Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
13,116 exploits
GitHub PoC★ 2
nanwinata/nginxrift-CVE-2026-42945
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗GitHub PoC
ydking0911/CVE-2026-4060-PoC
Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'sort' Parameter
41RISK
open ↗GitHub PoC★ 1
CVE-2026-44403-WingFTP-v8.1.2-POC-Exploit
Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization
41RISK
open ↗GitHub PoC★ 1
Proof of concept exploit for CVE-2026-46391
HAX open-apis: Credential Theft via Server-Side Request Forgery (SSRF) in open-apis
41RISK
open ↗GitHub PoC
These detection scripts are property of the SECPlayground Platform. Two safe detection scripts. Neither drives the close_notify-mid-BDAT trigger, so they will not crash the daemon or leave panic-log entries. Both verdicts are "likely vulnerable" — distinguishing GnuTLS from OpenSSL builds remotely is not reliable without exploitation.
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing p
48RISK
open ↗GitHub PoC
ChamsBouzaiene/ai-vuln-rediscovery-nginx-cve-2026-42945
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗GitHub PoC
User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter
User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter
33RISK
open ↗GitHub PoC★ 15
p3Nt3st3r-sTAr/CVE-2026-42945-POC
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗GitHub PoC★ 1
Scan your NGINX configuration to determine whether it is affected by CVE-2026-42945.
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗GitHub PoC
Test repo: simulates CVE-2025-30066 style compromised GitHub Action (for security research/testing chainradar)
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 thr
83RISK
open ↗GitHub PoC
A comprehensive full-lifecycle penetration testing project on Joomla 4.2.5 exploiting CVE-2023-23752 inside a Dockerized lab environment
[20230201] - Core - Improper access check in webservice endpoints
100RISK
open ↗GitHub PoC★ 5
CVE-2026-8181 - Burst Statistics 3.4.0-3.4.1.1 Unauthenticated Authentication Bypass to Admin Account Takeover | Proof of Concept
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open ↗GitHub PoC
mbanyamer/CVE-2026-22553-InSAT-MasterSCADA-BUK-TS-MMadmServ
InSAT MasterSCADA BUK-TS OS Command Injection
48RISK
open ↗GitHub PoC★ 1
Sentebale/CVE-2026-46300
net: skbuff: preserve shared-frag marker during coalescing
41RISK
open ↗GitHub PoC
0xFuffM3/CVE-2026-31431-CopyFail
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC
Snort 3 IDS → IPS lab on Kali. Custom detection rules + iptables enforcement against ICMP recon, Nmap SYN scans, Hydra FTP brute force, and vsftpd 2.3.4 backdoor (CVE-2011-2523).
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISK
open ↗GitHub PoC
A CopyFail CVE-2026-31431 implementation in python that isnt slop! Bring your own payload
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC★ 33
Nginx Rewrite CVE Scan(CVE-2026-42945 nginx-rift CVE-2026-9256)
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗GitHub PoC
There is a path injection vulnerability in OpenPLC-v3, which arises from the program not performing any validity checks on the file path parameters passed in from the command line. Attackers can read any readable file by constructing malicious paths, posing a risk of information leakage.
A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program com
33RISK
open ↗GitHub PoC
pixelotes/lab-cve-2023-4863
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to
93RISK
open ↗GitHub PoC
Controlled reproduction of CVE-2017-0144 (EternalBlue) in an isolated AWS EC2 lab — exploit analysis, Wireshark traffic capture, and MITRE ATT&CK mapping
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open ↗GitHub PoC★ 7
🚀 CVE-2026-0073 - Android ADB Wireless Debugging Exploit (CVSS 8.8) 🔓 Zero-click authentication bypass via TLS type confusion. Gain interactive shell, execute commands, scan networks. Educational red-team tool. 🐚⚡
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RISK
open ↗GitHub PoC
copy-fail-CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC
SessionReaper-CVE-2025-54236
Adobe Commerce | Improper Input Validation (CWE-20)
100RISK
open ↗GitHub PoC
Bencodin/CVE-2026-23918-poc
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISK
open ↗GitHub PoC★ 1
First CTF successfully completed! This repo documents my walkthrough of TryHackMe's Simple CTF. It covers network reconnaissance (Nmap), web exploitation (CVE-2019-9053), and credential cracking. As a dev, it was great to pivot from SQLi to a Root shell by leveraging Sudo misconfigurations. Educational purposes only.
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.