Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,159cataloged exploits
31,683CVEs with public exploitation
0lab-tested
8,069 exploits
VulnCheck XDB
local
CVE-2025-11001HIGH24 Nov 2025
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
46RISK
open
VulnCheck XDB
initial-access
CVE-2023-36845CRITICALunder attack24 Nov 2025
Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable
100RISK
open
VulnCheck XDB
infoleak
CVE-2019-845124 Nov 2025
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the con
60RISK
open
VulnCheck XDB
infoleak
CVE-2025-5777CRITICALunder attackransomware23 Nov 2025
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-24054MEDIUMunder attack23 Nov 2025
NTLM Hash Disclosure Spoofing Vulnerability
75RISK
open
VulnCheck XDB
local
CVE-2025-11001HIGH22 Nov 2025
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
46RISK
open
VulnCheck XDB
local
CVE-2025-11001HIGH22 Nov 2025
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
46RISK
open
VulnCheck XDB
initial-access
CVE-2025-64446CRITICALunder attack21 Nov 2025
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-59287CRITICALunder attack21 Nov 2025
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-47916CRITICAL21 Nov 2025
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The
85RISK
open
VulnCheck XDB
initial-access
CVE-2022-22965CRITICALunder attack20 Nov 2025
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-13390CRITICAL20 Nov 2025
WP Directory Kit <= 1.4.4 - Authentication Bypass to Privilege Escalation via Account Takeover
63RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-61757CRITICALunder attack20 Nov 2025
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported vers
100RISK
open
VulnCheck XDB
local
CVE-2025-11001HIGH20 Nov 2025
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
46RISK
open
VulnCheck XDB
initial-access
CVE-2025-3248CRITICALunder attackransomware20 Nov 2025
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RISK
open
VulnCheck XDB
client-side
CVE-2024-21413CRITICALunder attack20 Nov 2025
Microsoft Outlook Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2018-15133HIGHunder attack19 Nov 2025
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unseri
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-58034MEDIUMunder attack19 Nov 2025
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vul
90RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2021-1675HIGHunder attackransomware19 Nov 2025
Windows Print Spooler Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-34299CRITICAL19 Nov 2025
Monsta FTP <= 2.11 Unauthenticated Arbitrary File Upload
85RISK
open
VulnCheck XDB
initial-access
CVE-2025-64446CRITICALunder attack18 Nov 2025
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open
VulnCheck XDB
info-leak
CVE-2025-11833CRITICAL18 Nov 2025
Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure
75RISK
open
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALunder attack18 Nov 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISK
open
VulnCheck XDB
local
CVE-2025-62215HIGHunder attack18 Nov 2025
Windows Kernel Elevation of Privilege Vulnerability
71RISK
open
VulnCheck XDB
initial-access
CVE-2022-21587CRITICALunder attackransomware17 Nov 2025
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload).
100RISK
open
VulnCheck XDB
infoleak
CVE-2014-0160HIGHunder attack17 Nov 2025
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
100RISK
open
VulnCheck XDB
initial-access
CVE-2022-31199CRITICALunder attackransomware17 Nov 2025
Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting bot
90RISK
open
VulnCheck XDB
initial-access
CVE-2025-64446CRITICALunder attack17 Nov 2025
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-64446CRITICALunder attack17 Nov 2025
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open
VulnCheck XDB
local
CVE-2019-13272HIGHunder attack17 Nov 2025
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a proce
98RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.