Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
71,180 exploits
GitHub PoC
Snort 3 IDS → IPS lab on Kali. Custom detection rules + iptables enforcement against ICMP recon, Nmap SYN scans, Hydra FTP brute force, and vsftpd 2.3.4 backdoor (CVE-2011-2523).
CVE-2011-252314 May 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISK
open
Exploit-DB
ePati Antikor NGFW 2.0.1301 - Authentication Bypass
CVE-2026-2624CRITICAL14 May 2026
Authentication Bypass in ePati's Antikor NGFW
48RISK
open
GitHub PoC2
CVE-2026-42945
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC
ChamsBouzaiene/ai-vuln-rediscovery-nginx-cve-2026-42945
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC19
NGINX Rift 漏洞分析与复现
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC2
nanwinata/nginxrift-CVE-2026-42945
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC
A comprehensive full-lifecycle penetration testing project on Joomla 4.2.5 exploiting CVE-2023-23752 inside a Dockerized lab environment
CVE-2023-23752MEDIUMunder attack14 May 2026
[20230201] - Core - Improper access check in webservice endpoints
100RISK
open
GitHub PoC46
exploit for CVE-2026-42945
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
GitHub PoC
A CopyFail CVE-2026-31431 implementation in python that isnt slop! Bring your own payload
CVE-2026-31431HIGHunder attack14 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC5
CVE-2026-8181 - Burst Statistics 3.4.0-3.4.1.1 Unauthenticated Authentication Bypass to Admin Account Takeover | Proof of Concept
CVE-2026-8181CRITICAL14 May 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open
GitHub PoC
0xFuffM3/CVE-2026-31431-CopyFail
CVE-2026-31431HIGHunder attack14 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
Metasploit300
Linux Kernel __ptrace_may_access() Exit Race chage File Disclosure
CVE-2026-46333HIGH14 May 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISK
open
Exploit-DB
coreruleset 4.21.0 - Firewall Bypass
CVE-2026-21876CRITICAL13 May 2026
OWASP CRS has multipart bypass using multiple content-type parts
53RISK
open
GitHub PoC
CVE-2026-41729 PoC
CVE-2026-41729HIGH13 May 2026
Spring Data REST SpEL Injection via Map Key in JSON Patch
41RISK
open
GitHub PoC
pixelotes/lab-cve-2023-4863
CVE-2023-4863HIGHunder attack13 May 2026
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to
93RISK
open
GitHub PoC
copy-fail-CVE-2026-31431
CVE-2026-31431HIGHunder attack13 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC1
First CTF successfully completed! This repo documents my walkthrough of TryHackMe's Simple CTF. It covers network reconnaissance (Nmap), web exploitation (CVE-2019-9053), and credential cracking. As a dev, it was great to pivot from SQLi to a Root shell by leveraging Sudo misconfigurations. Educational purposes only.
CVE-2019-905313 May 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISK
open
GitHub PoC
SessionReaper-CVE-2025-54236
CVE-2025-54236CRITICALunder attack13 May 2026
Adobe Commerce | Improper Input Validation (CWE-20)
100RISK
open
GitHub PoC
CVE-2026-0001. Do with your own risk
CVE-2026-23760CRITICALunder attackransomware13 May 2026
SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API
100RISK
open
GitHub PoC7
🚀 CVE-2026-0073 - Android ADB Wireless Debugging Exploit (CVSS 8.8) 🔓 Zero-click authentication bypass via TLS type confusion. Gain interactive shell, execute commands, scan networks. Educational red-team tool. 🐚⚡
CVE-2026-0073HIGH13 May 2026
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RISK
open
Exploit-DB
Flowise < 3.0.5 - Missing Authentication for Critical Function
CVE-2025-58434CRITICAL13 May 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISK
open
GitHub PoC
FrosterDL/CVE-2026-43284
CVE-2026-43284HIGH13 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
GitHub PoC
OOB verifier for GHSA-c4j6-fc7j-m34r / CVE-2026-44578 (Next.js WebSocket-upgrade SSRF)
CVE-2026-44578HIGH13 May 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack13 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
A tiny explanation + PoC for CVE-2026-43284
CVE-2026-43284HIGH13 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
GitHub PoC
CVE-2026-44277
CVE-2026-44277CRITICAL13 May 2026
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticat
48RISK
open
GitHub PoC254
Full exploit code for CVE-2026-40369 - A Windows kernel arbitrary write vulnerability that allows browser sandbox escape from all browsers render process sandbox
CVE-2026-40369HIGH13 May 2026
Windows Kernel Elevation of Privilege Vulnerability
41RISK
open
GitHub PoC
Controlled reproduction of CVE-2017-0144 (EternalBlue) in an isolated AWS EC2 lab — exploit analysis, Wireshark traffic capture, and MITRE ATT&CK mapping
CVE-2017-0144HIGHunder attackransomware13 May 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open
GitHub PoC
bogdanrotariu/cve-2026-29204-whmcs-clientarea-addonid
CVE-2026-29204CRITICAL13 May 2026
Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using anoth
48RISK
open
GitHub PoC1
Analísis - POC - Mitigación
CVE-2026-31431HIGHunder attack13 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
previouspage 59 / 2,373next

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.