Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
8,069 exploits
VulnCheck XDB
infoleak
CVE-2021-43798HIGHunder attack22 Dec 2025
Grafana path traversal
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware22 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
infoleak
CVE-2022-1026HIGH22 Dec 2025
Kyocera Net View Address Book Exposure
61RISK
open
VulnCheck XDB
infoleak
CVE-2021-33045CRITICALunder attack22 Dec 2025
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can by
100RISK
open
VulnCheck XDB
initial-access
CVE-2022-22965CRITICALunder attack22 Dec 2025
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-68613CRITICALunder attack22 Dec 2025
n8n Vulnerable to Remote Code Execution via Expression Injection
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-55182CRITICALunder attackransomware21 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
client-side
CVE-2025-24071MEDIUM21 Dec 2025
Microsoft Windows File Explorer Spoofing Vulnerability
38RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware21 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
local
CVE-2025-38352HIGHunder attack21 Dec 2025
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
71RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware20 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware20 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALunder attack20 Dec 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware20 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2024-0519HIGHunder attack20 Dec 2025
Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially expl
71RISK
open
VulnCheck XDB
initial-access
CVE-2025-37164CRITICALunder attack19 Dec 2025
A remote code execution issue exists in HPE OneView.
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-13486CRITICAL19 Dec 2025
Advanced Custom Fields: Extended 0.9.0.5 - 0.9.1.1 - Unauthenticated Remote Code Execution in prepare_form
85RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware19 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware19 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALunder attack19 Dec 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISK
open
VulnCheck XDB
initial-access
CVE-2023-27350CRITICALunder attackransomware19 Dec 2025
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware18 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
local
CVE-2021-3560HIGHunder attack17 Dec 2025
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privile
91RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware17 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2024-27198CRITICALunder attackransomware17 Dec 2025
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware16 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware16 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware16 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware16 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware16 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.