Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
71,180 exploits
GitHub PoC
Advisory: CVE-2026-38361 multiple DoS vulnerabilities (CWE-400/CWE-670) in dash-uploader (Python/PyPI)
Multiple unauthenticated denial-of-service (DoS) issues in fohrloop dash-uploader v0.1.0 through v0.7.0a2. The chunked-u
36RISK
open ↗Metasploit600
Dalfox Found-Action Deserialization RCE
Dalfox: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode
43RISK
open ↗GitHub PoC★ 2
Math.js Expression Parser RCE
Math.js: Unsafe object property setter in mathjs
41RISK
open ↗Exploit-DB
NocoBase 2.0.27 - VM Sandbox Escape
NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node
75RISK
open ↗VulnCheck XDB
info-leak
Unauthenticated arbitrary file read and remote code execution in CrushFTP
100RISK
open ↗VulnCheck XDB
info-leak
Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure
68RISK
open ↗GitHub PoC★ 12
mitigation of cve-2026-31431 using ftrace
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC
roodhelios/CVE-2022-26134-OGNL-Injection
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an un
100RISK
open ↗GitHub PoC
C implementation for researching Copy Fail (CVE-2026-31431)
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC★ 1
Test authentication bypass vulnerabilities in cPanel and WHM using this proof of concept exploit tool written in Go.
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open ↗GitHub PoC★ 12
CVE-2026-41940 Auto Root Login
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open ↗GitHub PoC★ 1
mawussid/CVE-2026-41651-Python
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root
41RISK
open ↗VulnCheck XDB
local
The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis
23RISK
open ↗VulnCheck XDB
initial-access
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 2
98RISK
open ↗GitHub PoC★ 1
PoC for CVE-2026-41940: WHM/cPanel authentication bypass chain (Python 2.7). For authorized security research and testing only.
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open ↗GitHub PoC★ 1
This repository contains a Python replication script for CVE-2025-4632, an Unauthenticated Remote Code Execution (RCE) vulnerability in Samsung MagicINFO 9 Server (versions prior to 21.1052).
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 2
98RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.