Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
8,069 exploits
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack06 Jun 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
local
CVE-2022-0847HIGHunder attack06 Jun 2026
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in cop
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2026-34197HIGHunder attack06 Jun 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL05 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL05 Jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
initial-access
CVE-2026-8206CRITICAL05 Jun 2026
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RISK
open
VulnCheck XDB
local
CVE-2026-43284HIGH05 Jun 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
VulnCheck XDB
info-leak
CVE-2025-49132CRITICAL05 Jun 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISK
open
VulnCheck XDB
initial-access
CVE-2026-3300CRITICAL05 Jun 2026
Everest Forms Pro <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field
75RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack05 Jun 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware05 Jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack05 Jun 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL05 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
info-leak
CVE-2013-611704 Jun 2026
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive informatio
60RISK
open
VulnCheck XDB
info-leak
CVE-2024-1698CRITICAL04 Jun 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor <= 2.8.2 - Unauthenticated SQL Injection
85RISK
open
VulnCheck XDB
denial-of-service
CVE-2026-41089CRITICAL04 Jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL04 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-34234CRITICAL04 Jun 2026
CtrlPanel: Unauthenticated RCE using installer script
48RISK
open
VulnCheck XDB
initial-access
CVE-2020-10148CRITICALunder attack04 Jun 2026
SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands
100RISK
open
VulnCheck XDB
initial-access
CVE-2021-44228CRITICALunder attackransomware04 Jun 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISK
open
VulnCheck XDB
info-leak
CVE-2026-0257HIGHunder attack03 Jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open
VulnCheck XDB
initial-access
CVE-2024-36401CRITICALunder attack03 Jun 2026
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack03 Jun 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-41089CRITICAL03 Jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RISK
open
VulnCheck XDB
local
CVE-2026-43500HIGH03 Jun 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL03 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-8206CRITICAL02 Jun 2026
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL02 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL02 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-8181CRITICAL02 Jun 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.