Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
13,086 exploits
GitHub PoC★ 2
CVE-2026-48908 — PoC exploit for unauthenticated RCE in SP Page Builder (Joomla) via arbitrary file upload. Multi‑threaded, case‑bypass, shell verification. For authorized security testing only.
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISK
open ↗GitHub PoC
PoC for CVE-2026-54350 — Budibase unauthenticated NoSQL operator injection (CVSS 10.0). Read/mass-write any document collection via a PUBLIC query.
Budibase: Anonymous NoSQL operator injection via published-app query templates
48RISK
open ↗GitHub PoC★ 2
CVE-2026-8451 - Citrix NetScaler SAML Memory Overread (CitrixBleed) - PoC & Analysis | CVSS 8.8 | AMN SECURITY
Insufficient input validation leading to memory overread
41RISK
open ↗GitHub PoC
Laboratory validation of CVE-2026-48282 in Adobe ColdFusion RDS, covering arbitrary CFM file write, code execution as the ColdFusion service user, auditd and PCAP evidence, event timeline reconstruction, and SOC detection recommendations. Includes Polish and English reports.
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
68RISK
open ↗GitHub PoC
CVE-2026-14191 - Draft
WinRAR / UnRAR RAR5 recovery-volume (.rev) out-of-bounds heap write in RecVolumes5::ReadHeader
41RISK
open ↗GitHub PoC★ 1
CVE-2026-14762 exploit for Hotel & Tourism Reservation 1.0. Time-based blind SQL injection via /admin/rooms.php?delete. Dumps DB, tables, columns, reads files, writes webshells. Multi-threaded, proxy support, interactive shell. CVSS 7.3. Authorized testing only. By| @tc4dy
code-projects Hotel and Tourism Reservation Room Management rooms.php sql injection
33RISK
open ↗GitHub PoC
CVE-2026-11405 - Draft
Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows admin access to web management interface
48RISK
open ↗GitHub PoC
Vtiger CRM 8.3.0, 8.4.0 Module Import Authenticated RCE PoC
Vtiger CRM 8.4.0 Authenticated RCE via Module Import File Upload
41RISK
open ↗GitHub PoC
Vtiger CRM 8.3.0 Authenticated RCE via .phar Upload
Vtiger CRM < 8.4.0 Authenticated File Upload RCE via Documents Module
41RISK
open ↗GitHub PoC
Exploitability PoC for CVE-2026-49352 (9router Hardcoded JWT Secret Authentication Bypass)
9Router: Hardcoded Default fallback JWT Secret Allows Authentication Bypass
45RISK
open ↗GitHub PoC
Reproducer for CVE-2026-40022: Apache Camel camel-platform-http-main authentication bypass on non-root context paths
Apache Camel Platform HTTP Main: Authentication Bypass on Non-Root Context Paths in camel main runtime
41RISK
open ↗GitHub PoC
Reproducer for CVE-2026-27172: Apache Camel camel-consul ConsulRegistry Java deserialization (RCE)
Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store
41RISK
open ↗GitHub PoC
Reproducer for CVE-2026-33453: Apache Camel camel-coap header injection to RCE via camel-exec
Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution
63RISK
open ↗GitHub PoC★ 1
Reproducer for CVE-2026-33454: Apache Camel camel-mail header injection to RCE via camel-exec
Apache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant)
48RISK
open ↗GitHub PoC★ 20
imbas007/CVE-2026-48282
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
68RISK
open ↗GitHub PoC
OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value.
OpenBullet2 0.3.2 Authentication Bypass via X-Api-Key Header
63RISK
open ↗GitHub PoC
HTB "Abducted" write-up. Exploit CVE-2026-4480 (Samba RCE) → SMB wide links → systemd → root. Full methodology and flags.
Samba: samba: remote code execution in printing subsystem via unescaped job description
68RISK
open ↗GitHub PoC
AF_ALG/splice 기반 Linux Page Cache 변조 취약점 분석 및 대응 실습
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC
Rust-based DLL hijacking loader for MobaXterm (CVE-2026-6421) with persistence
Mobatek MobaXterm Home Edition msimg32.dll uncontrolled search path
41RISK
open ↗GitHub PoC
HTB_Nexus Penetration Test Report – Comprehensive security assessment documenting credential leakage from Gitea, CVE-2026-38526 exploitation in Krayin CRM, and privilege escalation via Gitea template sync directory traversal. Mapped to MITRE ATT&CK and NSA D3FEND frameworks with actionable remediation roadmap and full evidence appendix.
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RISK
open ↗GitHub PoC
Exploit for Authenticated Remote Code Execution (RCE) in Krayin CRM v2.2.x (CVE-2026-38526)
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RISK
open ↗GitHub PoC★ 6
jaf0rk/CVE-2026-14382
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to
48RISK
open ↗GitHub PoC★ 2
Pre-auth arbitrary file upload RCE exploit for iCagenda Joomla extension < 4.0.8 (CVSS 10.0)
Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15
78RISK
open ↗GitHub PoC
Pre-auth Local File Inclusion in WP User Manager <= 2.9.17 via path traversal in tab parameter (CVSS 7.5)
WP User Manager <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion via 'tab' Query Parameter
56RISK
open ↗GitHub PoC
bayu06802/CVE-2026-48908
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISK
open ↗GitHub PoC
Proof of Concept (PoC) for CVE-2026-49975 – HTTP/2 server memory exhaustion attack leveraging HPACK amplification and connection retention (HTTP/2 Slowloris).
Apache HTTP Server: mod_http2 denial of service
46RISK
open ↗GitHub PoC
MESLIMOHAMEDM22005188/path-traversal-CVE-2026-14628
NousResearch hermes-agent Live Webhook Endpoint base.py extract_media path traversal
33RISK
open ↗GitHub PoC★ 1
QNAP password reset URL injection writeup + PoC.
QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)
28RISK
open ↗GitHub PoC★ 4
Pre-auth path traversal to arbitrary file delete in Avada (Fusion) Builder <= 3.15.3 leading to RCE (CVSS 9.1)
Avada (Fusion) Builder <= 3.15.3 - Unauthenticated Arbitrary File Deletion via Form Entry Value
48RISK
open ↗GitHub PoC
Eliot-code/CVE-2026-22874-PoC
Gitea webhook and migration allow-list filtering permits SSRF
48RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.