Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
8,069 exploits
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL16 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack16 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL16 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-59528CRITICAL16 May 2026
Flowise has Remote Code Execution vulnerability
85RISK
open
VulnCheck XDB
initial-access
CVE-2026-8181CRITICAL16 May 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open
VulnCheck XDB
initial-access
CVE-2026-8181CRITICAL16 May 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open
VulnCheck XDB
local
CVE-2026-43284HIGH16 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack16 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-39987CRITICALunder attack16 May 2026
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL15 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
initial-access
CVE-2026-8181CRITICAL15 May 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open
VulnCheck XDB
local
CVE-2026-43284HIGH15 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
VulnCheck XDB
initial-access
CVE-2025-32432CRITICALunder attack15 May 2026
Craft CMS Allows Remote Code Execution
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack15 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2012-3152CRITICALunder attack15 May 2026
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
100RISK
open
VulnCheck XDB
initial-access
CVE-2012-315315 May 2026
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
60RISK
open
VulnCheck XDB
local
CVE-2026-42897HIGHunder attack15 May 2026
Microsoft Exchange Server Spoofing Vulnerability
71RISK
open
VulnCheck XDB
initial-access
CVE-2026-0770CRITICAL15 May 2026
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
68RISK
open
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack14 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
initial-access
CVE-2026-8181CRITICAL14 May 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
denial-of-service
CVE-2011-319214 May 2026
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attac
60RISK
open
VulnCheck XDB
initial-access
CVE-2021-22204MEDIUMunder attack14 May 2026
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code exec
100RISK
open
VulnCheck XDB
denial-of-service
CVE-2026-42945CRITICAL14 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
local
CVE-2026-43284HIGH13 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
VulnCheck XDB
local
CVE-2024-44258HIGH13 May 2026
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18
41RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.