Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
8,078 exploits
VulnCheck XDB
local
CVE-2025-32463CRITICALunder attack29 Jul 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware28 Jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-32429CRITICAL28 Jul 2025
XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter
85RISK
open
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware28 Jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-2294CRITICAL28 Jul 2025
Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion
85RISK
open
VulnCheck XDB
client-side
CVE-2025-48384HIGHunder attack28 Jul 2025
Git allows arbitrary code execution through broken config quoting
71RISK
open
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware27 Jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
initial-access
CVE-2017-5638CRITICALunder attackransomware27 Jul 2025
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-47812CRITICALunder attack27 Jul 2025
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-32429CRITICAL26 Jul 2025
XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter
85RISK
open
VulnCheck XDB
initial-access
CVE-2025-54309CRITICALunder attack26 Jul 2025
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware25 Jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
initial-access
CVE-2023-27372CRITICAL25 Jul 2025
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. T
85RISK
open
VulnCheck XDB
initial-access
CVE-2014-6271CRITICALunder attack25 Jul 2025
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware25 Jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-32429CRITICAL25 Jul 2025
XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter
85RISK
open
VulnCheck XDB
initial-access
CVE-2025-54782CRITICAL25 Jul 2025
@nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers
75RISK
open
VulnCheck XDB
client-side
CVE-2023-23397CRITICALunder attack25 Jul 2025
Microsoft Outlook Elevation of Privilege Vulnerability
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-1302CRITICAL24 Jul 2025
Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input
68RISK
open
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware24 Jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
infoleak
CVE-2024-23897CRITICALunder attackransomware24 Jul 2025
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RISK
open
VulnCheck XDB
client-side
CVE-2025-6558HIGHunder attack24 Jul 2025
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote at
71RISK
open
VulnCheck XDB
infoleak
CVE-2025-5777CRITICALunder attackransomware24 Jul 2025
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware23 Jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-53770CRITICALunder attackransomware23 Jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware23 Jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
initial-access
CVE-2021-45046CRITICALunder attackransomware23 Jul 2025
Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack
100RISK
open
VulnCheck XDB
client-side
CVE-2024-4947CRITICALunder attack23 Jul 2025
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside
83RISK
open
VulnCheck XDB
initial-access
CVE-2025-32756CRITICALunder attack23 Jul 2025
A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCa
90RISK
open
VulnCheck XDB
client-side
CVE-2025-27363HIGHunder attack23 Jul 2025
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when
76RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.