Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
71,180 exploits
VulnCheck XDB
initial-access
CVE-2026-8181CRITICAL15 May 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open
VulnCheck XDB
initial-access
CVE-2012-3152CRITICALunder attack15 May 2026
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
100RISK
open
GitHub PoC13
CVE-2026-46300
CVE-2026-46300HIGH15 May 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISK
open
GitHub PoC2
CVE-2026-8181 PoC: Burst Statistics (3.4.0–3.4.1.1) authentication bypass. Python tool — single & multi-target scans, threaded workers, TXT reports. Authorized testing only. Maintainer: mürrez.
CVE-2026-8181CRITICAL15 May 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open
GitHub PoC
Medaz-Sploit/CVE-2025-9074-Docker-Desktop-API-Escape-PoC
CVE-2025-9074CRITICAL15 May 2026
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RISK
open
GitHub PoC
nhh9905/CVE-2022-37969
CVE-2022-37969HIGHunder attack15 May 2026
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RISK
open
Exploit-DB
PJPROJECT 2.16 - Heap Bufferoverflow
CVE-2026-25994HIGH14 May 2026
PJSIP has a heap buffer overflow in ICE with long username
41RISK
open
Exploit-DB
ePati Antikor NGFW 2.0.1301 - Authentication Bypass
CVE-2026-2624CRITICAL14 May 2026
Authentication Bypass in ePati's Antikor NGFW
48RISK
open
GitHub PoC
mbanyamer/CVE-2026-22553-InSAT-MasterSCADA-BUK-TS-MMadmServ
CVE-2026-22553CRITICAL14 May 2026
InSAT MasterSCADA BUK-TS OS Command Injection
48RISK
open
GitHub PoC
Test repo: simulates CVE-2025-30066 style compromised GitHub Action (for security research/testing chainradar)
CVE-2025-30066HIGHunder attack14 May 2026
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 thr
83RISK
open
Metasploit300
Linux Kernel __ptrace_may_access() Exit Race chage File Disclosure
CVE-2026-46333HIGH14 May 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISK
open
GitHub PoC19
NGINX Rift 漏洞分析与复现
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC2
nanwinata/nginxrift-CVE-2026-42945
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
initial-access
CVE-2021-22204MEDIUMunder attack14 May 2026
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code exec
100RISK
open
GitHub PoC2
CVE-2026-42945
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC
ChamsBouzaiene/ai-vuln-rediscovery-nginx-cve-2026-42945
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC
ydking0911/CVE-2026-4060-PoC
CVE-2026-4060HIGH14 May 2026
Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'sort' Parameter
41RISK
open
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
denial-of-service
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC33
Nginx Rewrite CVE Scan(CVE-2026-42945 nginx-rift CVE-2026-9256)
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC
0xFuffM3/CVE-2026-31431-CopyFail
CVE-2026-31431HIGHunder attack14 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC15
p3Nt3st3r-sTAr/CVE-2026-42945-POC
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC1
Scan your NGINX configuration to determine whether it is affected by CVE-2026-42945.
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC
A CopyFail CVE-2026-31431 implementation in python that isnt slop! Bring your own payload
CVE-2026-31431HIGHunder attack14 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter
CVE-2026-6145MEDIUM14 May 2026
User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter
33RISK
open
GitHub PoC
A comprehensive full-lifecycle penetration testing project on Joomla 4.2.5 exploiting CVE-2023-23752 inside a Dockerized lab environment
CVE-2023-23752MEDIUMunder attack14 May 2026
[20230201] - Core - Improper access check in webservice endpoints
100RISK
open
previouspage 58 / 2,373next

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.