Making exploits for new CVEs

I was wondering Why there’s no public exploits for every new CVE ? Is it that hard to make an exploit or it’s illegal ?