Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
71,180 exploits
GitHub PoC
branixsolutions/Security-CVE-2026-41940-cPanel-WHM-WP2
CVE-2026-41940CRITICALunder attackransomware08 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
GitHub PoC
Desc "Fix Redis CVE ultil 20260508-10h51 GMT+7"
CVE-2026-25589HIGH08 May 2026
RedisBloom RESTORE invalid memory access may allow remote code execution
21RISK
open
VulnCheck XDB
initial-access
CVE-2024-4040CRITICALunder attack08 May 2026
Unauthenticated arbitrary file read and remote code execution in CrushFTP
100RISK
open
GitHub PoC
CTT-Enhanced Apache mod_auth_digest Timing Attack — CVE-2026-33006 Remote Digest Authentication Bypass → 33-Layer Temporal Timing Attack Original vulnerability: Apache HTTP Server 2.4.66 (mod_auth_digest timing leak) CTVSS (Original): 4.8 (Medium) CTT-Enhanced CVSS: 7.5 (High) — Network, low complexity, temporal wedge evasion
CVE-2026-33006MEDIUM08 May 2026
Apache HTTP Server: mod_auth_digest timing attack
13RISK
open
GitHub PoC2
Dirty Frag (CVE-2026-43284/43500) - Linux Kernel LPE Deep Technical Analysis by Bomb
CVE-2026-43284HIGH08 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
GitHub PoC14
CVE-2026-43284
CVE-2026-43284HIGH08 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
GitHub PoC12
A proof-of-concept demonstrating how a default, unprivileged Kubernetes Pod can achieve node-level code execution on Amazon EKS by exploiting the Dirty Frag (CVE-2026-43284) Linux kernel page-cache corruption vulnerability through shared container image layers.
CVE-2026-43284HIGH08 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
GitHub PoC
Tracking CVE-2026-43284
CVE-2026-43284HIGH08 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
VulnCheck XDB
client-side
CVE-2022-30190HIGHunder attackransomware08 May 2026
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISK
open
GitHub PoC
rootdirective-sec/CVE-2026-34197-Lab
CVE-2026-34197HIGHunder attack08 May 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RISK
open
GitHub PoC1
kyukazamiqq/cve-2026-5718
CVE-2026-5718HIGH08 May 2026
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RISK
open
GitHub PoC1
CVE-2026-31431 in C for aarch64 and amd64
CVE-2026-31431HIGHunder attack08 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
rootdirective-sec/CVE-2026-3844-Lab
CVE-2026-3844CRITICAL08 May 2026
Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
75RISK
open
GitHub PoC
ameerhamza-malik/CVE-2026-42796
CVE-2026-42796CRITICAL08 May 2026
Arelle < 2.39.10 Unauthenticated RCE via /rest/configure
28RISK
open
GitHub PoC
HiteshGorana/susvibes-jupyter-server-cve-2026-35397
CVE-2026-35397HIGH08 May 2026
jupyter-server path traversal allows access to sibling directories sharing root_dir name prefix
21RISK
open
GitHub PoC3
Wazuh 4.14.4 detection rules for CVE-2026-43284 / CVE-2026-43500 (Dirty Frag) - Linux Local Privilege Escalation via page cache write
CVE-2026-43284HIGH08 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
GitHub PoC
Paranoid disable Linux IPsec ESP support (esp4/esp6) and RxRPC support.
CVE-2026-43284HIGH08 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
GitHub PoC2
Vulnerability detection and mitigation tool for Copy Fail and Dirty Frag bugs (CVE-2026-31431, CVE-2026-43284, CVE-2026-43500)
CVE-2026-31431HIGHunder attack08 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
Metasploit400
rxkad Page-Cache Write via CVE-2026-43500
CVE-2026-43500HIGH08 May 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RISK
open
Metasploit400
xfrm-ESP Page-Cache Write via CVE-2026-43284
CVE-2026-43284HIGH08 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
GitHub PoC
Xmyronn/CVE-2026-10243-AUTH
CVE-2026-10243MEDIUM08 May 2026
code-projects Smart Parking System Admin Endpoint missing authentication
33RISK
open
VulnCheck XDB
local
CVE-2026-43284HIGH08 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
GitHub PoC
EspoCRM 9.3.3 - Authenticated SSRF via Alternative IPv4 Notation
CVE-2026-33534MEDIUM08 May 2026
EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation
48RISK
open
VulnCheck XDB
initial-access
CVE-2026-5718HIGH08 May 2026
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack08 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack08 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-43284HIGH07 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
Exploit-DB
NocoBase 2.0.27 - VM Sandbox Escape
CVE-2026-34156CRITICAL07 May 2026
NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node
75RISK
open
previouspage 65 / 2,373next

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.