Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
13,140 exploits
GitHub PoC
ClaraSto/CVE-2024-1086_Ausarbeitung
CVE-2024-1086HIGHunder attackransomware21 Apr 2026
Use-after-free in Linux kernel's netfilter: nf_tables component
76RISK
open
GitHub PoC77
Apache ActiveMQ漏洞综合利用工具(CVE-2015-5254,CVE-2016-3088,CVE-2022-41678,CVE-2023-46604,CVE-2024-32114,CVE-2026-34197,CVE-2026-40466, CVE-2026-42588)
CVE-2016-3088CRITICALunder attack20 Apr 2026
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitr
100RISK
open
GitHub PoC77
Apache ActiveMQ漏洞综合利用工具(CVE-2015-5254,CVE-2016-3088,CVE-2022-41678,CVE-2023-46604,CVE-2024-32114,CVE-2026-34197,CVE-2026-40466, CVE-2026-42588)
CVE-2023-46604CRITICALunder attackransomware20 Apr 2026
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RISK
open
GitHub PoC
We hope to reproduce CVE-2021-41773 to deepen our understanding of real-world cybersecurity vulnerabilities so that we can be knowledgeable about exploits in industry and academic work.
CVE-2021-41773HIGHunder attackransomware20 Apr 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
GitHub PoC
The forgot-password endpoint in Flowise returns sensitive information including a valid password reset tempToken without authentication or verification. This enables any attacker to generate a reset token for arbitrary users and directly reset their password, leading to a complete account takeover (ATO).
CVE-2025-58434CRITICAL20 Apr 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISK
open
GitHub PoC
Professional vulnerability assessment of a multi-VLAN enterprise network (student21.local). Confirmed Stored XSS on WebGoat (HIGH, 16) via OWASP ZAP fuzzer, absent XSS on Magento via server sanitization, and CVE-2017-0144 EternalBlue on Metasploitable 3 (CRITICAL, 25) via Nessus + Wireshark PCAP validation.
CVE-2017-0144HIGHunder attackransomware20 Apr 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open
GitHub PoC1
Jorrit-VM/CVE-2026-33017
CVE-2026-33017CRITICALunder attack20 Apr 2026
Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
100RISK
open
GitHub PoC79
Apache ActiveMQ漏洞综合利用工具(CVE-2015-5254,CVE-2016-3088,CVE-2022-41678,CVE-2023-46604,CVE-2024-32114,CVE-2026-34197,CVE-2026-40466, CVE-2026-42588)
CVE-2026-34197HIGHunder attack20 Apr 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RISK
open
GitHub PoC
micheaol/distccd_rce_CVE-2004-2687
CVE-2004-268720 Apr 2026
distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote at
60RISK
open
GitHub PoC
Type Local Privilege Escalation exploit for CVE-2021-3493(Ubuntu Kernel vulnerability) documrnted during TryHackme Lab
CVE-2021-3493HIGHunder attack20 Apr 2026
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting o
98RISK
open
GitHub PoC
Multi-VLAN virtual network across 10 VMs: GRE tunneling, nftables firewall, Active Directory, BIND9 DNS, Kea DHCP, Docker web services, SMB file sharing. Vulnerability assessment using OWASP ZAP (Stored XSS) and Nessus (CVE-2017-0144 EternalBlue). Validated with Wireshark.
CVE-2017-0144HIGHunder attackransomware20 Apr 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open
GitHub PoC
Qualitative TVRA for a multi-VLAN enterprise lab: Stored XSS on WebGoat (HIGH, 16), Stored XSS on Magento (ABSENT, MEDIUM, 8), and CVE-2017-0144 EternalBlue on Metasploitable 3 (CRITICAL, 25). Scored via Likelihood × Impact using CVSS v3.0 and ZAP/Nessus/Wireshark evidence.
CVE-2017-0144HIGHunder attackransomware20 Apr 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open
GitHub PoC1
wa6n3r/CVE-2024-3400
CVE-2024-3400CRITICALunder attackransomware20 Apr 2026
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
100RISK
open
GitHub PoC
Black-box test whether an LLM chatbot is vulnerable to markdown/HTML exfil (CVE-2025-32711 class). Spins up a sink, sends payloads, renders in headless Chromium, correlates via network.
CVE-2025-32711CRITICAL20 Apr 2026
M365 Copilot Information Disclosure Vulnerability
48RISK
open
GitHub PoC1
CVE-2025-31161
CVE-2025-31161CRITICALunder attackransomware20 Apr 2026
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unle
100RISK
open
GitHub PoC
Exploiting Bluekeep (CVE-2019-0708) on windows 7 using metasploit (Esucational lab)
CVE-2019-0708CRITICALunder attackransomware19 Apr 2026
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RISK
open
GitHub PoC
NetVanguard-cmd/CVE-2025-61882
CVE-2025-61882CRITICALunder attackransomware19 Apr 2026
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integratio
100RISK
open
GitHub PoC
NetVanguard-cmd/CVE-2025-55315
CVE-2025-55315CRITICAL19 Apr 2026
ASP.NET Security Feature Bypass Vulnerability
60RISK
open
GitHub PoC1
Cyb3rCr0wCC/cve-2017-11176
CVE-2017-1117619 Apr 2026
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retr
23RISK
open
GitHub PoC
rediscovered tplink nday xp (CVE-2023-33538)
CVE-2023-33538HIGHunder attack19 Apr 2026
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerabili
83RISK
open
GitHub PoC
Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback
CVE-2025-6389CRITICAL18 Apr 2026
Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback
60RISK
open
GitHub PoC
jithinodattu/CVE-2007-4559-lab
CVE-2007-4559CRITICAL18 Apr 2026
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows
53RISK
open
GitHub PoC
Security research & exploitation analysis of CVE-2025-55182 (React) — CVSS + OWASP Top 10 mapping
CVE-2025-55182CRITICALunder attackransomware18 Apr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
GitHub PoC
Implements the mitigation for CVE-2025-54505 as described by AMD-SB-7053
CVE-2025-54505LOW18 Apr 2026
A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floa
28RISK
open
GitHub PoC
coolkiee/CVE-2019-9053
CVE-2019-905317 Apr 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISK
open
GitHub PoC13
Escalating privilege in the system from unsigned driver using throttlestop vulnerability
CVE-2025-7771HIGH17 Apr 2026
Code Execution / Escalation of Privileges in ThrottleStop
41RISK
open
GitHub PoC
CVE-2025-8110 Specifically for the Silentium box on HTB.
CVE-2025-8110HIGHunder attack17 Apr 2026
File overwrite in file update API in Gogs
100RISK
open
GitHub PoC
Published Details for this CVE
CVE-2025-66954MEDIUM17 Apr 2026
A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to
33RISK
open
GitHub PoC1
CVE-2021-25337
CVE-2021-25337MEDIUMunder attack17 Apr 2026
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted
63RISK
open
GitHub PoC
Samba CVE-2007-2447 Exploit
CVE-2007-244717 Apr 2026
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.