Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
8,069 exploits
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack13 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack13 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2021-3129CRITICALunder attackransomware12 May 2026
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitra
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack12 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-41940CRITICALunder attackransomware12 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
VulnCheck XDB
info-leak
CVE-2023-27163MEDIUM12 May 2026
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baske
48RISK
open
VulnCheck XDB
client-side
CVE-2024-21413CRITICALunder attack12 May 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack12 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2023-4220HIGH12 May 2026
Chamilo LMS Unauthenticated Big Upload File Remote Code Execution
78RISK
open
VulnCheck XDB
client-side
CVE-2026-34621HIGHunder attack12 May 2026
Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
71RISK
open
VulnCheck XDB
initial-access
CVE-2025-2492CRITICAL12 May 2026
An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted req
48RISK
open
VulnCheck XDB
denial-of-service
CVE-2026-6664HIGH12 May 2026
PgBouncer integer overflow in PgBouncer network packet parsing
41RISK
open
VulnCheck XDB
local
CVE-2024-0582HIGH12 May 2026
Kernel: io_uring: page use-after-free vulnerability via buffer ring mmap
46RISK
open
VulnCheck XDB
initial-access
CVE-2026-5718HIGH12 May 2026
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RISK
open
VulnCheck XDB
denial-of-service
CVE-2026-42945CRITICAL12 May 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack11 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-43284HIGH11 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack11 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-41940CRITICALunder attackransomware11 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-0740CRITICAL11 May 2026
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-41940CRITICALunder attackransomware11 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack11 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack11 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-54068CRITICALunder attack11 May 2026
Livewire vulnerable to remote command execution during property update hydration
100RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack11 May 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
info-leak
CVE-2026-42208CRITICALunder attack10 May 2026
LiteLLM: SQL injection in Proxy API key verification
100RISK
open
VulnCheck XDB
local
CVE-2026-43284HIGH10 May 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISK
open
VulnCheck XDB
initial-access
CVE-2020-25213CRITICALunder attack10 May 2026
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-41940CRITICALunder attackransomware10 May 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-3844CRITICAL10 May 2026
Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
75RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.