Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
8,069 exploits
VulnCheck XDB
initial-access
CVE-2025-1094HIGH10 May 2026
PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
78RISK
open
VulnCheck XDB
local
CVE-2026-43284HIGH10 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
VulnCheck XDB
initial-access
CVE-2026-3844CRITICAL10 May 2026
Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
75RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack10 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack09 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack09 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2020-1938CRITICALunder attack09 May 2026
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISK
open
VulnCheck XDB
initial-access
CVE-2024-4040CRITICALunder attack08 May 2026
Unauthenticated arbitrary file read and remote code execution in CrushFTP
100RISK
open
VulnCheck XDB
initial-access
CVE-2020-1938CRITICALunder attack08 May 2026
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISK
open
VulnCheck XDB
client-side
CVE-2025-2783HIGHunder attack08 May 2026
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allow
71RISK
open
VulnCheck XDB
local
CVE-2026-43284HIGH08 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
VulnCheck XDB
initial-access
CVE-2026-5718HIGH08 May 2026
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RISK
open
VulnCheck XDB
client-side
CVE-2022-30190HIGHunder attackransomware08 May 2026
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack08 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack08 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2019-10149CRITICALunder attack07 May 2026
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message(
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-41940CRITICALunder attackransomware07 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-6440CRITICAL07 May 2026
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-3844CRITICAL07 May 2026
Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
75RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-59528CRITICAL07 May 2026
Flowise has Remote Code Execution vulnerability
85RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack07 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-43284HIGH07 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
VulnCheck XDB
info-leak
CVE-2026-7482HIGH07 May 2026
Ollama heap out-of-bounds read in GGUF tensor parsing leaks server process memory to unauthenticated remote attackers
41RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack06 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.