Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
8,069 exploits
VulnCheck XDB
initial-access
CVE-2021-41773HIGHunder attackransomware21 May 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
VulnCheck XDB
local
CVE-2026-43500HIGH20 May 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RISK
open
VulnCheck XDB
info-leak
CVE-2018-14847CRITICALunder attack20 May 2026
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated
100RISK
open
VulnCheck XDB
local
CVE-2026-43500HIGH20 May 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RISK
open
VulnCheck XDB
initial-access
CVE-2025-29927CRITICAL20 May 2026
Authorization Bypass in Next.js Middleware
85RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-8110HIGHunder attack20 May 2026
File overwrite in file update API in Gogs
100RISK
open
VulnCheck XDB
local
CVE-2021-4034HIGHunder attack20 May 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open
VulnCheck XDB
local
CVE-2021-4034HIGHunder attack20 May 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2026-42271HIGHunder attack20 May 2026
LiteLLM: Authenticated command execution via MCP stdio test endpoints
100RISK
open
VulnCheck XDB
denial-of-service
CVE-2026-42945CRITICAL19 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL19 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware19 May 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
local
CVE-2026-43284HIGH19 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
VulnCheck XDB
local
CVE-2024-37032HIGH19 May 2026
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,
78RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack18 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2026-34197HIGHunder attack18 May 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-34197HIGHunder attack18 May 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RISK
open
VulnCheck XDB
local
CVE-2021-4034HIGHunder attack18 May 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open
VulnCheck XDB
initial-access
CVE-2024-27198CRITICALunder attackransomware18 May 2026
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack18 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2020-17103HIGH18 May 2026
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
46RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware18 May 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack17 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2020-17103HIGH17 May 2026
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
46RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-59528CRITICAL17 May 2026
Flowise has Remote Code Execution vulnerability
85RISK
open
VulnCheck XDB
initial-access
CVE-2026-8181CRITICAL17 May 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack17 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-8181CRITICAL16 May 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL16 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
local
CVE-2026-43284HIGH16 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.