Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,159cataloged exploits
31,683CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,128VulnCheck XDB 8,069Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
71,159 exploits
GitHub PoC
CVE-2026-30691: Stored Cross-Site Scripting (XSS) in @cyntler/react-doc-viewer
Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitra
33RISK
open ↗VulnCheck XDB
initial-access
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗GitHub PoC
The code for personally reproducing the corresponding vulnerability
LiteLLM affected by privilege escalation via unrestricted proxy configuration endpoint
61RISK
open ↗GitHub PoC
The code for personally reproducing the corresponding vulnerability
LiteLLM has an authentication bypass via OIDC userinfo cache key collision
48RISK
open ↗GitHub PoC
SMB Red Team Lab— NTLM Relay via LLMNR Poisoning, CVE-2007-2447, NTLMv2 Hash Cracking & NT AUTHORITY\SYSTEM on Windows 10
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RISK
open ↗GitHub PoC
PwnKit (CVE-2021-4034) Safe Checker This tool performs read-only checks and does not attempt exploitation.
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open ↗GitHub PoC
Writeup da sala Blue do TryHackMe — exploração do EternalBlue (MS17-010/CVE-2017-0143).
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open ↗GitHub PoC
anonmrc/CVE-2026-34486-e-Tomcat-Tribes
Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor
61RISK
open ↗GitHub PoC
CVE-2025-55182 Exploit | by infrar3d
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗GitHub PoC★ 1
Dirty Frag - kernel Linux critical Vulnerability
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open ↗GitHub PoC
Exploit code for CVE-2026-42096 and CVE-2026-42097 allowing for arbitrary SQL command execution without authentication.
Broken Access Control in Sparx Pro Cloud Server
41RISK
open ↗GitHub PoC
Shell scanner for CVE-2026-31431 "Copy Fail" — a local privilege escalation via Linux kernel page cache corruption (algif_aead/AF_ALG). Checks kernel version, patch status, module state, setuid exposure and mitigations. Supports Debian 11–13 and Ubuntu 20.04–25.10. CI/CD-ready (exit codes + JSON output).
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC
Xmyronn/CVE-2026-11344-RCE
code-projects Vehicle Management System New Driver Registration Form newdriver.php unrestricted upload
33RISK
open ↗GitHub PoC
Maxime288/CVE-2026-8838-RCE
Remote Code Execution via eval() Injection in amazon-redshift-python-driver
48RISK
open ↗GitHub PoC
The code for personally reproducing the corresponding vulnerability
LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/t
41RISK
open ↗GitHub PoC★ 1
CVE-2026-34474: unauthenticated ETHCheat=1 requests leak the admin password and Wi-Fi PSK from ZTE H298A/H108N routers.
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to
46RISK
open ↗GitHub PoC
rufflabs/CVE-2026-36748
RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile.
48RISK
open ↗GitHub PoC★ 1
A report on Dirty Frag, which is a Linux Local Privilege Escalation (LPE) vulnerability chain that allows an unprivileged user to gain root access
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open ↗GitHub PoC
suil12/CVE-2025-24813_presentation
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RISK
open ↗VulnCheck XDB
local
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,
78RISK
open ↗GitHub PoC
CVE-2026-46300 / CVE-2026-43500 / CVE-2026-31431 / CVE-2026-43284 golang hotfix
net: skbuff: preserve shared-frag marker during coalescing
41RISK
open ↗VulnCheck XDB
local
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
46RISK
open ↗GitHub PoC
Laboratorio automatizado Plug & Play en Docker para auditar y estudiar la vulnerabilidad Log4Shell (CVE-2021-44228)
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISK
open ↗GitHub PoC
Attack and Defense course project focused on CVE-2017-5638 analysis, exploitation, and mitigation.
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RISK
open ↗VulnCheck XDB
initial-access
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.