Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
8,069 exploits
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware24 Jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-32432CRITICALunder attack24 Jun 2026
Craft CMS Allows Remote Code Execution
100RISK
open
VulnCheck XDB
initial-access
CVE-2021-42013CRITICALunder attackransomware24 Jun 2026
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
100RISK
open
VulnCheck XDB
initial-access
CVE-2021-22205CRITICALunder attackransomware24 Jun 2026
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validati
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-58034MEDIUMunder attack24 Jun 2026
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vul
90RISK
open
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALunder attack24 Jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISK
open
VulnCheck XDB
local
CVE-2019-2215HIGHunder attack23 Jun 2026
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interacti
100RISK
open
VulnCheck XDB
client-side
CVE-2024-21413CRITICALunder attack23 Jun 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
initial-access
CVE-2019-023223 Jun 2026
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0
60RISK
open
VulnCheck XDB
initial-access
CVE-2020-11651CRITICALunder attack23 Jun 2026
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISK
open
VulnCheck XDB
initial-access
CVE-2021-41773HIGHunder attackransomware23 Jun 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
VulnCheck XDB
initial-access
CVE-2022-23131CRITICALunder attack22 Jun 2026
Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware22 Jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL22 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-48908CRITICAL22 Jun 2026
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISK
open
VulnCheck XDB
denial-of-service
CVE-2026-42945CRITICAL22 Jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALunder attack22 Jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALunder attack22 Jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open
VulnCheck XDB
local
CVE-2021-4034HIGHunder attack22 Jun 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open
VulnCheck XDB
info-leak
CVE-2023-23752MEDIUMunder attack21 Jun 2026
[20230201] - Core - Improper access check in webservice endpoints
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALunder attack21 Jun 2026
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-29927CRITICAL21 Jun 2026
Authorization Bypass in Next.js Middleware
85RISK
open
VulnCheck XDB
local
CVE-2025-32463CRITICALunder attack21 Jun 2026
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open
VulnCheck XDB
info-leak
CVE-2025-24071MEDIUM21 Jun 2026
Microsoft Windows File Explorer Spoofing Vulnerability
38RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware21 Jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-21858CRITICAL21 Jun 2026
n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling
85RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-68613CRITICALunder attack21 Jun 2026
n8n Vulnerable to Remote Code Execution via Expression Injection
100RISK
open
VulnCheck XDB
info-leak
CVE-2026-32202MEDIUMunder attack21 Jun 2026
Windows Shell Spoofing Vulnerability
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-49777CRITICAL21 Jun 2026
WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability
63RISK
open
VulnCheck XDB
info-leak
CVE-2026-7515CRITICAL19 Jun 2026
BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style
48RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.