Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,622cataloged exploits
32,030CVEs with public exploitation
1,932lab-tested
8,100 exploits
VulnCheck XDB
initial-access
CVE-2025-47812CRITICALunder attack17 Jul 2025
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISK
open
VulnCheck XDB
local
CVE-2025-32463CRITICALunder attack17 Jul 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open
VulnCheck XDB
local
CVE-2025-32463CRITICALunder attack16 Jul 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open
VulnCheck XDB
local
CVE-2025-32463CRITICALunder attack16 Jul 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open
VulnCheck XDB
client-side
CVE-2025-48384HIGHunder attack16 Jul 2025
Git allows arbitrary code execution through broken config quoting
71RISK
open
VulnCheck XDB
infoleak
CVE-2025-5777CRITICALunder attackransomware16 Jul 2025
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-32432CRITICALunder attack16 Jul 2025
Craft CMS Allows Remote Code Execution
100RISK
open
VulnCheck XDB
initial-access
CVE-2024-4577CRITICALunder attackransomware16 Jul 2025
Argument Injection in PHP-CGI
100RISK
open
VulnCheck XDB
local
CVE-2025-32463CRITICALunder attack15 Jul 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2018-1261315 Jul 2025
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute
60RISK
open
VulnCheck XDB
initial-access
CVE-2025-25257CRITICALunder attack15 Jul 2025
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-5777CRITICALunder attackransomware15 Jul 2025
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-5777CRITICALunder attackransomware15 Jul 2025
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-29927CRITICAL14 Jul 2025
Authorization Bypass in Next.js Middleware
85RISK
open
VulnCheck XDB
infoleak
CVE-2025-49493MEDIUM14 Jul 2025
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.
48RISK
open
VulnCheck XDB
infoleak
CVE-2025-52488HIGH14 Jul 2025
DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input
68RISK
open
VulnCheck XDB
initial-access
CVE-2025-7340CRITICAL14 Jul 2025
HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Upload
48RISK
open
VulnCheck XDB
client-side
CVE-2025-44136CRITICAL14 Jul 2025
MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an e
63RISK
open
VulnCheck XDB
local
CVE-2025-32463CRITICALunder attack14 Jul 2025
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISK
open
VulnCheck XDB
initial-access
CVE-2023-536014 Jul 2025
Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload
60RISK
open
VulnCheck XDB
initial-access
CVE-2025-25257CRITICALunder attack14 Jul 2025
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-44137HIGH14 Jul 2025
MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is resp
56RISK
open
VulnCheck XDB
initial-access
CVE-2025-48827CRITICAL14 Jul 2025
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers'
85RISK
open
VulnCheck XDB
initial-access
CVE-2025-24016CRITICALunder attack13 Jul 2025
Remote code execution in Wazuh server
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-22457CRITICALunder attackransomware13 Jul 2025
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7
100RISK
open
VulnCheck XDB
infoleak
CVE-2025-31125MEDIUMunder attack13 Jul 2025
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
90RISK
open
VulnCheck XDB
initial-access
CVE-2015-856213 Jul 2025
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbi
60RISK
open
VulnCheck XDB
initial-access
CVE-2025-3408513 Jul 2025
35RISK
open
VulnCheck XDB
infoleak
CVE-2024-24919HIGHunder attackransomware12 Jul 2025
Information disclosure
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-24813CRITICALunder attack12 Jul 2025
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.