Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
8,078 exploits
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALunder attack08 Aug 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALunder attack08 Aug 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-24354MEDIUM08 Aug 2025
imgproxy is vulnerable to SSRF against 0.0.0.0
48RISK
open
VulnCheck XDB
initial-access
CVE-2022-22947CRITICALunder attack08 Aug 2025
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALunder attack08 Aug 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALunder attack07 Aug 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-5777CRITICALunder attackransomware07 Aug 2025
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-30406CRITICALunder attack07 Aug 2025
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-53770CRITICALunder attackransomware07 Aug 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALunder attack07 Aug 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALunder attack07 Aug 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISK
open
VulnCheck XDB
client-side
CVE-2025-48384HIGHunder attack07 Aug 2025
Git allows arbitrary code execution through broken config quoting
71RISK
open
VulnCheck XDB
initial-access
CVE-2025-34152CRITICAL07 Aug 2025
Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via Time Parameter
75RISK
open
VulnCheck XDB
denial-of-service
CVE-2020-0796CRITICALunder attackransomware06 Aug 2025
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol h
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-24813CRITICALunder attack06 Aug 2025
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALunder attack06 Aug 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALunder attack05 Aug 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISK
open
VulnCheck XDB
initial-access
CVE-2024-4577CRITICALunder attackransomware05 Aug 2025
Argument Injection in PHP-CGI
100RISK
open
VulnCheck XDB
local
CVE-2025-32463CRITICALunder attack05 Aug 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open
VulnCheck XDB
infoleak
CVE-2014-0160HIGHunder attack05 Aug 2025
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
100RISK
open
VulnCheck XDB
initial-access
CVE-2023-7028CRITICALunder attack05 Aug 2025
Weak Password Recovery Mechanism for Forgotten Password in GitLab
100RISK
open
VulnCheck XDB
local
CVE-2025-32463CRITICALunder attack05 Aug 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open
VulnCheck XDB
local
CVE-2023-22809HIGH05 Aug 2025
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environmen
68RISK
open
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALunder attack05 Aug 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALunder attack04 Aug 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISK
open
VulnCheck XDB
initial-access
CVE-2018-7600CRITICALunder attackransomware04 Aug 2025
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISK
open
VulnCheck XDB
infoleak
CVE-2021-44228CRITICALunder attackransomware04 Aug 2025
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-7340CRITICAL04 Aug 2025
HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Upload
48RISK
open
VulnCheck XDB
client-side
CVE-2025-48384HIGHunder attack04 Aug 2025
Git allows arbitrary code execution through broken config quoting
71RISK
open
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALunder attack04 Aug 2025
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.