Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
71,180 exploits
GitHub PoC★ 3
🛡️ Script to test for NGINX CVE-2026-42945
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗GitHub PoC★ 5
Research on `pidfd_getfd(2)`-based file descriptor leakage from privileged SUID processes. Demonstrates race-condition FD capture against OpenSSH `ssh-keysign` and exposure of sensitive root-owned file handles.
ptrace: slightly saner 'get_dumpable()' logic
56RISK
open ↗GitHub PoC★ 1
Renison-Gohel/CVE-2026-42945-NGINX-Rift
NGINX ngx_http_rewrite_module vulnerability
60RISK
open ↗VulnCheck XDB
local
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
46RISK
open ↗GitHub PoC★ 1
Use CVE-2026-46333 and CVE-2026-31431 to change any user's password.
ptrace: slightly saner 'get_dumpable()' logic
56RISK
open ↗GitHub PoC★ 1
usmansec/-CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open ↗GitHub PoC
Intentionally vulnerable Log4j 2.14.1 demo for Sysdig CNAPP scanning (CVE-2021-44228)
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISK
open ↗GitHub PoC
Maxime288/CVE-2026-31431-Copy-Fail-R-pertoire-de-Pr-vention
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC★ 2
Automated Metasploit post-exploitation module for CVE-2026-31431 ("Copy Fail"). Weaponizes a deterministic logic flaw in the Linux kernel AF_ALG subsystem to achieve local privilege escalation (LPE) to root by safely corrupting a setuid binary directly in the shared Page Cache (RAM) without modifying files on disk
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗VulnCheck XDB
initial-access
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISK
open ↗GitHub PoC
Read-only cPanel CVE-2026-41940 IOC detector for .sorry ransomware, Mr_Rot13 Filemanager backdoors, C2 callbacks, cron, SSH, and logs.
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open ↗GitHub PoC★ 4
CVE-2026-38526 | Krayin CRM v2.2.x Authenticated RCE - Unrestricted PHP File Upload via TinyMCE
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RISK
open ↗GitHub PoC
Safe Python scanner for CVE-2020-3452 (Cisco ASA/FTD WebVPN Directory Traversal)
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability
100RISK
open ↗GitHub PoC
Python toolkit to audit Apache HTTP Server against CVE-2026-23918 (HTTP/2 double-free RCE) and 4 related CVEs. Passive scanner with ALPN verification + read-only local auditor. No exploits.
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISK
open ↗GitHub PoC★ 2
Technical breakdown of CVE-2026-34473, an unauthenticated denial of service affecting 17+ ZTE router models.
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H
41RISK
open ↗GitHub PoC
User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload
User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload
48RISK
open ↗GitHub PoC★ 7
CVE-2026-44578: Next.js WebSocket Upgrade SSRF — pre-auth credential theft via localhost:80. Lab + exploit + audit.
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISK
open ↗GitHub PoC★ 1
CVE-2026-44578
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISK
open ↗VulnCheck XDB
initial-access
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open ↗VulnCheck XDB
initial-access
Custom CSS JS PHP <= 2.0.7 - Unauthenticated SQL Injection to RCE
56RISK
open ↗GitHub PoC
Safe Python scanner for CVE-2025-20362 (Cisco ASA/FTD WebVPN Authentication Bypass)
Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Softwar
100RISK
open ↗GitHub PoC★ 1
This exploit is based on CVE-2021-33393 and was built upon the original exploit by Mücahit Saratar, extending it to achieve a reverse shell with root privileges.
lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It
50RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.