Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
22,467 exploits
Exploit-DB
Ghost CMS 5.59.1 - Arbitrary File Read
CVE-2023-40028MEDIUM11 Aug 2025
Arbitrary file read via symlinks in Ghost
45RISK
open
Exploit-DB
Ghost CMS 5.42.1 - Path Traversal
CVE-2023-32235HIGH11 Aug 2025
Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2
68RISK
open
Exploit-DB
Tigo Energy Cloud Connect Advanced (CCA) 4.0.1 - Command Injection
CVE-2025-7769HIGH11 Aug 2025
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Tigo Energy Cloud Connect Advanced
46RISK
open
Exploit-DB
Belkin F9K1009 F9K1010 2.00.04/2.00.09 - Hard Coded Credentials
CVE-2025-8730CRITICAL11 Aug 2025
Belkin F9K1009/F9K1010 Web Interface hard-coded credentials
48RISK
open
Exploit-DB
ServiceNow Multiple Versions - Input Validation & Template Injection
CVE-2024-4879CRITICALunder attack11 Aug 2025
Jelly Template Injection Vulnerability in ServiceNow UI Macros
100RISK
open
Exploit-DB
Microsoft Edge Renderer Process (Mojo IPC) 134.0.6998.177 - Sandbox Escape
CVE-2025-2783HIGHunder attack11 Aug 2025
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allow
71RISK
open
Exploit-DB
JetBrains TeamCity 2023.11.4 - Authentication Bypass
CVE-2024-27198CRITICALunder attackransomware11 Aug 2025
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RISK
open
Exploit-DB
Microsoft Edge (Chromium-based) 135.0.7049.114/.115 - Information Disclosure
CVE-2025-49741HIGH03 Aug 2025
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
41RISK
open
Exploit-DB
Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation
CVE-2023-346003 Aug 2025
Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation
60RISK
open
Exploit-DB
Microsoft Virtual Hard Disk (VHDX) 11 - Remote Code Execution (RCE)
CVE-2025-49683HIGH03 Aug 2025
Microsoft Virtual Hard Disk Remote Code Execution Vulnerability
41RISK
open
Exploit-DB
Gandia Integra Total 4.4.2236.1 - SQL Injection
CVE-2025-41373HIGH03 Aug 2025
SQL injection vulnerability in Gandia Integra Total
41RISK
open
Exploit-DB
Swagger UI 1.0.3 - Cross-Site Scripting (XSS)
CVE-2025-8191MEDIUM03 Aug 2025
macrozheng mall Swagger UI index.html cross site scripting
33RISK
open
Exploit-DB
Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS)
CVE-2025-54589MEDIUM03 Aug 2025
copyparty Reflected XSS via Filter Parameter
48RISK
open
Exploit-DB
LPAR2RRD 8.04 - Remote Code Execution (RCE)
CVE-2025-54769HIGH03 Aug 2025
KL-001-2025-016: Xorux LPAR2RRD File Upload Directory Traversal
41RISK
open
Exploit-DB
XWiki 14 - SQL Injection via getdeleteddocuments.vm
CVE-2025-32429CRITICAL28 Jul 2025
XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter
85RISK
open
Exploit-DB
Xlight FTP 1.1 - Denial Of Service (DOS)
CVE-2024-0737MEDIUM28 Jul 2025
Xlightftpd Xlight FTP Server Login denial of service
33RISK
open
Exploit-DB
Adobe ColdFusion 2023.6 - Remote File Read
CVE-2024-20767HIGHunder attack28 Jul 2025
ColdFusion | Improper Access Control (CWE-284)
100RISK
open
Exploit-DB
Pie Register WordPress Plugin 3.7.1.4 - Authentication Bypass to RCE
CVE-2025-34077CRITICAL22 Jul 2025
WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE
63RISK
open
Exploit-DB
LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Department Assignment Alias Nick Field
CVE-2025-51403MEDIUM22 Jul 2025
A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.
33RISK
open
Exploit-DB
Microsoft Edge Windows 10 Version 1511 - Cross Site Scripting (XSS)
CVE-2015-617622 Jul 2025
Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site script
28RISK
open
Exploit-DB
Simple File List WordPress Plugin 4.2.2 - File Upload to RCE
CVE-2020-36847CRITICAL22 Jul 2025
Simple File List < 4.2.3 - Remote Code Execution
68RISK
open
Exploit-DB
Tenda FH451 1.0.0.9 Router - Stack-based Buffer Overflow
CVE-2025-7795HIGH22 Jul 2025
Tenda FH451 P2pListFilter fromP2pListFilter stack-based overflow
41RISK
open
Exploit-DB
Discourse 3.1.1 - Unauthenticated Chat Message Access
CVE-2023-45131HIGH22 Jul 2025
Unauthenticated access to new private chat messages in Discourse
41RISK
open
Exploit-DB
PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
CVE-2025-52367MEDIUM16 Jul 2025
Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the
48RISK
open
Exploit-DB
White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)
CVE-2025-44177HIGH16 Jul 2025
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically
56RISK
open
Exploit-DB
TOTOLINK N300RB 8.54 - Command Execution
CVE-2025-52089HIGH16 Jul 2025
A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenti
41RISK
open
Exploit-DB
Keras 2.15 - Remote Code Execution (RCE)
CVE-2025-1550HIGH16 Jul 2025
Arbitrary Code Execution via Crafted Keras Config for Model Loading
41RISK
open
Exploit-DB
NodeJS 24.x - Path Traversal
CVE-2025-27210HIGH16 Jul 2025
An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CO
41RISK
open
Exploit-DB
SugarCRM 14.0.0 - SSRF/Code Injection
CVE-2024-58258HIGH16 Jul 2025
SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can
46RISK
open
Exploit-DB
Langflow 1.2.x - Remote Code Execution (RCE)
CVE-2025-3248CRITICALunder attackransomware16 Jul 2025
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.