Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
71,114 exploits
GitHub PoC
A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305.
CVE-2026-10187CRITICAL03 Jun 2026
Totolink N300RH Web Management wireless.so setWiFiBasicConfig stack-based overflow
48RISK
open
GitHub PoC
Detection script for CIFSwitch - CVE-2026-46243
CVE-2026-46243HIGH03 Jun 2026
smb: client: reject userspace cifs.spnego descriptions
41RISK
open
VulnCheck XDB
info-leak
CVE-2026-0257HIGHunder attack03 Jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open
GitHub PoC3
Bulk scanning + one-click vulnerability exploitation
CVE-2026-42945CRITICAL03 Jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC2
Shcesama/cve-2023-4863-analysis
CVE-2023-4863HIGHunder attack03 Jun 2026
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to
93RISK
open
GitHub PoC
PoC exploit for CVE-2026-23744 — unauthenticated RCE in MCPJam Inspector via unvalidated serverConfig command injection on /api/mcp/connect, enabling reverse shell as process owner without credentials.
CVE-2026-23744CRITICAL03 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
GitHub PoC1
Real-World Simulation: FTP Service Exploitation (ProFTPD CVE-2015-3306)
CVE-2015-330603 Jun 2026
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RISK
open
GitHub PoC
leehunkoo/hk_CVE-2025-32433
CVE-2025-32433CRITICALunder attack03 Jun 2026
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISK
open
GitHub PoC3
Reproducible Docker lab for CVE-2024-21182 — Oracle WebLogic T3/IIOP OpaqueReference JNDI injection → unauthenticated RCE (CVE-2023-21839 patch-bypass family). One-command validate.sh.
CVE-2024-21182HIGHunder attack02 Jun 2026
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
83RISK
open
GitHub PoC
MrR0b0t19/CVE-2026-23744-PoC
CVE-2026-23744CRITICAL02 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
GitHub PoC
entr0pie/demo-cve-2022-22947
CVE-2022-22947CRITICALunder attack02 Jun 2026
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RISK
open
GitHub PoC1
This utility was created during research involving MCPJam v1.4.2. The application exposes an API endpoint that accepts a server configuration object. Under certain conditions, insufficient validation may allow unintended command execution.
CVE-2026-23744CRITICAL02 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
GitHub PoC
Performed a Full & Fast vulnerability assessment using OpenVAS against Metasploitable2, identified the critical vsftpd Backdoor vulnerability (CVE-2011-2523), and developed containment, remediation, and incident response documentation.
CVE-2011-252302 Jun 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISK
open
GitHub PoC
Okymi-X/CVE-2021-43798
CVE-2021-43798HIGHunder attack02 Jun 2026
Grafana path traversal
100RISK
open
GitHub PoC
CVE-2026-23744 Proof-of-concept.
CVE-2026-23744CRITICAL02 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
GitHub PoC
Dhananjayasj/CVE-2026-34156-NocoBase-Sandbox-Escape-via-Workflow-Execution-Vulnerability-
CVE-2026-34156CRITICAL02 Jun 2026
NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-8206CRITICAL02 Jun 2026
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RISK
open
GitHub PoC2
Script para comprobar si la vulnerabilidad de Linux CIFSwitch (CVE-2026-46243) nos afecta. Detecta configuraciones potencialmente vulnerables y mitigaciones sin ejecutar exploits.
CVE-2026-46243HIGH02 Jun 2026
smb: client: reject userspace cifs.spnego descriptions
41RISK
open
GitHub PoC
AzDevops143/FRAGNESIA-Charan-cve-2026-46300
CVE-2026-46300HIGH02 Jun 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISK
open
GitHub PoC
lorenzocamilli/CVE-2026-45332-PoC
CVE-2026-45332HIGH02 Jun 2026
Automad Broken Access Control: unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint
41RISK
open
GitHub PoC
jenniferreire26/CVE-2026-39987
CVE-2026-39987CRITICALunder attack02 Jun 2026
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL02 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
GitHub PoC6
CVE-2026-41089
CVE-2026-41089CRITICAL02 Jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL02 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL02 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-8181CRITICAL02 Jun 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open
GitHub PoC
Mender Server - Authenticated Path Traversal to RCE
CVE-2026-49009LOW02 Jun 2026
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
28RISK
open
VulnCheck XDB
initial-access
CVE-2023-21839HIGHunder attack02 Jun 2026
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
100RISK
open
GitHub PoC
CVE-2026-31525 - Draft
CVE-2026-31525HIGH02 Jun 2026
bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
41RISK
open
VulnCheck XDB
info-leak
CVE-2021-43798HIGHunder attack02 Jun 2026
Grafana path traversal
100RISK
open
previouspage 36 / 2,371next

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.