Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
71,180 exploits
Exploit-DB
Ghost CMS 6.19.0 - SQLi
CVE-2026-26980CRITICAL07 May 2026
Ghost has a SQL Injection in its Content API
75RISK
open
Metasploit300
Cisco Catalyst SD-WAN Controller vHub Authentication Bypass
CVE-2026-20182CRITICALunder attack07 May 2026
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISK
open
GitHub PoC
julichaan/CVE-2026-31431-python-copyfail-POC
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC1
FlowiseAI CVE-2025-58434 & CVE-2025-59528 exploit PoC, demonstrating unauthenticated ATO via reset token leakage, followed by authenticated RCE. Includes a reproductible Docker lab environment.
CVE-2025-58434CRITICAL07 May 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISK
open
GitHub PoC1
CVE-2026-23918 Apache mod_http2 Double-Free Detector
CVE-2026-23918HIGH07 May 2026
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISK
open
GitHub PoC
abdelkabirouadoukou/CVE-2026-31431-Analysis-and-Fix
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
CVE-2026-31431, AKA Copy Fail, can be mitigated in one-line with bpftrace
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC1
cve-2026-41940 cPanel/WHM Authentication Bypass - Detection Artifact Generator
CVE-2026-41940CRITICALunder attackransomware07 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
GitHub PoC1
HTB Snapped — Hard Linux machine writeup. CVE-2026-27944 (Nginx UI unauthenticated backup disclosure) chained with CVE-2026-3888 (snapd race condition LPE) to achieve full system compromise.
CVE-2026-27944CRITICAL07 May 2026
Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure
68RISK
open
GitHub PoC1
CVE-2026-31431 Copy Fail
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
Exploit-DB
NocoBase 2.0.27 - VM Sandbox Escape
CVE-2026-34156CRITICAL07 May 2026
NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node
75RISK
open
VulnCheck XDB
initial-access
CVE-2025-6440CRITICAL07 May 2026
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RISK
open
GitHub PoC
CVE-2026-31431 (Copy Fail) novel exploit: live code corruption via page cache. Overwrites libc exit() code through MAP_PRIVATE page sharing — affects ALL running processes.
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
Discovery and original disclosure of CVE-2026-31431: Theori / Xint. Public writeup: https://copy.fail/.
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-3844CRITICAL07 May 2026
Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-41940CRITICALunder attackransomware07 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
GitHub PoC171
Next.js v16.2.4 Security PoC Collection (CVE-2026-23870, CVE-2026-44575, CVE-2026-44579, CVE-2026-44574, CVE-2026-44578, CVE-2026-44573, CVE-2026-44581, CVE-2026-44580, CVE-2026-44577, CVE-2026-44576, CVE-2026-44582, CVE-2026-44572)
CVE-2026-23870HIGH07 May 2026
A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpo
41RISK
open
GitHub PoC
CVE-2026-44590 - Sherlock <= v0.16.0 - RCE via pull_request_target Injection → Supply Chain Compromise
CVE-2026-44590CRITICAL07 May 2026
Sherlock: Command Injection via pull_request_target in validate_modified_targets.yml
28RISK
open
GitHub PoC33
CVE-2026-23631 (DarkReplica) Redis Exploit
CVE-2026-23631MEDIUM07 May 2026
redis-server Lua use-after-free may allow remote code execution
33RISK
open
VulnCheck XDB
info-leak
CVE-2026-7482HIGH07 May 2026
Ollama heap out-of-bounds read in GGUF tensor parsing leaks server process memory to unauthenticated remote attackers
21RISK
open
VulnCheck XDB
initial-access
CVE-2025-59528CRITICAL07 May 2026
Flowise has Remote Code Execution vulnerability
85RISK
open
Exploit-DB
ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery (SSRF)
CVE-2025-34282MEDIUM07 May 2026
ThingsBoard < v4.2.1 SVG Image SSRF
33RISK
open
GitHub PoC
borahll/CVE-2021-21220
CVE-2021-21220HIGHunder attack07 May 2026
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to po
100RISK
open
GitHub PoC
Caliburn9/CVE-2023-21716-Analysis-ICT287
CVE-2023-21716CRITICAL07 May 2026
Microsoft Word Remote Code Execution Vulnerability
70RISK
open
Exploit-DB
Bludit CMS 3.18.4 - RCE
CVE-2026-25099HIGH07 May 2026
Remote Code Execution via Unrestricted File Upload in Bludit
41RISK
open
GitHub PoC
Vulnerability Research and Exploit for CVE-2019-10149
CVE-2019-10149CRITICALunder attack07 May 2026
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message(
100RISK
open
GitHub PoC1
Automatic script written in python for CVE-2009-3999
CVE-2009-399907 May 2026
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to ex
60RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
adilkurtulmus/linux-copy-fail-CVE-2026-31431
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
previouspage 66 / 2,373next

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.