Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,294cataloged exploits
31,742CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,888GitHub PoC 13,184VulnCheck XDB 8,100Nuclei 4,191Metasploit 3,462✓ verified onlyrecentpopularrisk
13,184 exploits
GitHub PoC
CVE-2025-54123 exploit and documentation
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RISK
open ↗GitHub PoC
0x0asif/CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗GitHub PoC★ 1
Shashivanth009/CVE-2022-46364---Apache-CXF-XOP-Include-LFI-PoC
Apache CXF SSRF Vulnerability
48RISK
open ↗GitHub PoC★ 2
This vulnerability allows an attacker to perform SSRF (Server-Side Request Forgery) attacks on Apache CXF webservices that accept MTOM/XOP requests. The issue exists in how the href attribute of xop:Include is parsed, allowing arbitrary URLs to be requested by the server.
Apache CXF SSRF Vulnerability
48RISK
open ↗GitHub PoC★ 7
CVE-2025-54123 Hoverfly Authenticated Middleware Command Injection RCE
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RISK
open ↗GitHub PoC★ 7
CVE-2022-46364-Poc Apache CXF SSRF via MTOM XOP:Include
Apache CXF SSRF Vulnerability
48RISK
open ↗GitHub PoC
BOLA/IDOR vulnerability in osTicket ajax.tickets.php | Responsible Disclosure
osTicket v1.18.3 - v1.17.7 - BOLA/IDOR in ticket field viewing allows cross-department data disclosure
41RISK
open ↗GitHub PoC
A PoC demonstrating a RCE in Hoverfly (versions ≤ 1.11.3) by abusing the /api/v2/hoverfly/middleware endpoint and injecting a malicious middleware script
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RISK
open ↗GitHub PoC
Explota vulnerabilidad
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISK
open ↗GitHub PoC★ 4
Chrome extension that uses vulnerabilities CVE-2021-33044 and CVE-2021-33045 to log in to Dahua cameras without authentication.
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can by
100RISK
open ↗GitHub PoC
Conducted a full SOC investigation into a Conti ransomware compromise of an Exchange server using Splunk 8.2.2. Analysed 28,145 events across Windows Security, Sysmon, and IIS log sources to reconstruct the complete attack chain. Identified three exploited CVEs (CVE-2020-0796, CVE-2018-13374, CVE-2018-13379), located a trojanised cmd.exe
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 al
75RISK
open ↗GitHub PoC
BastianXploited/CVE-2025-6440
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RISK
open ↗GitHub PoC
Drupal 7 CMS vulnerable to CVE-2018-7600 (Drupalgeddon2), allowing unauthenticated remote code execution.
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISK
open ↗GitHub PoC
SentinelStream AI: A professional SIEM and SOAR platform featuring real-time threat correlation for CVE-2024-21410 and automated incident response logic.
Microsoft Exchange Server Elevation of Privilege Vulnerability
83RISK
open ↗GitHub PoC
Static analysis of the DarkSword iOS WebKit exploit chain — delivery, staging, and CVE breakdown (CVE-2025-31277, CVE-2025-43529)
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, mac
71RISK
open ↗GitHub PoC
Conducted a full SOC investigation into a Conti ransomware compromise of an Exchange server using Splunk 8.2.2. Analysed 28,145 events across Windows Security, Sysmon, and IIS log sources to reconstruct the complete attack chain. Identified three exploited CVEs (CVE-2020-0796, CVE-2018-13374, CVE-2018-13379), located a trojanised cmd.exe
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol h
100RISK
open ↗GitHub PoC
PoC exploit for CVE-2025-34282 - ThingsBoard SSRF via SVG Image Upload
ThingsBoard < v4.2.1 SVG Image SSRF
33RISK
open ↗GitHub PoC
HikvisionExploiter - это Python утилита созданная для автоматизации сканирования и проверки прямого доступа к сети камер Hikvision, нацеленная на поиск уязвимости Web interface версии 3.1.3.150324 + CVE-2021-36260
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation,
100RISK
open ↗GitHub PoC★ 1
Apache Tomcat RCE
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RISK
open ↗GitHub PoC★ 1
Explore CVE-2021-44228, a vulnerability in log4j affecting almost all software under the sun.
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISK
open ↗GitHub PoC
cisco-ise rce poc
Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
48RISK
open ↗GitHub PoC
CVE-2025-64446
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open ↗GitHub PoC
Python port of the Linksys tmUnblock.cgi RCE exploit
Linksys Routers E/WAG/WAP/WES/WET/WRT-Series
85RISK
open ↗GitHub PoC
Sicherheitsaudit einer Drupal-Webanwendung, CVE-2018-7600 geprüft, Nmap/Burp/Metasploit
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISK
open ↗GitHub PoC★ 11
scanner/exploiter CVE-2026-24061 & CVE-2026-32746
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open ↗GitHub PoC
An attacker can execute arbitrary JavaScript in the victim's browser, potentially leading to session hijacking or privilege escalation.
A reflected cross-site scripting (XSS) vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. U
33RISK
open ↗GitHub PoC
A proof-of-concept exploit demonstrating local privilege escalation to root in sudo (CVE-2025-32463) by abusing the --chroot (-R) option and injecting a malicious NSS configuration
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open ↗GitHub PoC★ 5
WinRAR < 7.13 path traversal for persistency
Path traversal vulnerability in WinRAR
93RISK
open ↗GitHub PoC
Intentionally vulnerable Next.js RSC Docker lab for CVE-2025-55182 (React2Shell) local testing
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗GitHub PoC★ 2
A Python 3 reimplementation of the classic CVE-2018-15473 OpenSSH user enumeration exploit, extended with multi-threading, wordlist support, automatic vulnerability detection, and thread-safe exploit patching.
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticati
70RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.