Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
8,078 exploits
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL21 Mar 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-33017CRITICALunder attack21 Mar 2026
Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-33017CRITICALunder attack21 Mar 2026
Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-33017CRITICALunder attack21 Mar 2026
Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
100RISK
open
VulnCheck XDB
initial-access
CVE-2024-36991HIGH21 Mar 2026
Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows
61RISK
open
VulnCheck XDB
initial-access
CVE-2026-1492CRITICAL20 Mar 2026
User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration
68RISK
open
VulnCheck XDB
initial-access
CVE-2019-023219 Mar 2026
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0
60RISK
open
VulnCheck XDB
initial-access
CVE-2025-54236CRITICALunder attack19 Mar 2026
Adobe Commerce | Improper Input Validation (CWE-20)
100RISK
open
VulnCheck XDB
initial-access
CVE-2021-41773HIGHunder attackransomware18 Mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
VulnCheck XDB
info-leak
CVE-2021-41773HIGHunder attackransomware18 Mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
VulnCheck XDB
initial-access
CVE-2021-41773HIGHunder attackransomware18 Mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
VulnCheck XDB
initial-access
CVE-2021-41773HIGHunder attackransomware18 Mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack18 Mar 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware18 Mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
denial-of-service
CVE-2025-29824HIGHunder attackransomware17 Mar 2026
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RISK
open
VulnCheck XDB
initial-access
CVE-2025-3248CRITICALunder attackransomware16 Mar 2026
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RISK
open
VulnCheck XDB
info-leak
CVE-2021-41773HIGHunder attackransomware16 Mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
VulnCheck XDB
initial-access
CVE-2017-9805HIGHunder attack16 Mar 2026
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with a
100RISK
open
VulnCheck XDB
initial-access
CVE-2021-41773HIGHunder attackransomware15 Mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
VulnCheck XDB
initial-access
CVE-2021-44228CRITICALunder attackransomware15 Mar 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-27944CRITICAL14 Mar 2026
Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure
68RISK
open
VulnCheck XDB
client-side
CVE-2024-23222HIGHunder attack13 Mar 2026
A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.
76RISK
open
VulnCheck XDB
initial-access
CVE-2024-47176MEDIUM13 Mar 2026
cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source
60RISK
open
VulnCheck XDB
initial-access
CVE-2023-43208CRITICALunder attackransomware13 Mar 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-12057CRITICAL13 Mar 2026
WavePlayer < 3.8.0 - Unauthenticated Arbitrary File Upload
48RISK
open
VulnCheck XDB
initial-access
CVE-2025-49844CRITICAL13 Mar 2026
Redis Lua Use-After-Free may lead to remote code execution
85RISK
open
VulnCheck XDB
initial-access
CVE-2023-43208CRITICALunder attackransomware12 Mar 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISK
open
VulnCheck XDB
client-side
CVE-2026-21509HIGHunder attack12 Mar 2026
Microsoft Office Security Feature Bypass Vulnerability
93RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware12 Mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2023-43208CRITICALunder attackransomware12 Mar 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.