Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
13,116 exploits
GitHub PoC4
IKEv2, ikeext.dll, CVE-2026-33824, double free, heap grooming, ROP, SKF fragmentation, Windows exploit, anti-debug, obfuscation, API hooking, shellcode, reverse shell
CVE-2026-33824CRITICAL18 May 2026
Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
60RISK
open
GitHub PoC3
CVE-2026-33825
CVE-2026-33825HIGHunder attackransomware18 May 2026
Microsoft Defender Elevation of Privilege Vulnerability
71RISK
open
GitHub PoC1
This repository provides proof of concept (PoC) for the CVE-2021-4034
CVE-2021-4034HIGHunder attack18 May 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open
GitHub PoC
A lightweight Python-based security assessment tool for detecting dangerous Cross-Origin Resource Sharing (CORS) misconfigurations - CVE-2025-34291.
CVE-2025-34291CRITICALunder attack18 May 2026
Langflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCE
100RISK
open
GitHub PoC6
Research artifacts, PoC scripts, and lab assets for the Copy Fail Linux local privilege escalation writeup on https://4xura.com/binex/kernel/copy-fail
CVE-2026-31431HIGHunder attack18 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
Local Privilege Escalation. Flips the running user's UID to 0 in /etc/passwd's page cache, then invokes su for a root shell.
CVE-2026-31431HIGHunder attack18 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
cj667113/OCI-Ansible-Fix-CVE-2026-31431
CVE-2026-31431HIGHunder attack18 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
MuharremK0/Info-Sys-Security-CVE-2025-55182
CVE-2025-55182CRITICALunder attackransomware17 May 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
GitHub PoC
CVE-2026-8181 | Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
CVE-2026-8181CRITICAL17 May 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open
GitHub PoC
rootdirective-sec/CVE-2026-8181-Lab
CVE-2026-8181CRITICAL17 May 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open
GitHub PoC1
Use CVE-2026-46333 and CVE-2026-31431 to change any user's password.
CVE-2026-46333HIGH17 May 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISK
open
GitHub PoC35
CVE-2026-46333
CVE-2026-46333HIGH17 May 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISK
open
GitHub PoC4
PoC for CVE-2023-2825: automated GitLab 16.0.0 arbitrary file read via nested public groups, project upload traversal, reusable upload paths, and clean CLI output.
CVE-2023-2825CRITICAL17 May 2026
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a
85RISK
open
GitHub PoC5
Research on `pidfd_getfd(2)`-based file descriptor leakage from privileged SUID processes. Demonstrates race-condition FD capture against OpenSSH `ssh-keysign` and exposure of sensitive root-owned file handles.
CVE-2026-46333HIGH17 May 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISK
open
GitHub PoC1
Renison-Gohel/CVE-2026-42945-NGINX-Rift
CVE-2026-42945CRITICAL17 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC
Authenticated RCE PoC for Flowise version <= 3.0.5 via CustomMCP Node (CVE-2025-59528)
CVE-2025-59528CRITICAL17 May 2026
Flowise has Remote Code Execution vulnerability
85RISK
open
GitHub PoC1
Use CVE-2026-46333 and CVE-2026-31431 to change any user's password.
CVE-2026-46333HIGH17 May 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISK
open
GitHub PoC
Linux kernel root exploit
CVE-2026-46300HIGH17 May 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISK
open
GitHub PoC1
usmansec/-CVE-2021-4034
CVE-2021-4034HIGHunder attack17 May 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open
GitHub PoC3
🛡️ Script to test for NGINX CVE-2026-42945
CVE-2026-42945CRITICAL17 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC3
CVE-2026-31431 (Copy Fail) — Análisis y desarrollo en Ensamblador x86-64 | Analysis and development in x86-64 Assembly
CVE-2026-31431HIGHunder attack17 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
DFIR investigation + 7 Suricata rules on a simulated NexaCorp intrusion (vsftpd 2.3.4 CVE-2011-2523 + MITRE Caldera C2). 4-day solo engagement (BeCode Brussels Mission 01). 54-page report, 10 findings, 7/7 rules validated by PCAP replay.
CVE-2011-252317 May 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISK
open
GitHub PoC
Python script to sweep a fleet of Palo Alto firewalls and Panoramas via SSH, check PAN-OS version against CVE-2026-0265 (Authentication Bypass via Cloud Authentication Service), detect whether CAS is actually configured, and report exploitability in a color-coded summary table.
CVE-2026-0265HIGH17 May 2026
PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled
41RISK
open
GitHub PoC
CVE-2026-6857
CVE-2026-6857HIGH16 May 2026
Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization
41RISK
open
GitHub PoC
Python toolkit to audit Apache HTTP Server against CVE-2026-23918 (HTTP/2 double-free RCE) and 4 related CVEs. Passive scanner with ALPN verification + read-only local auditor. No exploits.
CVE-2026-23918HIGH16 May 2026
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISK
open
GitHub PoC1
CVE-2026-44578
CVE-2026-44578HIGH16 May 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISK
open
GitHub PoC7
CVE-2026-44578: Next.js WebSocket Upgrade SSRF — pre-auth credential theft via localhost:80. Lab + exploit + audit.
CVE-2026-44578HIGH16 May 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISK
open
GitHub PoC
lwd3c/CVE-2026-46586
CVE-2026-46586HIGH16 May 2026
Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution
21RISK
open
GitHub PoC
This repository contains a Proof of Concept (PoC) Python script for CVE-2025-58434, which enables attackers to change passwords of other users without authentication process in flowise version 3.0.5 and lower due to token leakage.
CVE-2025-58434CRITICAL16 May 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISK
open
GitHub PoC
Safe Python scanner for Cisco CVE-2025-20333 (Cisco ASA/FTD WebVPN Buffer Overflow)
CVE-2025-20333CRITICALunder attack16 May 2026
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secu
90RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.