Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
13,140 exploits
GitHub PoC
ClaraSto/CVE-2024-1086_Ausarbeitung
Use-after-free in Linux kernel's netfilter: nf_tables component
76RISK
open ↗GitHub PoC★ 77
Apache ActiveMQ漏洞综合利用工具(CVE-2015-5254,CVE-2016-3088,CVE-2022-41678,CVE-2023-46604,CVE-2024-32114,CVE-2026-34197,CVE-2026-40466, CVE-2026-42588)
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitr
100RISK
open ↗GitHub PoC★ 77
Apache ActiveMQ漏洞综合利用工具(CVE-2015-5254,CVE-2016-3088,CVE-2022-41678,CVE-2023-46604,CVE-2024-32114,CVE-2026-34197,CVE-2026-40466, CVE-2026-42588)
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RISK
open ↗GitHub PoC
We hope to reproduce CVE-2021-41773 to deepen our understanding of real-world cybersecurity vulnerabilities so that we can be knowledgeable about exploits in industry and academic work.
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open ↗GitHub PoC
The forgot-password endpoint in Flowise returns sensitive information including a valid password reset tempToken without authentication or verification. This enables any attacker to generate a reset token for arbitrary users and directly reset their password, leading to a complete account takeover (ATO).
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISK
open ↗GitHub PoC
Professional vulnerability assessment of a multi-VLAN enterprise network (student21.local). Confirmed Stored XSS on WebGoat (HIGH, 16) via OWASP ZAP fuzzer, absent XSS on Magento via server sanitization, and CVE-2017-0144 EternalBlue on Metasploitable 3 (CRITICAL, 25) via Nessus + Wireshark PCAP validation.
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open ↗GitHub PoC★ 1
Jorrit-VM/CVE-2026-33017
Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
100RISK
open ↗GitHub PoC★ 79
Apache ActiveMQ漏洞综合利用工具(CVE-2015-5254,CVE-2016-3088,CVE-2022-41678,CVE-2023-46604,CVE-2024-32114,CVE-2026-34197,CVE-2026-40466, CVE-2026-42588)
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RISK
open ↗GitHub PoC
micheaol/distccd_rce_CVE-2004-2687
distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote at
60RISK
open ↗GitHub PoC
Type Local Privilege Escalation exploit for CVE-2021-3493(Ubuntu Kernel vulnerability) documrnted during TryHackme Lab
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting o
98RISK
open ↗GitHub PoC
Multi-VLAN virtual network across 10 VMs: GRE tunneling, nftables firewall, Active Directory, BIND9 DNS, Kea DHCP, Docker web services, SMB file sharing. Vulnerability assessment using OWASP ZAP (Stored XSS) and Nessus (CVE-2017-0144 EternalBlue). Validated with Wireshark.
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open ↗GitHub PoC
Qualitative TVRA for a multi-VLAN enterprise lab: Stored XSS on WebGoat (HIGH, 16), Stored XSS on Magento (ABSENT, MEDIUM, 8), and CVE-2017-0144 EternalBlue on Metasploitable 3 (CRITICAL, 25). Scored via Likelihood × Impact using CVSS v3.0 and ZAP/Nessus/Wireshark evidence.
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open ↗GitHub PoC★ 1
wa6n3r/CVE-2024-3400
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
100RISK
open ↗GitHub PoC
Black-box test whether an LLM chatbot is vulnerable to markdown/HTML exfil (CVE-2025-32711 class). Spins up a sink, sends payloads, renders in headless Chromium, correlates via network.
M365 Copilot Information Disclosure Vulnerability
48RISK
open ↗GitHub PoC★ 1
CVE-2025-31161
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unle
100RISK
open ↗GitHub PoC
Exploiting Bluekeep (CVE-2019-0708) on windows 7 using metasploit (Esucational lab)
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RISK
open ↗GitHub PoC
NetVanguard-cmd/CVE-2025-61882
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integratio
100RISK
open ↗GitHub PoC★ 1
Cyb3rCr0wCC/cve-2017-11176
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retr
23RISK
open ↗GitHub PoC
rediscovered tplink nday xp (CVE-2023-33538)
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerabili
83RISK
open ↗GitHub PoC
Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback
Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback
60RISK
open ↗GitHub PoC
jithinodattu/CVE-2007-4559-lab
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows
53RISK
open ↗GitHub PoC
Security research & exploitation analysis of CVE-2025-55182 (React) — CVSS + OWASP Top 10 mapping
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗GitHub PoC
Implements the mitigation for CVE-2025-54505 as described by AMD-SB-7053
A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floa
28RISK
open ↗GitHub PoC
coolkiee/CVE-2019-9053
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISK
open ↗GitHub PoC★ 13
Escalating privilege in the system from unsigned driver using throttlestop vulnerability
Code Execution / Escalation of Privileges in ThrottleStop
41RISK
open ↗GitHub PoC
CVE-2025-8110 Specifically for the Silentium box on HTB.
File overwrite in file update API in Gogs
100RISK
open ↗GitHub PoC
Published Details for this CVE
A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to
33RISK
open ↗GitHub PoC★ 1
CVE-2021-25337
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted
63RISK
open ↗GitHub PoC
Samba CVE-2007-2447 Exploit
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.