Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,292cataloged exploits
31,741CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,888GitHub PoC 13,182VulnCheck XDB 8,100Nuclei 4,191Metasploit 3,462✓ verified onlyrecentpopularrisk
71,284 exploits
Exploit-DB
NocoBase 2.0.27 - VM Sandbox Escape
NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node
75RISK
open ↗Exploit-DB
Bludit CMS 3.18.4 - RCE
Remote Code Execution via Unrestricted File Upload in Bludit
41RISK
open ↗GitHub PoC
CVE-2026-44590 - Sherlock <= v0.16.0 - RCE via pull_request_target Injection → Supply Chain Compromise
Sherlock: Command Injection via pull_request_target in validate_modified_targets.yml
28RISK
open ↗GitHub PoC
Discovery and original disclosure of CVE-2026-31431: Theori / Xint. Public writeup: https://copy.fail/.
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗VulnCheck XDB
initial-access
Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
75RISK
open ↗VulnCheck XDB
info-leak
Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure
68RISK
open ↗GitHub PoC★ 1
mawussid/CVE-2026-41651-Python
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root
41RISK
open ↗VulnCheck XDB
initial-access
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 2
98RISK
open ↗GitHub PoC
MartinaStarone/CVE-2026-2441
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside
76RISK
open ↗GitHub PoC
Analysis of network scan results, service vulnerabilities, OS fingerprinting, and critical Nessus findings including Ghostcat (CVE-2020-1938).
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISK
open ↗GitHub PoC
This repository contains an academic and technical analysis of CVE-2023-34362, a critical SQL injection vulnerability affecting the MOVEit Transfer application, a widely used enterprise Managed File Transfer (MFT) platform. The project was developed as part of the CYB625 – Ethical Hacking & Penetration Testing course at Pace University.
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.
100RISK
open ↗GitHub PoC★ 12
mitigation of cve-2026-31431 using ftrace
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗VulnCheck XDB
local
The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis
23RISK
open ↗GitHub PoC★ 1
Test authentication bypass vulnerabilities in cPanel and WHM using this proof of concept exploit tool written in Go.
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open ↗GitHub PoC
C implementation for researching Copy Fail (CVE-2026-31431)
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗VulnCheck XDB
info-leak
Unauthenticated arbitrary file read and remote code execution in CrushFTP
100RISK
open ↗GitHub PoC★ 12
CVE-2026-41940 Auto Root Login
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open ↗GitHub PoC★ 1
PoC for CVE-2026-41940: WHM/cPanel authentication bypass chain (Python 2.7). For authorized security research and testing only.
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open ↗GitHub PoC
Proof-of-concept for CVE-2024-4040 (CrushFTP SSTI -> unauthenticated LFI) in a controlled CS443 lab environment - for educational/authorised use only.
Unauthenticated arbitrary file read and remote code execution in CrushFTP
100RISK
open ↗GitHub PoC★ 3
Exploit CVE-2026-31431 on Linux using a Rust implementation to achieve local privilege escalation via an arbitrary page cache write primitive.
crypto: algif_aead - Revert to operating out-of-place
100RISK
open ↗GitHub PoC★ 1
Zimbra Path Traversal (CVE-2025-68645) - Unauthenticated file read vulnerability in Zimbra Collaboration Suite
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1
98RISK
open ↗GitHub PoC★ 1
Proof-of-concept exploit for CVE-2024-22120 that leverages time-based SQL injection and gopher-based SSRF to achieve remote code execution on vulnerable Zabbix servers for educational security research.
Time Based SQL Injection in Zabbix Server Audit Log
70RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.