Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
8,078 exploits
VulnCheck XDB
infoleak
CVE-2025-2294CRITICAL24 Sep 2025
Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion
85RISK
open
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALunder attack24 Sep 2025
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISK
open
VulnCheck XDB
local
CVE-2025-32463CRITICALunder attack23 Sep 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-32432CRITICALunder attack23 Sep 2025
Craft CMS Allows Remote Code Execution
100RISK
open
VulnCheck XDB
infoleak
CVE-2020-3452HIGHunder attack23 Sep 2025
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability
100RISK
open
VulnCheck XDB
client-side
CVE-2024-21413CRITICALunder attack23 Sep 2025
Microsoft Outlook Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-282523 Sep 2025
35RISK
open
VulnCheck XDB
initial-access
CVE-2025-25257CRITICALunder attack22 Sep 2025
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISK
open
VulnCheck XDB
initial-access
CVE-2023-6933HIGH22 Sep 2025
Better Search Replace <= 1.4.4 - Unauthenticated PHP Object Injection
68RISK
open
VulnCheck XDB
initial-access
CVE-2025-34152CRITICAL21 Sep 2025
Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via Time Parameter
75RISK
open
VulnCheck XDB
infoleak
CVE-2025-29927CRITICAL21 Sep 2025
Authorization Bypass in Next.js Middleware
85RISK
open
VulnCheck XDB
infoleak
CVE-2018-13379CRITICALunder attackransomware21 Sep 2025
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-25257CRITICALunder attack21 Sep 2025
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISK
open
VulnCheck XDB
initial-access
CVE-2018-7600CRITICALunder attackransomware21 Sep 2025
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISK
open
VulnCheck XDB
local
CVE-2025-32463CRITICALunder attack20 Sep 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-29927CRITICAL20 Sep 2025
Authorization Bypass in Next.js Middleware
85RISK
open
VulnCheck XDB
local
CVE-2025-32463CRITICALunder attack20 Sep 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-49113CRITICALunder attack19 Sep 2025
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALunder attack18 Sep 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALunder attack18 Sep 2025
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-29306CRITICAL18 Sep 2025
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.htm
75RISK
open
VulnCheck XDB
initial-access
CVE-2023-30258CRITICAL18 Sep 2025
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary com
85RISK
open
VulnCheck XDB
initial-access
CVE-2025-3248CRITICALunder attackransomware17 Sep 2025
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RISK
open
VulnCheck XDB
client-side
CVE-2010-124017 Sep 2025
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of
60RISK
open
VulnCheck XDB
infoleak
CVE-2025-29927CRITICAL17 Sep 2025
Authorization Bypass in Next.js Middleware
85RISK
open
VulnCheck XDB
local
CVE-2021-22600MEDIUMunder attack17 Sep 2025
Double Free in net/packet/af_packet.c leading to priviledge escalation
63RISK
open
VulnCheck XDB
initial-access
CVE-2024-1709CRITICALunder attackransomware16 Sep 2025
Authentication bypass using an alternate path or channel
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-24799HIGH16 Sep 2025
GLPI allows unauthenticated SQL injection through the inventory endpoint
78RISK
open
VulnCheck XDB
initial-access
CVE-2024-1708HIGHunder attackransomware16 Sep 2025
Improper limitation of a pathname to a restricted directory (“path traversal”)
100RISK
open
VulnCheck XDB
initial-access
CVE-2019-3396CRITICALunder attackransomware16 Sep 2025
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from vers
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.