Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
71,114 exploits
VulnCheck XDB
initial-access
CVE-2023-21839HIGHunder attack02 Jun 2026
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
100RISK
open
GitHub PoC
AzDevops143/FRAGNESIA-Charan-cve-2026-46300
CVE-2026-46300HIGH02 Jun 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISK
open
GitHub PoC
Dhananjayasj/CVE-2026-34156-NocoBase-Sandbox-Escape-via-Workflow-Execution-Vulnerability-
CVE-2026-34156CRITICAL02 Jun 2026
NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node
75RISK
open
GitHub PoC3
Reproducible Docker lab for CVE-2024-21182 — Oracle WebLogic T3/IIOP OpaqueReference JNDI injection → unauthenticated RCE (CVE-2023-21839 patch-bypass family). One-command validate.sh.
CVE-2024-21182HIGHunder attack02 Jun 2026
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
83RISK
open
Metasploit500
HP Poly Voice Unauthenticated Remote Code Execution
CVE-2026-0826CRITICAL01 Jun 2026
Poly Voice – Possible Remote Control of Certain Poly Devices
48RISK
open
GitHub PoC208
CVE-2026-41089 PoC — Netlogon CLDAP stack buffer overflow (CVSS 9.8 CRITICAL)
CVE-2026-41089CRITICAL01 Jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RISK
open
GitHub PoC
tematemaru/CVE-2026-31431-simple-test
CVE-2026-31431HIGHunder attack01 Jun 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC1
Exploits the CVE-2026-0257 vulnerability by forging a GlobalProtect authentication override cookie using the TLS server's public key.
CVE-2026-0257HIGHunder attack01 Jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open
GitHub PoC
PAN-OS: GlobalProtect Authentication Bypass
CVE-2026-0257HIGHunder attack01 Jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open
Exploit-DB
Drupal Core 10.5.5 - Error-Based SQL Injection
CVE-2026-9082CRITICALunder attackwebappsphp01 Jun 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISK
open
GitHub PoC
SSRF — CVE-2026-44578 Scanner & Exploit ║ ║ Next.js WebSocket Upgrade Handler SSRF
CVE-2026-44578HIGH01 Jun 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISK
open
GitHub PoC
Automated defect verification tool for 6 dnsmasq CVEs (CVE-2026-2291, 4890, 4891, 4892, 4893, 5172)
CVE-2026-2291HIGH01 Jun 2026
CVE-2026-2291
41RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL01 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-8732CRITICAL01 Jun 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack01 Jun 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
GitHub PoC2
A Go implementation of CIFSwitch (CVE-2026-46243)
CVE-2026-46243HIGH01 Jun 2026
smb: client: reject userspace cifs.spnego descriptions
41RISK
open
GitHub PoC
afifudinmtop/MCPJam-Inspector-1.4.2-Remote-Code-Execution-CVE-2026-23744
CVE-2026-23744CRITICAL01 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
GitHub PoC
lucastran05/CVE-2026-29000
CVE-2026-29000CRITICAL01 Jun 2026
pac4j-jwt JwtAuthenticator Authentication Bypass
48RISK
open
GitHub PoC
CVE analysis of CVE-2025-40536, SolarWinds Web Help Desk security control bypass (CVSS 8.1). Covers vulnerability mechanics, attack chain with companion RCE CVEs, Storm-2603 threat actor attribution, MITRE ATT&CK mapping, and detection/remediation guidance for DoD and government environments.
CVE-2025-40536HIGHunder attack01 Jun 2026
SolarWinds Web Help Desk Security Control Bypass Vulnerability
100RISK
open
GitHub PoC
Strapi CVE-2026-27886. Leaking sensitive data via relational filtering due to lack of query sanitization
CVE-2026-27886CRITICAL01 Jun 2026
Strapi may leak sensitive data via relational filtering due to lack of query sanitization
48RISK
open
GitHub PoC2
DeepSecurityResearch/CVE-2026-2586
CVE-2026-2586CRITICAL01 Jun 2026
An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user
48RISK
open
Exploit-DB
WordPress OrderConvo 14 - Path Traversal
CVE-2025-10162HIGH01 Jun 2026
OrderConvo < 14 - Unauthenticated Arbitrary File Read
56RISK
open
VulnCheck XDB
denial-of-service
CVE-2026-41089CRITICAL01 Jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RISK
open
GitHub PoC
CVE-2026-9560 - Draft
CVE-2026-9560CRITICAL01 Jun 2026
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute
48RISK
open
GitHub PoC
ICT279 Vulnerability Detection and Mitigation Project using CVE-2025-24813 in an Internet Banking Environment
CVE-2025-24813CRITICALunder attack01 Jun 2026
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RISK
open
GitHub PoC8
p3Nt3st3r-sTAr/CVE-2026-8732-POC
CVE-2026-8732CRITICAL01 Jun 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISK
open
GitHub PoC
CVE-2026-8732 - Draft (WordPress)
CVE-2026-8732CRITICAL01 Jun 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack01 Jun 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
CVE-2026-24061 — GNU InetUtils Telnetd Authentication Bypass Scanner
CVE-2026-24061CRITICALunder attack01 Jun 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
info-leak
CVE-2026-0257HIGHunder attack01 Jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open
previouspage 37 / 2,371next

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.