Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
8,069 exploits
VulnCheck XDB
initial-access
CVE-2026-41940CRITICALunder attackransomware06 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
VulnCheck XDB
initial-access
CVE-2024-22120CRITICAL06 May 2026
Time Based SQL Injection in Zabbix Server Audit Log
70RISK
open
VulnCheck XDB
local
CVE-2011-124906 May 2026
The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis
23RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack06 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack06 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack06 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack06 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
info-leak
CVE-2026-27944CRITICAL06 May 2026
Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure
68RISK
open
VulnCheck XDB
info-leak
CVE-2024-4040CRITICALunder attack06 May 2026
Unauthenticated arbitrary file read and remote code execution in CrushFTP
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-4632CRITICALunder attack06 May 2026
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 2
98RISK
open
VulnCheck XDB
local
CVE-2026-43284HIGH05 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
VulnCheck XDB
initial-access
CVE-2022-22963CRITICALunder attack05 May 2026
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is po
100RISK
open
VulnCheck XDB
info-leak
CVE-2026-7482HIGH05 May 2026
Ollama heap out-of-bounds read in GGUF tensor parsing leaks server process memory to unauthenticated remote attackers
41RISK
open
VulnCheck XDB
local
CVE-2025-21333HIGHunder attack05 May 2026
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
71RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack05 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack05 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack05 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack05 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack05 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-31431HIGHunder attack05 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack05 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-41940CRITICALunder attackransomware05 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-41940CRITICALunder attackransomware05 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-42167HIGH04 May 2026
mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where th
56RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack04 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-41940CRITICALunder attackransomware04 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-41940CRITICALunder attackransomware04 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-39987CRITICALunder attack04 May 2026
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-41940CRITICALunder attackransomware04 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-41940CRITICALunder attackransomware04 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.