Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,181cataloged exploits
31,691CVEs with public exploitation
0lab-tested
8,078 exploits
VulnCheck XDB
initial-access
CVE-2022-4288923 Jul 2025
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
60RISK
open
VulnCheck XDB
initial-access
CVE-2024-4577CRITICALunder attackransomware23 Jul 2025
Argument Injection in PHP-CGI
100RISK
open
VulnCheck XDB
infoleak
CVE-2018-1171423 Jul 2025
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00
35RISK
open
VulnCheck XDB
denial-of-service
CVE-2023-44487HIGHunder attack23 Jul 2025
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many
93RISK
open
VulnCheck XDB
infoleak
CVE-2025-29927CRITICAL23 Jul 2025
Authorization Bypass in Next.js Middleware
85RISK
open
VulnCheck XDB
infoleak
CVE-2017-12637HIGHunder attack23 Jul 2025
Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Se
100RISK
open
VulnCheck XDB
initial-access
CVE-2018-120722 Jul 2025
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute
60RISK
open
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware22 Jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
initial-access
CVE-2023-346022 Jul 2025
Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation
60RISK
open
VulnCheck XDB
infoleak
CVE-2019-713922 Jul 2025
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which ca
43RISK
open
VulnCheck XDB
initial-access
CVE-2018-120722 Jul 2025
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute
60RISK
open
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware22 Jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware22 Jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-282522 Jul 2025
35RISK
open
VulnCheck XDB
local
CVE-2025-32463CRITICALunder attack22 Jul 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-3408522 Jul 2025
35RISK
open
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware22 Jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
infoleak
CVE-2022-138622 Jul 2025
Fusion Builder < 3.6.2 - Unauthenticated SSRF
60RISK
open
VulnCheck XDB
initial-access
CVE-2025-3408522 Jul 2025
35RISK
open
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware21 Jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
initial-access
CVE-2023-7028CRITICALunder attack21 Jul 2025
Weak Password Recovery Mechanism for Forgotten Password in GitLab
100RISK
open
VulnCheck XDB
client-side
CVE-2024-4947CRITICALunder attack21 Jul 2025
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside
83RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2023-3864621 Jul 2025
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary comman
60RISK
open
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware21 Jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware21 Jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-49706MEDIUMunder attackransomware20 Jul 2025
Microsoft SharePoint Server Spoofing Vulnerability
100RISK
open
VulnCheck XDB
client-side
CVE-2025-48384HIGHunder attack20 Jul 2025
Git allows arbitrary code execution through broken config quoting
71RISK
open
VulnCheck XDB
initial-access
CVE-2025-3408520 Jul 2025
35RISK
open
VulnCheck XDB
initial-access
CVE-2025-25257CRITICALunder attack19 Jul 2025
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-41646CRITICAL19 Jul 2025
RevPi Webstatus application is vulnerable to an authentication bypass
75RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.