Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
71,180 exploits
GitHub PoC
Advisory: CVE-2026-38361 multiple DoS vulnerabilities (CWE-400/CWE-670) in dash-uploader (Python/PyPI)
CVE-2026-38361HIGH07 May 2026
Multiple unauthenticated denial-of-service (DoS) issues in fohrloop dash-uploader v0.1.0 through v0.7.0a2. The chunked-u
36RISK
open
Metasploit600
Dalfox Found-Action Deserialization RCE
CVE-2026-45087CRITICAL07 May 2026
Dalfox: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode
43RISK
open
GitHub PoC2
Math.js Expression Parser RCE
CVE-2026-40897HIGH07 May 2026
Math.js: Unsafe object property setter in mathjs
41RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
Exploit-DB
NocoBase 2.0.27 - VM Sandbox Escape
CVE-2026-34156CRITICAL07 May 2026
NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node
75RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack06 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack06 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
info-leak
CVE-2024-4040CRITICALunder attack06 May 2026
Unauthenticated arbitrary file read and remote code execution in CrushFTP
100RISK
open
VulnCheck XDB
info-leak
CVE-2026-27944CRITICAL06 May 2026
Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure
68RISK
open
GitHub PoC12
mitigation of cve-2026-31431 using ftrace
CVE-2026-31431HIGHunder attack06 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
roodhelios/CVE-2022-26134-OGNL-Injection
CVE-2022-26134CRITICALunder attackransomware06 May 2026
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an un
100RISK
open
GitHub PoC
C implementation for researching Copy Fail (CVE-2026-31431)
CVE-2026-31431HIGHunder attack06 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack06 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack06 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC1
Test authentication bypass vulnerabilities in cPanel and WHM using this proof of concept exploit tool written in Go.
CVE-2026-41940CRITICALunder attackransomware06 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
GitHub PoC12
CVE-2026-41940 Auto Root Login
CVE-2026-41940CRITICALunder attackransomware06 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-41940CRITICALunder attackransomware06 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
GitHub PoC1
mawussid/CVE-2026-41651-Python
CVE-2026-41651HIGH06 May 2026
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root
41RISK
open
VulnCheck XDB
initial-access
CVE-2024-22120CRITICAL06 May 2026
Time Based SQL Injection in Zabbix Server Audit Log
70RISK
open
VulnCheck XDB
local
CVE-2011-124906 May 2026
The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis
23RISK
open
VulnCheck XDB
initial-access
CVE-2025-4632CRITICALunder attack06 May 2026
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 2
98RISK
open
GitHub PoC1
PoC for CVE-2026-41940: WHM/cPanel authentication bypass chain (Python 2.7). For authorized security research and testing only.
CVE-2026-41940CRITICALunder attackransomware06 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack06 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC1
This repository contains a Python replication script for CVE-2025-4632, an Unauthenticated Remote Code Execution (RCE) vulnerability in Samsung MagicINFO 9 Server (versions prior to 21.1052).
CVE-2025-4632CRITICALunder attack06 May 2026
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 2
98RISK
open
previouspage 67 / 2,373next

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.