Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
13,140 exploits
GitHub PoC4
PoC for CVE-2026-13585
CVE-2026-13585HIGH07 Apr 2026
Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in
41RISK
open
GitHub PoC
CVE-2025-10681: Hardcoded Azure Blob Storage Account Key — Gardyn Home Kit (ICSA-26-055-03)
CVE-2025-10681HIGH07 Apr 2026
Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials
41RISK
open
GitHub PoC
thorat-shubham/JXL_Infotainment_CVE-2025-69515
CVE-2025-69515CRITICAL07 Apr 2026
An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system int
48RISK
open
GitHub PoC1
Apache Tomcat(CVE-2020-1938)漏洞验证脚本
CVE-2020-1938CRITICALunder attack07 Apr 2026
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISK
open
GitHub PoC
Project: vsFTPd 2.3.4 backdoor exploitation (CVE-2011-2523) on Metasploitable 2.
CVE-2011-252307 Apr 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISK
open
GitHub PoC
e1st/CVE-2025-56015
CVE-2025-56015HIGH07 Apr 2026
In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint.
41RISK
open
GitHub PoC
sathish46-lab/CVE-2025-48384-submodule
CVE-2025-48384HIGHunder attack07 Apr 2026
Git allows arbitrary code execution through broken config quoting
71RISK
open
GitHub PoC
CVE-2025-8088 is a critical path traversal vulnerability in WinRAR 7.12
CVE-2025-8088HIGHunder attack07 Apr 2026
Path traversal vulnerability in WinRAR
93RISK
open
GitHub PoC
CVE-2025-13315
CVE-2025-13315CRITICAL07 Apr 2026
Unauthenticated log access in Twonky Server
75RISK
open
GitHub PoC
Python Exploit for CVE: 2018-9276
CVE-2018-9276HIGHunder attack07 Apr 2026
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RISK
open
GitHub PoC
Este script es para uso educativo y en entornos autorizados como HackTheBox. El uso contra sistemas sin permiso explícito es ilegal.
CVE-2025-9074CRITICAL07 Apr 2026
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RISK
open
GitHub PoC
CVE-2026-28766: Missing Authentication on User Account Endpoint — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-28766CRITICAL07 Apr 2026
Gardyn Cloud API Missing Authentication for Critical Function
48RISK
open
GitHub PoC
CVE-2026-32662: Active Debug Code in Production — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-32662MEDIUM07 Apr 2026
Gardyn Cloud API Active Debug Code
33RISK
open
GitHub PoC
CVE-2026-32646: Missing Authentication on Admin Device Endpoint — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-32646HIGH07 Apr 2026
Gardyn Cloud API Missing Authentication for Critical Function
41RISK
open
GitHub PoC
CVE-2026-28767: Missing Authentication on Admin Notifications Endpoint — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-28767MEDIUM07 Apr 2026
Gardyn Cloud API Missing Authentication for Critical Function
33RISK
open
GitHub PoC
zsxen/CVE-2025-1974
CVE-2025-1974CRITICAL06 Apr 2026
ingress-nginx admission controller RCE escalation
85RISK
open
GitHub PoC
zsxen/cve-2025-1974-lab
CVE-2025-1974CRITICAL06 Apr 2026
ingress-nginx admission controller RCE escalation
85RISK
open
GitHub PoC
PoC: CVE-2025-30065 incomplete fix bypass in Apache Parquet Java 1.15.1
CVE-2025-30065CRITICAL06 Apr 2026
Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata
60RISK
open
GitHub PoC
amikanev/CVE-2025-23061-LAB
CVE-2025-23061CRITICAL06 Apr 2026
Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NO
63RISK
open
GitHub PoC1
Exploit for CVE-2023-32749 affecting Pydio Cells 4.1.2 and earlier
CVE-2023-32749HIGH06 Apr 2026
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying t
46RISK
open
GitHub PoC1
End-to-end vulnerability management lifecycle on Azure Windows Server 2025. Features OS patching and network-level compensating controls (NSG) to mitigate CVE-2025-14847.
CVE-2025-14847HIGHunder attack06 Apr 2026
Zlib compressed protocol header length confusion may allow memory read
100RISK
open
GitHub PoC
open-flaw/CVE-2025-49844
CVE-2025-49844CRITICAL06 Apr 2026
Redis Lua Use-After-Free may lead to remote code execution
85RISK
open
GitHub PoC
avitoriagomes/CVE-2024-29988
CVE-2024-29988HIGHunder attack06 Apr 2026
SmartScreen Prompt Security Feature Bypass Vulnerability
83RISK
open
GitHub PoC1
A comprehensive collection of 12 containerized web exploitation challenges covering CVE-2023-25690, WebAuthn bypasses, HTTP/3 smuggling, and advanced XSS/RCE chains
CVE-2023-25690CRITICAL05 Apr 2026
Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy
70RISK
open
GitHub PoC
python code for CVE-2018-15473, using paramiko
CVE-2018-15473MEDIUM05 Apr 2026
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticati
70RISK
open
GitHub PoC
rachidafaf/bola-CVE-2023-27524
CVE-2023-27524HIGHunder attack05 Apr 2026
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RISK
open
GitHub PoC
Um estudo de caso do CVE-2024-21413. Usado como parâmetro a sala do TryHackMe Moniker Link (CVE-2024-21413). Feito edições com claude code no exploit.
CVE-2024-21413CRITICALunder attack05 Apr 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RISK
open
GitHub PoC
Using Struts2 and PowerShell to recreate CVE-2017-5638 OGNL Injection vulnerability.
CVE-2017-5638CRITICALunder attackransomware05 Apr 2026
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RISK
open
GitHub PoC
vettrivel007/CVE-2024-49138
CVE-2024-49138HIGHunder attack04 Apr 2026
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RISK
open
GitHub PoC
Dahalsamir/CVE-2011-2523-exploit
CVE-2011-252304 Apr 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.