Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
71,180 exploits
GitHub PoC
cj667113/OCI-Ansible-Fix-CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC
Local Privilege Escalation. Flips the running user's UID to 0 in /etc/passwd's page cache, then invokes su for a root shell.
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC
LAT-06/CVE-2026-34197
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RISK
open ↗GitHub PoC
A lightweight Python-based security assessment tool for detecting dangerous Cross-Origin Resource Sharing (CORS) misconfigurations - CVE-2025-34291.
Langflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCE
100RISK
open ↗GitHub PoC★ 6
Research artifacts, PoC scripts, and lab assets for the Copy Fail Linux local privilege escalation writeup on https://4xura.com/binex/kernel/copy-fail
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC
Detection and mitigation tooling for CVE-2026-31431 (Copy Fail) on Linux kernels. Includes Phalanx-CCS and Silent4Labs scripts plus an Ansible playbook to apply temporary mitigation (block algif_aead module or boot parameter) across servers.
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC★ 1
这是一个面向防守和内网排查的 CVE-2026-42945 静态检测工具,用于检查 NGINX ngx_http_rewrite_module 相关配置是否存在高风险 rewrite 组合。
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗GitHub PoC★ 4
IKEv2, ikeext.dll, CVE-2026-33824, double free, heap grooming, ROP, SKF fragmentation, Windows exploit, anti-debug, obfuscation, API hooking, shellcode, reverse shell
Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
60RISK
open ↗GitHub PoC
CVE-2026-46300 / CVE-2026-43500 / CVE-2026-31431 / CVE-2026-43284 golang hotfix
net: skbuff: preserve shared-frag marker during coalescing
41RISK
open ↗VulnCheck XDB
local
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open ↗GitHub PoC
Technical breakdown of CVE-2026-34472, an auth bypass via leaked credentials affecting ZTE H188A routers.
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows u
41RISK
open ↗GitHub PoC★ 1
这是一个面向防守和内网排查的 Apache ActiveMQ Classic 暴露面检测工具,用于辅助评估 CVE-2026-34197 相关风险。
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RISK
open ↗VulnCheck XDB
local
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
46RISK
open ↗GitHub PoC★ 1
Use CVE-2026-46333 and CVE-2026-31431 to change any user's password.
ptrace: slightly saner 'get_dumpable()' logic
56RISK
open ↗GitHub PoC★ 3
CVE-2026-31431 (Copy Fail) — Análisis y desarrollo en Ensamblador x86-64 | Analysis and development in x86-64 Assembly
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗VulnCheck XDB
local
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
46RISK
open ↗GitHub PoC★ 1
Use CVE-2026-46333 and CVE-2026-31431 to change any user's password.
ptrace: slightly saner 'get_dumpable()' logic
56RISK
open ↗GitHub PoC★ 5
Research on `pidfd_getfd(2)`-based file descriptor leakage from privileged SUID processes. Demonstrates race-condition FD capture against OpenSSH `ssh-keysign` and exposure of sensitive root-owned file handles.
ptrace: slightly saner 'get_dumpable()' logic
56RISK
open ↗GitHub PoC★ 3
🛡️ Script to test for NGINX CVE-2026-42945
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗GitHub PoC★ 1
Renison-Gohel/CVE-2026-42945-NGINX-Rift
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗GitHub PoC★ 4
PoC for CVE-2023-2825: automated GitLab 16.0.0 arbitrary file read via nested public groups, project upload traversal, reusable upload paths, and clean CLI output.
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a
85RISK
open ↗GitHub PoC
MuharremK0/Info-Sys-Security-CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗GitHub PoC
Linux kernel root exploit
net: skbuff: preserve shared-frag marker during coalescing
41RISK
open ↗GitHub PoC
rootdirective-sec/CVE-2026-8181-Lab
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.