Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
8,078 exploits
VulnCheck XDB
infoleak
CVE-2025-24799HIGH16 Sep 2025
GLPI allows unauthenticated SQL injection through the inventory endpoint
78RISK
open
VulnCheck XDB
initial-access
CVE-2025-3248CRITICALunder attackransomware15 Sep 2025
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RISK
open
VulnCheck XDB
initial-access
CVE-2017-1261115 Sep 2025
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag in
60RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2017-9822HIGHunder attackransomware15 Sep 2025
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code e
100RISK
open
VulnCheck XDB
client-side
CVE-2025-8088HIGHunder attack14 Sep 2025
Path traversal vulnerability in WinRAR
93RISK
open
VulnCheck XDB
local
CVE-2025-48543HIGHunder attack14 Sep 2025
In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use aft
71RISK
open
VulnCheck XDB
infoleak
CVE-2025-57819CRITICALunder attack14 Sep 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISK
open
VulnCheck XDB
client-side
CVE-2025-8088HIGHunder attack13 Sep 2025
Path traversal vulnerability in WinRAR
93RISK
open
VulnCheck XDB
local
CVE-2021-3493HIGHunder attack13 Sep 2025
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting o
98RISK
open
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware13 Sep 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
client-side
CVE-2025-48384HIGHunder attack13 Sep 2025
Git allows arbitrary code execution through broken config quoting
71RISK
open
VulnCheck XDB
initial-access
CVE-2025-54309CRITICALunder attack13 Sep 2025
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-57819CRITICALunder attack12 Sep 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISK
open
VulnCheck XDB
client-side
CVE-2025-4123HIGH12 Sep 2025
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redire
78RISK
open
VulnCheck XDB
local
CVE-2022-0847HIGHunder attack11 Sep 2025
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in cop
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-29927CRITICAL11 Sep 2025
Authorization Bypass in Next.js Middleware
85RISK
open
VulnCheck XDB
initial-access
CVE-2019-18935CRITICALunder attackransomware11 Sep 2025
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUp
100RISK
open
VulnCheck XDB
local
CVE-2021-4034HIGHunder attack11 Sep 2025
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALunder attack10 Sep 2025
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALunder attack10 Sep 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISK
open
VulnCheck XDB
local
CVE-2025-42957CRITICAL10 Sep 2025
Code Injection vulnerability in SAP S/4HANA (Private Cloud or On-Premise)
48RISK
open
VulnCheck XDB
infoleak
CVE-2024-23897CRITICALunder attackransomware10 Sep 2025
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-31161CRITICALunder attackransomware10 Sep 2025
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unle
100RISK
open
VulnCheck XDB
initial-access
CVE-2018-11776HIGHunder attack09 Sep 2025
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullN
100RISK
open
VulnCheck XDB
initial-access
CVE-2021-44228CRITICALunder attackransomware09 Sep 2025
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALunder attack08 Sep 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALunder attack08 Sep 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISK
open
VulnCheck XDB
local
CVE-2025-21333HIGHunder attack08 Sep 2025
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
71RISK
open
VulnCheck XDB
infoleak
CVE-2025-30208MEDIUM08 Sep 2025
Vite bypasses server.fs.deny when using `?raw??`
70RISK
open
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALunder attack07 Sep 2025
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.