Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,622cataloged exploits
32,030CVEs with public exploitation
1,932lab-tested
71,622 exploits
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack06 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2024-22120CRITICAL06 May 2026
Time Based SQL Injection in Zabbix Server Audit Log
70RISK
open
GitHub PoC12
CVE-2026-41940 Auto Root Login
CVE-2026-41940CRITICALunder attackransomware06 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
GitHub PoC
ycseo-git/CVE-2020-11800
CVE-2020-11800CRITICAL06 May 2026
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
48RISK
open
GitHub PoC
C implementation for researching Copy Fail (CVE-2026-31431)
CVE-2026-31431HIGHunder attack06 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC1
mawussid/CVE-2026-41651-Python
CVE-2026-41651HIGH06 May 2026
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root
41RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack06 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC1
Test authentication bypass vulnerabilities in cPanel and WHM using this proof of concept exploit tool written in Go.
CVE-2026-41940CRITICALunder attackransomware06 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
GitHub PoC12
mitigation of cve-2026-31431 using ftrace
CVE-2026-31431HIGHunder attack06 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-41940CRITICALunder attackransomware06 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
VulnCheck XDB
local
CVE-2011-124906 May 2026
The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis
23RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack06 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
info-leak
CVE-2026-27944CRITICAL06 May 2026
Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure
68RISK
open
VulnCheck XDB
initial-access
CVE-2025-4632CRITICALunder attack06 May 2026
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 2
98RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack06 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC3
Exploit CVE-2026-31431 on Linux using a Rust implementation to achieve local privilege escalation via an arbitrary page cache write primitive.
CVE-2026-31431HIGHunder attack06 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
Proof-of-concept for CVE-2024-4040 (CrushFTP SSTI -> unauthenticated LFI) in a controlled CS443 lab environment - for educational/authorised use only.
CVE-2024-4040CRITICALunder attack06 May 2026
Unauthenticated arbitrary file read and remote code execution in CrushFTP
100RISK
open
GitHub PoC
6abc/Copy-Fail-CVE-2026-31431-dirty-frag-CVE-2026-43284
CVE-2026-31431HIGHunder attack05 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
ZildanZ/CVE-2026-41940
CVE-2026-41940CRITICALunder attackransomware05 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
GitHub PoC1
Утилита для Linux, которая проверяет доступность `AF_ALG`/`algif_aead` и помогает оценить риск по `CVE-2026-31431`.
CVE-2026-31431HIGHunder attack05 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack05 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-31431HIGHunder attack05 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack05 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack05 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack05 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack05 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack05 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
GitHub PoC
Analysis of CVE-2026-24072
CVE-2026-24072HIGH05 May 2026
Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
21RISK
open
GitHub PoC
Passive HTTP metadata auditor for CVE-2026-23918 exposure triage
CVE-2026-23918HIGH05 May 2026
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISK
open
GitHub PoC
One IPv6 ND option with length zero. One missing check. Daemon walks backward and lives in the loop. Reported to OpenBSD, fixed, CVE assigned.
CVE-2026-41285MEDIUM05 May 2026
In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Dis
13RISK
open
previouspage 70 / 2,388next

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.