Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
8,069 exploits
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware31 Jan 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack30 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
local
CVE-2026-21858CRITICAL30 Jan 2026
n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling
85RISK
open
VulnCheck XDB
initial-access
CVE-2019-11707HIGHunder attack29 Jan 2026
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow
83RISK
open
VulnCheck XDB
client-side
CVE-2025-40554CRITICAL29 Jan 2026
SolarWinds Web Help Desk Authentication Bypass Vulnerability
75RISK
open
VulnCheck XDB
info-leak
CVE-2025-5419HIGHunder attack29 Jan 2026
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially expl
71RISK
open
VulnCheck XDB
info-leak
CVE-2017-7921CRITICALunder attack28 Jan 2026
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 16
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack28 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack28 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-0920CRITICAL28 Jan 2026
LA-Studio Element Kit for Elementor <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter
48RISK
open
VulnCheck XDB
initial-access
CVE-2021-2449928 Jan 2026
Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution
50RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack27 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
client-side
CVE-2026-21509HIGHunder attack27 Jan 2026
Microsoft Office Security Feature Bypass Vulnerability
93RISK
open
VulnCheck XDB
initial-access
CVE-2025-54309CRITICALunder attack27 Jan 2026
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware27 Jan 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack27 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack27 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack27 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
info-leak
CVE-2026-25253HIGH27 Jan 2026
OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically mak
41RISK
open
VulnCheck XDB
initial-access
CVE-2024-50498CRITICAL27 Jan 2026
WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability
75RISK
open
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALunder attack26 Jan 2026
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISK
open
VulnCheck XDB
local
CVE-2023-3881726 Jan 2026
An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to th
23RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2026-24061CRITICALunder attack26 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2026-24061CRITICALunder attack26 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2009-310326 Jan 2026
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Window
60RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2026-24061CRITICALunder attack25 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2021-33044CRITICALunder attack25 Jan 2026
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can by
100RISK
open
VulnCheck XDB
local
CVE-2015-2291HIGHunder attackransomware25 Jan 2026
(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows all
71RISK
open
VulnCheck XDB
initial-access
CVE-2025-60021CRITICAL25 Jan 2026
Apache bRPC: Remote command injection vulnerability in heap builtin service
53RISK
open
VulnCheck XDB
initial-access
CVE-2019-9978MEDIUMunder attack25 Jan 2026
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.