Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
8,069 exploits
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware11 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware11 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware11 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-8110HIGHunder attack11 Dec 2025
File overwrite in file update API in Gogs
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-55182CRITICALunder attackransomware11 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2013-015611 Dec 2025
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, an
60RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware11 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-34299CRITICAL11 Dec 2025
Monsta FTP <= 2.11 Unauthenticated Arbitrary File Upload
85RISK
open
VulnCheck XDB
initial-access
CVE-2022-22965CRITICALunder attack11 Dec 2025
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RISK
open
VulnCheck XDB
initial-access
CVE-2020-1938CRITICALunder attack11 Dec 2025
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware11 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware11 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware11 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2024-7954CRITICAL11 Dec 2025
SPIP porte_plume Plugin Arbitrary PHP Execution
85RISK
open
VulnCheck XDB
client-side
CVE-2025-24071MEDIUM10 Dec 2025
Microsoft Windows File Explorer Spoofing Vulnerability
38RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-33073HIGHunder attack10 Dec 2025
Windows SMB Client Elevation of Privilege Vulnerability
83RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware10 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-53772HIGH10 Dec 2025
Web Deploy Remote Code Execution Vulnerability
46RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware10 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware10 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware10 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware10 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware10 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware10 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware10 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware10 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware10 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware10 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware10 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware10 Dec 2025
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.