Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,105cataloged exploits
31,648CVEs with public exploitation
0lab-tested
8,069 exploits
VulnCheck XDB
initial-access
CVE-2025-20282CRITICAL26 Mar 2026
Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
48RISK
open
VulnCheck XDB
initial-access
CVE-2026-3584CRITICAL25 Mar 2026
Kali Forms <= 2.4.9 - Unauthenticated Remote Code Execution via form_process
63RISK
open
VulnCheck XDB
local
CVE-2024-51324LOW25 Mar 2026
An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via ex
28RISK
open
VulnCheck XDB
initial-access
CVE-2025-49596CRITICAL25 Mar 2026
MCP Inspector proxy server lacks authentication between the Inspector client and proxy
75RISK
open
VulnCheck XDB
local
CVE-2025-8088HIGHunder attack25 Mar 2026
Path traversal vulnerability in WinRAR
93RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware25 Mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
local
CVE-2025-32463CRITICALunder attack25 Mar 2026
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL25 Mar 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL25 Mar 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL24 Mar 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
initial-access
CVE-2023-4220HIGH24 Mar 2026
Chamilo LMS Unauthenticated Big Upload File Remote Code Execution
78RISK
open
VulnCheck XDB
local
CVE-2023-32784HIGH24 Mar 2026
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a work
41RISK
open
VulnCheck XDB
info-leak
CVE-2021-33044CRITICALunder attack24 Mar 2026
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can by
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware24 Mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL23 Mar 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
info-leak
CVE-2018-742223 Mar 2026
A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to re
50RISK
open
VulnCheck XDB
info-leak
CVE-2024-2473MEDIUM23 Mar 2026
WPS Hide Login <= 1.9.15.2 - Login Page Disclosure
48RISK
open
VulnCheck XDB
initial-access
CVE-2025-64446CRITICALunder attack22 Mar 2026
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL22 Mar 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
initial-access
CVE-2021-41773HIGHunder attackransomware22 Mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL22 Mar 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
info-leak
CVE-2021-43798HIGHunder attack22 Mar 2026
Grafana path traversal
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-1731CRITICALunder attackransomware22 Mar 2026
Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
100RISK
open
VulnCheck XDB
initial-access
CVE-2024-36991HIGH21 Mar 2026
Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows
61RISK
open
VulnCheck XDB
initial-access
CVE-2026-33017CRITICALunder attack21 Mar 2026
Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-33017CRITICALunder attack21 Mar 2026
Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL21 Mar 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-33017CRITICALunder attack21 Mar 2026
Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-1492CRITICAL20 Mar 2026
User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration
68RISK
open
VulnCheck XDB
initial-access
CVE-2019-023219 Mar 2026
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0
60RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.