nf_tables component
76RISK
open
GitHub PoC
CVE-2025-5947 WordPress Service Finder Bookings ≤ 6.0 Exploit
CVE-2025-5947CRITICAL30 May 2026
Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie
63RISK
open
GitHub PoC
This exploit is based on CVE-2023-27350 and was built upon the original exploit by horizon3ai and the Metasploit module.
CVE-2023-27350CRITICALunder attackransomware30 May 2026
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RISK
open
GitHub PoC3
CVE-2026-0257
CVE-2026-0257HIGHunder attack30 May 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open
GitHub PoC
CVE-2026-0257 - PAN-OS
CVE-2026-0257HIGHunder attack30 May 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open
GitHub PoC
HAERIN-L/POC_CVE-2026-46716
CVE-2026-46716CRITICAL30 May 2026
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
48RISK
open
GitHub PoC
Python POC, Exploit for CVE-2026-29000
CVE-2026-29000CRITICAL30 May 2026
pac4j-jwt JwtAuthenticator Authentication Bypass
48RISK
open
GitHub PoC
Dungsocool/CVE-2018-7600
CVE-2018-7600CRITICALunder attackransomware30 May 2026
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISK
open
GitHub PoC
Delt-A/CVE-2024-36401-poc
CVE-2024-36401CRITICALunder attack30 May 2026
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RISK
open
GitHub PoC
Auditoría de seguridad y análisis de vulnerabilidades (CVE-2014-3566 y CVE-2010-2333) en la infraestructura de red local y router residencial.
CVE-2010-233330 May 2026
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scrip
50RISK
open
GitHub PoC
kavin-jindal/CVE-2026-48778-PoC
CVE-2026-48778HIGH30 May 2026
Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
41RISK
open
GitHub PoC
HAERIN-L/poc_cve-2026-42208
CVE-2026-42208CRITICALunder attack30 May 2026
LiteLLM: SQL injection in Proxy API key verification
100RISK
open
GitHub PoC
Dhananjayasj/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
CVE-2024-21413CRITICALunder attack30 May 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RISK
open
GitHub PoC
letsr00t/CVE-2026-43494-PinTheft-PoC
CVE-2026-43494HIGH30 May 2026
net/rds: reset op_nents when zerocopy page pin fails
41RISK
open
GitHub PoC
CVE-2026-39987 - Draft
CVE-2026-39987CRITICALunder attack30 May 2026
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISK
open
GitHub PoC
jomjosh17/Log4Shell-CVE-2021-44228-
CVE-2021-44228CRITICALunder attackransomware30 May 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISK
open
GitHub PoC7
CVE-2025-38352 kernel exploit for LG webOS Smart TVs (ARM64). Achieves persistent root on real consumer hardware with novel exploitation techniques. Responsibly disclosed to LG.
CVE-2025-38352HIGHunder attack30 May 2026
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
71RISK
open
GitHub PoC
Testing a List of IP address incase they are vulnerable to CVE-2024-3400
CVE-2024-3400CRITICALunder attackransomware30 May 2026
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
100RISK
open
GitHub PoC7
Notepad++ RCE via config.xml commandLineInterpreter
CVE-2026-48778HIGH30 May 2026
Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
41RISK
open
GitHub PoC
CVE-2025-10162 Exploit
CVE-2025-10162HIGH30 May 2026
OrderConvo < 14 - Unauthenticated Arbitrary File Read
56RISK
open
GitHub PoC2
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
CVE-2026-8732CRITICAL30 May 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISK
open
GitHub PoC1
POC_CVE-2026-42589
CVE-2026-42589CRITICAL30 May 2026
Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection
63RISK
open
GitHub PoC
PHP poc, exploit for CVE-2025-9074
CVE-2025-9074CRITICAL30 May 2026
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RISK
open
GitHub PoC
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation
CVE-2026-8732CRITICAL30 May 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISK
open
GitHub PoC2
CVE-2026-8732 | WP Maps Pro <= 6.1.0 | Unauthenticated Privilege Escalation
CVE-2026-8732CRITICAL30 May 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISK
open
GitHub PoC
Exploiting heap-based buffer overflow in sudo for privilege escalation
CVE-2021-3156HIGHunder attack30 May 2026
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.