Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,294cataloged exploits
31,742CVEs with public exploitation
0lab-tested
8,100 exploits
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware22 Jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-3408522 Jul 2025
35RISK
open
VulnCheck XDB
local
CVE-2025-32463CRITICALunder attack22 Jul 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-282522 Jul 2025
35RISK
open
VulnCheck XDB
initial-access
CVE-2018-120722 Jul 2025
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute
60RISK
open
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware22 Jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-3408522 Jul 2025
35RISK
open
VulnCheck XDB
initial-access
CVE-2023-346022 Jul 2025
Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation
60RISK
open
VulnCheck XDB
initial-access
CVE-2018-120722 Jul 2025
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute
60RISK
open
VulnCheck XDB
infoleak
CVE-2022-138622 Jul 2025
Fusion Builder < 3.6.2 - Unauthenticated SSRF
60RISK
open
VulnCheck XDB
infoleak
CVE-2019-713922 Jul 2025
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which ca
43RISK
open
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware21 Jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2023-3864621 Jul 2025
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary comman
60RISK
open
VulnCheck XDB
initial-access
CVE-2023-7028CRITICALunder attack21 Jul 2025
Weak Password Recovery Mechanism for Forgotten Password in GitLab
100RISK
open
VulnCheck XDB
client-side
CVE-2024-4947CRITICALunder attack21 Jul 2025
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside
83RISK
open
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware21 Jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-53770CRITICALunder attackransomware21 Jul 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-3408520 Jul 2025
35RISK
open
VulnCheck XDB
client-side
CVE-2025-48384HIGHunder attack20 Jul 2025
Git allows arbitrary code execution through broken config quoting
71RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-49706MEDIUMunder attackransomware20 Jul 2025
Microsoft SharePoint Server Spoofing Vulnerability
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-49113CRITICALunder attack19 Jul 2025
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-41646CRITICAL19 Jul 2025
RevPi Webstatus application is vulnerable to an authentication bypass
75RISK
open
VulnCheck XDB
initial-access
CVE-2025-25257CRITICALunder attack19 Jul 2025
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISK
open
VulnCheck XDB
infoleak
CVE-2024-20767HIGHunder attack19 Jul 2025
ColdFusion | Improper Access Control (CWE-284)
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-25257CRITICALunder attack19 Jul 2025
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-31161CRITICALunder attackransomware19 Jul 2025
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unle
100RISK
open
VulnCheck XDB
client-side
CVE-2025-47176HIGH18 Jul 2025
Microsoft Outlook Remote Code Execution Vulnerability
41RISK
open
VulnCheck XDB
local
CVE-2025-32463CRITICALunder attack18 Jul 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open
VulnCheck XDB
local
CVE-2021-3156HIGHunder attack18 Jul 2025
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-49113CRITICALunder attack18 Jul 2025
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.