Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
71,180 exploits
GitHub PoC
CVE-2026-43284 & CVE-2026-43500 discovered by Hyunwoo Kim
CVE-2026-43284HIGH11 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
GitHub PoC14
CVE-2026-43284/CVE-2026-43500 'DirtyFrag' Benign patch & mitigation detection script
CVE-2026-43284HIGH11 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
GitHub PoC
Proof of concept of CVE-2026-8161 (Multiparty)
CVE-2026-8161HIGH11 May 2026
multiparty vulnerable to Denial of Service via Prototype Pollution leading to Uncaught Exception
21RISK
open
GitHub PoC1
CVE-2026-31431 - Linux Kernel Page Cache Vulnerability
CVE-2026-31431HIGHunder attack11 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
Relatório de Análise Técnica: Exploração de Falha de Isolamento no Kernel Linux (CVE-2026-31431)
CVE-2026-31431HIGHunder attack11 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
PoC for CVE-2026-8023: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-8023HIGH11 May 2026
Path traversal in Zephyr HTTP server static-filesystem resource handler allows unauthenticated remote arbitrary file read
41RISK
open
GitHub PoC
Lab testing documentation for CVE-2026-31431 (Copy Fail) Linux kernel LPE
CVE-2026-31431HIGHunder attack11 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
CVE-2026-42569
CVE-2026-42569CRITICAL11 May 2026
phpvms: /importer authorization bypass causing full database wipe
43RISK
open
GitHub PoC
Xmyronn/CVE-2026-10289-XSS
CVE-2026-10289MEDIUM11 May 2026
code-projects Hotel and Tourism Reservation System tour.php cross site scripting
33RISK
open
GitHub PoC
Xmyronn/CVE-2026-10288-AUTH-BYPASS
CVE-2026-10288MEDIUM11 May 2026
code-projects Hotel and Tourism Reservation System Admin Login login.php password_verify improper authentication
33RISK
open
GitHub PoC
Xmyronn/CVE-2026-10290-SQLI
CVE-2026-10290MEDIUM11 May 2026
code-projects Hotel and Tourism Reservation System GET Parameter tour.php sql injection
33RISK
open
VulnCheck XDB
initial-access
CVE-2026-0740CRITICAL11 May 2026
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RISK
open
GitHub PoC
CVE-2026-41940 — cPanel/WHM Auth Bypass By Dr.Anach, CRLF injection in `cpsrvd` Basic auth handler → unauthenticated WHM API access → RCE as root. All cPanel since v11.40 affected.
CVE-2026-41940CRITICALunder attackransomware11 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
GitHub PoC29
Double-free in Apache httpd mod_http2 stream cleanup leading to pre-auth RCE.
CVE-2026-23918HIGH11 May 2026
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISK
open
VulnCheck XDB
initial-access
CVE-2026-41940CRITICALunder attackransomware11 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack11 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-43284HIGH11 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack11 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack11 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
Dirtyfrag CVE-2026-43284 & CVE-2026-43500 Scanner
CVE-2026-43284HIGH11 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
VulnCheck XDB
initial-access
CVE-2025-54068CRITICALunder attack11 May 2026
Livewire vulnerable to remote command execution during property update hydration
100RISK
open
GitHub PoC
CVE-2026-40987 PoC
CVE-2026-40987HIGH11 May 2026
Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization
41RISK
open
GitHub PoC
EspoCRM 9.3.3 - Stored HTML Injection in Email Notifications
CVE-2026-33657MEDIUM11 May 2026
EspoCRM: Stored HTML injection in email notifications about stream notes via unescaped post field
13RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack11 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-41940CRITICALunder attackransomware11 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
GitHub PoC
CVE-2026-6274 - Redline WR3200 Broken Authentication
CVE-2026-6274CRITICAL11 May 2026
Authentication Bypass in DTS Electronics' Redline WR3200
28RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack11 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
SSTI contact form to rce
CVE-2026-4257CRITICAL11 May 2026
Contact Form by Supsystic <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality
75RISK
open
GitHub PoC27
arm64/aarch64 port of V4bel/dirtyfrag (CVE-2026-43284). ESP-only - rxrpc path kernel-oopses on arm64 due to flush_dcache_page
CVE-2026-43284HIGH10 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack10 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
previouspage 62 / 2,373next

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.