Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
13,140 exploits
GitHub PoC★ 4
PoC for CVE-2026-13585
Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in
41RISK
open ↗GitHub PoC
CVE-2025-10681: Hardcoded Azure Blob Storage Account Key — Gardyn Home Kit (ICSA-26-055-03)
Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials
41RISK
open ↗GitHub PoC
thorat-shubham/JXL_Infotainment_CVE-2025-69515
An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system int
48RISK
open ↗GitHub PoC★ 1
Apache Tomcat(CVE-2020-1938)漏洞验证脚本
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISK
open ↗GitHub PoC
Project: vsFTPd 2.3.4 backdoor exploitation (CVE-2011-2523) on Metasploitable 2.
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISK
open ↗GitHub PoC
e1st/CVE-2025-56015
In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint.
41RISK
open ↗GitHub PoC
sathish46-lab/CVE-2025-48384-submodule
Git allows arbitrary code execution through broken config quoting
71RISK
open ↗GitHub PoC
CVE-2025-8088 is a critical path traversal vulnerability in WinRAR 7.12
Path traversal vulnerability in WinRAR
93RISK
open ↗GitHub PoC
Python Exploit for CVE: 2018-9276
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RISK
open ↗GitHub PoC
Este script es para uso educativo y en entornos autorizados como HackTheBox. El uso contra sistemas sin permiso explícito es ilegal.
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RISK
open ↗GitHub PoC
CVE-2026-28766: Missing Authentication on User Account Endpoint — Gardyn Home Kit (ICSA-26-055-03)
Gardyn Cloud API Missing Authentication for Critical Function
48RISK
open ↗GitHub PoC
CVE-2026-32662: Active Debug Code in Production — Gardyn Home Kit (ICSA-26-055-03)
Gardyn Cloud API Active Debug Code
33RISK
open ↗GitHub PoC
CVE-2026-32646: Missing Authentication on Admin Device Endpoint — Gardyn Home Kit (ICSA-26-055-03)
Gardyn Cloud API Missing Authentication for Critical Function
41RISK
open ↗GitHub PoC
CVE-2026-28767: Missing Authentication on Admin Notifications Endpoint — Gardyn Home Kit (ICSA-26-055-03)
Gardyn Cloud API Missing Authentication for Critical Function
33RISK
open ↗GitHub PoC
PoC: CVE-2025-30065 incomplete fix bypass in Apache Parquet Java 1.15.1
Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata
60RISK
open ↗GitHub PoC
amikanev/CVE-2025-23061-LAB
Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NO
63RISK
open ↗GitHub PoC★ 1
Exploit for CVE-2023-32749 affecting Pydio Cells 4.1.2 and earlier
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying t
46RISK
open ↗GitHub PoC★ 1
End-to-end vulnerability management lifecycle on Azure Windows Server 2025. Features OS patching and network-level compensating controls (NSG) to mitigate CVE-2025-14847.
Zlib compressed protocol header length confusion may allow memory read
100RISK
open ↗GitHub PoC
open-flaw/CVE-2025-49844
Redis Lua Use-After-Free may lead to remote code execution
85RISK
open ↗GitHub PoC
avitoriagomes/CVE-2024-29988
SmartScreen Prompt Security Feature Bypass Vulnerability
83RISK
open ↗GitHub PoC★ 1
A comprehensive collection of 12 containerized web exploitation challenges covering CVE-2023-25690, WebAuthn bypasses, HTTP/3 smuggling, and advanced XSS/RCE chains
Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy
70RISK
open ↗GitHub PoC
python code for CVE-2018-15473, using paramiko
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticati
70RISK
open ↗GitHub PoC
rachidafaf/bola-CVE-2023-27524
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RISK
open ↗GitHub PoC
Um estudo de caso do CVE-2024-21413. Usado como parâmetro a sala do TryHackMe Moniker Link (CVE-2024-21413). Feito edições com claude code no exploit.
Microsoft Outlook Remote Code Execution Vulnerability
100RISK
open ↗GitHub PoC
Using Struts2 and PowerShell to recreate CVE-2017-5638 OGNL Injection vulnerability.
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RISK
open ↗GitHub PoC
vettrivel007/CVE-2024-49138
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RISK
open ↗GitHub PoC
Dahalsamir/CVE-2011-2523-exploit
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.