Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
8,078 exploits
VulnCheck XDB
local
CVE-2025-7771HIGH07 Sep 2025
Code Execution / Escalation of Privileges in ThrottleStop
41RISK
open
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALunder attack07 Sep 2025
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISK
open
VulnCheck XDB
initial-access
CVE-2008-4250CRITICALunder attack06 Sep 2025
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 20
100RISK
open
VulnCheck XDB
initial-access
CVE-2008-4250CRITICALunder attack06 Sep 2025
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 20
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-54309CRITICALunder attack06 Sep 2025
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-58443CRITICAL06 Sep 2025
FOG's authentication bypass leads to full SQL DB dump
68RISK
open
VulnCheck XDB
initial-access
CVE-2023-22515CRITICALunder attackransomware06 Sep 2025
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited
100RISK
open
VulnCheck XDB
initial-access
CVE-2021-42013CRITICALunder attackransomware05 Sep 2025
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
100RISK
open
VulnCheck XDB
local
CVE-2025-32463CRITICALunder attack05 Sep 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALunder attack05 Sep 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISK
open
VulnCheck XDB
local
CVE-2025-1055MEDIUM04 Sep 2025
K7 Security Anti-Malware: IOCTL in K7RKScan.sys Allows Arbitrary Termination of High-Privilege and System Processes by a Low-Privilege User
33RISK
open
VulnCheck XDB
initial-access
CVE-2020-7961CRITICALunder attack04 Sep 2025
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary c
100RISK
open
VulnCheck XDB
initial-access
CVE-2023-5016404 Sep 2025
Apache Struts: File upload component had a directory traversal vulnerability
45RISK
open
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALunder attack04 Sep 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISK
open
VulnCheck XDB
client-side
CVE-2025-8088HIGHunder attack04 Sep 2025
Path traversal vulnerability in WinRAR
93RISK
open
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware04 Sep 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
local
CVE-2024-1086HIGHunder attackransomware04 Sep 2025
Use-after-free in Linux kernel's netfilter: nf_tables component
76RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-53772HIGH04 Sep 2025
Web Deploy Remote Code Execution Vulnerability
46RISK
open
VulnCheck XDB
local
CVE-2025-6019HIGH03 Sep 2025
Libblockdev: lpe from allow_active to root in libblockdev via udisks
41RISK
open
VulnCheck XDB
initial-access
CVE-2025-54309CRITICALunder attack03 Sep 2025
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALunder attack03 Sep 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISK
open
VulnCheck XDB
local
CVE-2015-132803 Sep 2025
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does no
50RISK
open
VulnCheck XDB
initial-access
CVE-2025-3248CRITICALunder attackransomware03 Sep 2025
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RISK
open
VulnCheck XDB
initial-access
CVE-2024-51568CRITICAL02 Sep 2025
CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecut
75RISK
open
VulnCheck XDB
initial-access
CVE-2019-18935CRITICALunder attackransomware01 Sep 2025
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUp
100RISK
open
VulnCheck XDB
initial-access
CVE-2024-53677CRITICAL01 Sep 2025
Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks
70RISK
open
VulnCheck XDB
initial-access
CVE-2017-9841CRITICALunder attack01 Sep 2025
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
100RISK
open
VulnCheck XDB
initial-access
CVE-2017-11317CRITICALunder attack01 Sep 2025
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload
100RISK
open
VulnCheck XDB
initial-access
CVE-2018-1920701 Sep 2025
The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to exe
60RISK
open
VulnCheck XDB
infoleak
CVE-2025-57819CRITICALunder attack01 Sep 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.