Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
71,062 exploits
VulnCheck XDB
initial-access
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open ↗Exploit-DB
Flowise 3.1.3 - arbitrary code execution
Flowise - Custom MCP Environment Variable Denylist Bypass via Case Sensitivity
28RISK
open ↗GitHub PoC
🐳 docker-compose 를 활용한 취약한 환경 구성 및 검증 (vulhub 한글판)
Nginx Proxy Manager Authenticated RCE via setupCertbotPlugins()
21RISK
open ↗GitHub PoC★ 3
CVE-2026-53359
KVM: x86: Fix shadow paging use-after-free due to unexpected role
23RISK
open ↗VulnCheck XDB
initial-access
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RISK
open ↗GitHub PoC
CVE-2026-53359 - Draft
KVM: x86: Fix shadow paging use-after-free due to unexpected role
23RISK
open ↗GitHub PoC★ 1
CVE-2026-14762 exploit for Hotel & Tourism Reservation 1.0. Time-based blind SQL injection via /admin/rooms.php?delete. Dumps DB, tables, columns, reads files, writes webshells. Multi-threaded, proxy support, interactive shell. CVSS 7.3. Authorized testing only. By| @tc4dy
code-projects Hotel and Tourism Reservation Room Management rooms.php sql injection
33RISK
open ↗GitHub PoC★ 1
Stored Cross-Site Scripting (XSS) in osTicket via Vulnerable Bootstrap Tooltip Component
osTicket versions from 1.10 up to 1.17.7 and from 1.18.0 up to 1.18.3 are vulnerable to a stored XSS due to a vulnerable
33RISK
open ↗GitHub PoC
CVE-2026-11405 - Draft
Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows admin access to web management interface
48RISK
open ↗GitHub PoC
Vtiger CRM 8.3.0, 8.4.0 Module Import Authenticated RCE PoC
Vtiger CRM 8.4.0 Authenticated RCE via Module Import File Upload
41RISK
open ↗VulnCheck XDB
initial-access
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RISK
open ↗Exploit-DB
Tenable Nessus 10.12.1 - SQL Injection
SQL Injection in Nessus via Malicious Scan Result File Import
28RISK
open ↗GitHub PoC★ 3
CVE-2026-42271 - LiteLLM AI Gateway MCP Command Injection RCE - PoC & Analysis | CVSS 8.8 | AMN SECURITY
LiteLLM: Authenticated command execution via MCP stdio test endpoints
100RISK
open ↗GitHub PoC★ 1
CVE-2026-39492 — WP Maps (wp-google-map-plugin) <= 4.9.1 Unauthenticated Blind SQL Injection Mass Scanner | sqlmap-style detection | backtick bypass esc_sql() | 100K+ installs
WordPress WP Maps plugin <= 4.9.1 - SQL Injection vulnerability
48RISK
open ↗GitHub PoC
PoC for CVE-2026-54350 — Budibase unauthenticated NoSQL operator injection (CVSS 10.0). Read/mass-write any document collection via a PUBLIC query.
Budibase: Anonymous NoSQL operator injection via published-app query templates
48RISK
open ↗GitHub PoC★ 1
CVE-2026-45659 - Microsoft SharePoint Deserialization RCE - PoC & Analysis | CVSS 8.8 | AMN SECURITY
Microsoft SharePoint Remote Code Execution Vulnerability
71RISK
open ↗Exploit-DB
Discuz! X5.0 - Authentication Bypass
Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle
48RISK
open ↗GitHub PoC★ 2
IOCs and a read-only triage checklist from a real Linux root compromise: RedTail miner, XorDDoS persistence, MoneroOcean miner, DirtyFrag LPE (CVE-2026-43284/43500). CC0.
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open ↗GitHub PoC★ 1
A17-ba/CVE-2026-51119
An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser co
48RISK
open ↗Exploit-DB
Hydra - Stack Buffer Overflow
Hydra - Stack Buffer Overflow in NTLM Authentication Handler
41RISK
open ↗GitHub PoC
Vtiger CRM 8.3.0 Authenticated RCE via .phar Upload
Vtiger CRM < 8.4.0 Authenticated File Upload RCE via Documents Module
41RISK
open ↗GitHub PoC
Bypass Authentication
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or
63RISK
open ↗VulnCheck XDB
initial-access
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
68RISK
open ↗GitHub PoC
This is a Proof-of-Concept for the Blink CSS UAF vulnerability tracked as CVE-2026-6300.
Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code insid
41RISK
open ↗VulnCheck XDB
initial-access
Gitea Docker image trusts spoofable reverse-proxy headers by default
48RISK
open ↗VulnCheck XDB
initial-access
LiteLLM: Authenticated command execution via MCP stdio test endpoints
100RISK
open ↗GitHub PoC★ 2
CVE-2026-8451 - Citrix NetScaler SAML Memory Overread (CitrixBleed) - PoC & Analysis | CVSS 8.8 | AMN SECURITY
Insufficient input validation leading to memory overread
41RISK
open ↗GitHub PoC★ 6
CVE-2026-42980 PUBLIC EXPLOIT + RESEARCH
NT OS Kernel Elevation of Privilege Vulnerability
41RISK
open ↗GitHub PoC★ 9
CVE-2026-20896 Gitea Docker X-WEBAUTH-USER auth bypass checker
Gitea Docker image trusts spoofable reverse-proxy headers by default
48RISK
open ↗GitHub PoC★ 2
CVE-2026-48908 — PoC exploit for unauthenticated RCE in SP Page Builder (Joomla) via arbitrary file upload. Multi‑threaded, case‑bypass, shell verification. For authorized security testing only.
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.