Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
13,140 exploits
GitHub PoC
kaleth4/CVE-2026-32746
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption
53RISK
open ↗GitHub PoC
Helios973/CVE-2026-31431_exp.c
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC
Bannt08/Research-CVE-2026-21858
n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling
85RISK
open ↗GitHub PoC
Full black-box penetration test against SecOS:1 (VulnHub) — CSRF exploitation, privilege escalation via CVE-2015-1328 (OverlayFS), post-exploitation
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does no
50RISK
open ↗GitHub PoC
CVE-2026-31431 ("Copy Fail") vulnerability detector & exploit on Astra linux 1.7.6 with 3.7+ python
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC★ 6
Simple Ansible Playbook to mitigate against CopyFail (CVE-2026-31431) and DirtyFrag (CVE-2026-43284) vulnerabilities.
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC★ 2
Dirty Frag (CVE-2026-43284/43500) - Linux Kernel LPE Deep Technical Analysis by Bomb
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open ↗GitHub PoC★ 3
Wazuh 4.14.4 detection rules for CVE-2026-43284 / CVE-2026-43500 (Dirty Frag) - Linux Local Privilege Escalation via page cache write
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open ↗GitHub PoC
A fully refactored, Python 3 compatible exploit script for Tomcat Ghostcat (CVE-2020-1938 / CNVD-2020-10487) AJP Local File Inclusion
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISK
open ↗GitHub PoC
AegisGraph: graph-based application-layer assessment evidence platform for Secure Messaging Applications (SMAs). DARPA ASEMA HR0011SB20254-12 Tier 3 research. ReproChain CVE-2023-4863 reachability + PolyDiff differential parser fuzzing + claim-state governance + reproducible benchmark surface.
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to
93RISK
open ↗GitHub PoC★ 2
Vulnerability detection and mitigation tool for Copy Fail and Dirty Frag bugs (CVE-2026-31431, CVE-2026-43284, CVE-2026-43500)
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC★ 1
CVE-2026-31431 in C for aarch64 and amd64
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC
rootdirective-sec/CVE-2026-3844-Lab
Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
75RISK
open ↗GitHub PoC★ 12
A proof-of-concept demonstrating how a default, unprivileged Kubernetes Pod can achieve node-level code execution on Amazon EKS by exploiting the Dirty Frag (CVE-2026-43284) Linux kernel page-cache corruption vulnerability through shared container image layers.
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open ↗GitHub PoC
HiteshGorana/susvibes-jupyter-server-cve-2026-35397
jupyter-server path traversal allows access to sibling directories sharing root_dir name prefix
21RISK
open ↗GitHub PoC
Kernel LPE PoC & Mitigation Toolkit - ROSN-LR5-Full (CVE-2026-31431)
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC
Linux Kernel Local Privilege Escalation
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC
Morton-Li/copy-fail-CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC
A Rust honeypot that simulates a vulnerable cPanel/WHM instance for CVE-2026-41940
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open ↗GitHub PoC
rootdirective-sec/CVE-2026-34197-Lab
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RISK
open ↗GitHub PoC
CVE-2025-58434 Proof of Concept
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISK
open ↗GitHub PoC★ 23
Detector + PoC for Linux page-cache write vulnerabilities: Copy Fail (CVE-2026-31431) and Dirty Frag (CVE-2026-43284/43500). Authorized security research only.
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC
Paranoid disable Linux IPsec ESP support (esp4/esp6) and RxRPC support.
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open ↗GitHub PoC★ 1
kyukazamiqq/cve-2026-5718
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RISK
open ↗GitHub PoC
Sidjaz/CrushFTP-CVE-2024-4040-Proof-of-Concept
Unauthenticated arbitrary file read and remote code execution in CrushFTP
100RISK
open ↗GitHub PoC
Exploiting Parsec for Windows to gain SYSTEM privileges
An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Pri
41RISK
open ↗GitHub PoC
Full exploit chain lab and Suricata IDS detection for CVE-2022-30190 (Follina) - MSDT RCE
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISK
open ↗GitHub PoC
Detection rules for CVE-2026-23918 Apache http2 RCE - Credit: stringa.ai, isec.pl
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.