Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
71,114 exploits
GitHub PoC1
CVE-2026-9082
CVE-2026-9082CRITICALunder attack21 May 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-9082CRITICALunder attack21 May 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISK
open
GitHub PoC2
Langflow Arbitrary Directory Deletion
CVE-2026-42048CRITICAL21 May 2026
Langflow: Path Traversal in Langflow Knowledge Bases API
48RISK
open
GitHub PoC
CVE-2026-0300 PAN-OS 12.1, 11.2, 11.1, 10.2
CVE-2026-0300CRITICALunder attack21 May 2026
PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal
90RISK
open
GitHub PoC11
CVE-2026-41091
CVE-2026-41091HIGHunder attack21 May 2026
Microsoft Defender Elevation of Privilege Vulnerability
71RISK
open
GitHub PoC4
PoC for CVE-2024-6678
CVE-2024-6678CRITICAL21 May 2026
Authentication Bypass by Spoofing in GitLab
48RISK
open
Exploit-DB
FUXA 1.2.9 - RCE
CVE-2026-25895CRITICAL21 May 2026
FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API
48RISK
open
VulnCheck XDB
initial-access
CVE-2025-29927CRITICAL20 May 2026
Authorization Bypass in Next.js Middleware
85RISK
open
VulnCheck XDB
info-leak
CVE-2018-14847CRITICALunder attack20 May 2026
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated
100RISK
open
GitHub PoC3
CVE-2026-42945 - NGINX Rift Toolkit
CVE-2026-42945CRITICAL20 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC
yusufdalbudak/CVE-2026-42945
CVE-2026-42945CRITICAL20 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2026-42271HIGHunder attack20 May 2026
LiteLLM: Authenticated command execution via MCP stdio test endpoints
100RISK
open
GitHub PoC
Se realizó una evaluación de vulnerabilidades sobre una máquina virtual con Kali Linux utilizando un script detector para la vulnerabilidad Dirty Frag, asociada a las CVE-2026-43284 y CVE-2026-43500. Posteriormente se ejecutó un Proof of Concept (PoC) público escrito en lenguaje C para validar la posibilidad de realizar una escalada local
CVE-2026-43284HIGH20 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
GitHub PoC
Exploit for DirtyDecrypt - CVE-2026-31635 Local Privilege Escalation
CVE-2026-31635HIGH20 May 2026
rxrpc: fix oversized RESPONSE authenticator length check
41RISK
open
VulnCheck XDB
local
CVE-2021-4034HIGHunder attack20 May 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open
GitHub PoC
POC_CVE-2026-35037
CVE-2026-35037HIGH20 May 2026
Ech0 affected by unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadata
41RISK
open
GitHub PoC
A small script to apply Yellowkey mitigation based on CVE-2026-45585 instructions
CVE-2026-45585MEDIUM20 May 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RISK
open
GitHub PoC20
CVE-2026-31431-killed page-cache exploit — code exec into containers sharing the same image layer
CVE-2026-31431HIGHunder attack20 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
a24ac1/CVE-2026-0740
CVE-2026-0740CRITICAL20 May 2026
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RISK
open
GitHub PoC
The code for personally reproducing the corresponding vulnerability
CVE-2026-42271HIGHunder attack20 May 2026
LiteLLM: Authenticated command execution via MCP stdio test endpoints
100RISK
open
GitHub PoC
Exploit for CVE-2026-41651 - PackageKit TOCTOU Local Privilege Escalation (Pack2TheRoot)
CVE-2026-41651HIGH20 May 2026
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root
41RISK
open
GitHub PoC
A Go implementation of dirtyfrag (CVE-2026-43284 / CVE-2026-43500)
CVE-2026-43284HIGH20 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
GitHub PoC
MGTx2/CVE-2026-39107
CVE-2026-39107MEDIUM20 May 2026
A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails
33RISK
open
GitHub PoC
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
CVE-2026-31635HIGH20 May 2026
rxrpc: fix oversized RESPONSE authenticator length check
41RISK
open
GitHub PoC
POC for CVE-2026-30950 which allows session hijacking in AutoGpt
CVE-2026-30950HIGH20 May 2026
AutoGPT has Authenticated Session Hijacking via IDOR
41RISK
open
GitHub PoC2
A Go implementation of fragnesia (CVE-2026-46300)
CVE-2026-46300HIGH20 May 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-8110HIGHunder attack20 May 2026
File overwrite in file update API in Gogs
100RISK
open
GitHub PoC
One-command scanner for the Mini Shai-Hulud npm supply-chain worm (CVE-2026-45321). Detect before rotating tokens.
CVE-2026-45321CRITICALunder attackransomware20 May 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISK
open
VulnCheck XDB
local
CVE-2026-43500HIGH20 May 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RISK
open
VulnCheck XDB
local
CVE-2026-43500HIGH20 May 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RISK
open
previouspage 50 / 2,371next

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.