Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,166cataloged exploits
31,689CVEs with public exploitation
0lab-tested
8,069 exploits
VulnCheck XDB
local
CVE-2025-32463CRITICALunder attack16 Nov 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open
VulnCheck XDB
local
CVE-2025-21479HIGHunder attack16 Nov 2025
Incorrect Authorization in Graphics
71RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-33073HIGHunder attack15 Nov 2025
Windows SMB Client Elevation of Privilege Vulnerability
83RISK
open
VulnCheck XDB
initial-access
CVE-2025-64446CRITICALunder attack15 Nov 2025
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-64446CRITICALunder attack15 Nov 2025
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open
VulnCheck XDB
client-side
CVE-2025-33073HIGHunder attack14 Nov 2025
Windows SMB Client Elevation of Privilege Vulnerability
83RISK
open
VulnCheck XDB
initial-access
CVE-2025-11700HIGH14 Nov 2025
N-central Multiple XXE Injection Vulnerabilities
68RISK
open
VulnCheck XDB
infoleak
CVE-2025-64446CRITICALunder attack14 Nov 2025
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-64446CRITICALunder attack14 Nov 2025
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open
VulnCheck XDB
initial-access
CVE-2022-22965CRITICALunder attack14 Nov 2025
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-9316MEDIUM14 Nov 2025
N-central unauthenticated sessionID generation
60RISK
open
VulnCheck XDB
local
CVE-2025-62215HIGHunder attack14 Nov 2025
Windows Kernel Elevation of Privilege Vulnerability
71RISK
open
VulnCheck XDB
client-side
CVE-2025-8088HIGHunder attack13 Nov 2025
Path traversal vulnerability in WinRAR
93RISK
open
VulnCheck XDB
local
CVE-2025-7771HIGH13 Nov 2025
Code Execution / Escalation of Privileges in ThrottleStop
41RISK
open
VulnCheck XDB
initial-access
CVE-2025-64446CRITICALunder attack13 Nov 2025
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open
VulnCheck XDB
local
CVE-2025-60710HIGHunder attack12 Nov 2025
Host Process for Windows Tasks Elevation of Privilege Vulnerability
71RISK
open
VulnCheck XDB
client-side
CVE-2020-9802HIGH12 Nov 2025
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, wa
41RISK
open
VulnCheck XDB
local
CVE-2025-60710HIGHunder attack11 Nov 2025
Host Process for Windows Tasks Elevation of Privilege Vulnerability
71RISK
open
VulnCheck XDB
initial-access
CVE-2025-25257CRITICALunder attack11 Nov 2025
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2024-31982CRITICAL11 Nov 2025
XWiki Platform: Remote code execution as guest via DatabaseSearch
75RISK
open
VulnCheck XDB
initial-access
CVE-2025-48703CRITICALunder attack11 Nov 2025
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell
100RISK
open
VulnCheck XDB
initial-access
CVE-2024-51378CRITICALunder attackransomware11 Nov 2025
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers t
100RISK
open
VulnCheck XDB
infoleak
CVE-2023-3581311 Nov 2025
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experi
60RISK
open
VulnCheck XDB
initial-access
CVE-2025-34299CRITICAL10 Nov 2025
Monsta FTP <= 2.11 Unauthenticated Arbitrary File Upload
85RISK
open
VulnCheck XDB
initial-access
CVE-2025-11953CRITICALunder attack10 Nov 2025
Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests
90RISK
open
VulnCheck XDB
infoleak
CVE-2021-40438CRITICALunder attack09 Nov 2025
mod_proxy SSRF
100RISK
open
VulnCheck XDB
client-side
CVE-2025-48384HIGHunder attack08 Nov 2025
Git allows arbitrary code execution through broken config quoting
71RISK
open
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALunder attack08 Nov 2025
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISK
open
VulnCheck XDB
client-side
CVE-2025-21042HIGHunder attack08 Nov 2025
Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitra
76RISK
open
VulnCheck XDB
infoleak
CVE-2025-11749CRITICAL08 Nov 2025
AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation
85RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.