Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,053cataloged exploits
31,617CVEs with public exploitation
0lab-tested
8,060 exploits
VulnCheck XDB
local
CVE-2023-4911HIGHunder attack29 Jun 2026
Glibc: buffer overflow in ld.so leading to privilege escalation
100RISK
open
VulnCheck XDB
local
CVE-2023-0386HIGHunder attack28 Jun 2026
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities wa
86RISK
open
VulnCheck XDB
initial-access
CVE-2020-7247CRITICALunder attack28 Jun 2026
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-48908CRITICAL28 Jun 2026
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware28 Jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL28 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack27 Jun 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALunder attack27 Jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALunder attack27 Jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack27 Jun 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-24061CRITICALunder attack27 Jun 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
local
CVE-2016-5195HIGHunder attack27 Jun 2026
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RISK
open
VulnCheck XDB
info-leak
CVE-2026-26980CRITICAL26 Jun 2026
Ghost has a SQL Injection in its Content API
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-26980CRITICAL26 Jun 2026
Ghost has a SQL Injection in its Content API
75RISK
open
VulnCheck XDB
client-side
CVE-2025-8088HIGHunder attack26 Jun 2026
Path traversal vulnerability in WinRAR
93RISK
open
VulnCheck XDB
initial-access
CVE-2026-20253CRITICALunder attack26 Jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RISK
open
VulnCheck XDB
local
CVE-2016-5195HIGHunder attack25 Jun 2026
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-8110HIGHunder attack25 Jun 2026
File overwrite in file update API in Gogs
100RISK
open
VulnCheck XDB
initial-access
CVE-2023-20198CRITICALunder attack25 Jun 2026
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-8181CRITICAL25 Jun 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open
VulnCheck XDB
initial-access
CVE-2021-29441HIGH25 Jun 2026
Authentication bypass
78RISK
open
VulnCheck XDB
local
CVE-2025-61155MEDIUM25 Jun 2026
The GameDriverX64.sys kernel-mode anti-cheat driver (v7.23.4.7 and earlier) contains an access control vulnerability in
33RISK
open
VulnCheck XDB
initial-access
CVE-2026-20230HIGH25 Jun 2026
Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability
53RISK
open
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALunder attack24 Jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-32432CRITICALunder attack24 Jun 2026
Craft CMS Allows Remote Code Execution
100RISK
open
VulnCheck XDB
initial-access
CVE-2021-42013CRITICALunder attackransomware24 Jun 2026
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-58034MEDIUMunder attack24 Jun 2026
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vul
90RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware24 Jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2021-22205CRITICALunder attackransomware24 Jun 2026
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validati
100RISK
open
VulnCheck XDB
initial-access
CVE-2019-023223 Jun 2026
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0
60RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.