Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
8,078 exploits
VulnCheck XDB
local
CVE-2023-4911HIGHunder attack02 Mar 2026
Glibc: buffer overflow in ld.so leading to privilege escalation
100RISK
open
VulnCheck XDB
client-side
CVE-2025-43529HIGHunder attack02 Mar 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and
71RISK
open
VulnCheck XDB
local
CVE-2021-4034HIGHunder attack02 Mar 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-1357CRITICAL02 Mar 2026
Migration, Backup, Staging <= 0.9.123 - Unauthenticated Arbitrary File Upload
75RISK
open
VulnCheck XDB
denial-of-service
CVE-2025-62215HIGHunder attack02 Mar 2026
Windows Kernel Elevation of Privilege Vulnerability
71RISK
open
VulnCheck XDB
initial-access
CVE-2026-3395MEDIUM02 Mar 2026
MaxSite CMS MarkItUp Preview AJAX Endpoint preview-ajax.php eval code injection
33RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-58034MEDIUMunder attack02 Mar 2026
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vul
90RISK
open
VulnCheck XDB
denial-of-service
CVE-2026-2441HIGHunder attack01 Mar 2026
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside
76RISK
open
VulnCheck XDB
initial-access
CVE-2026-3395MEDIUM01 Mar 2026
MaxSite CMS MarkItUp Preview AJAX Endpoint preview-ajax.php eval code injection
33RISK
open
VulnCheck XDB
local
CVE-2021-4034HIGHunder attack01 Mar 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open
VulnCheck XDB
client-side
CVE-2022-30190HIGHunder attackransomware28 Feb 2026
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-21902CRITICAL28 Feb 2026
Junos OS Evolved: PTX Series: A vulnerability allows a unauthenticated, network-based attacker to execute code as root
53RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware28 Feb 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
local
CVE-2024-21626HIGH28 Feb 2026
runc container breakout through process.cwd trickery and leaked fds
61RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2017-9805HIGHunder attack28 Feb 2026
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with a
100RISK
open
VulnCheck XDB
info-leak
CVE-2026-1581HIGH27 Feb 2026
wpForo Forum <= 2.4.14 - Unauthenticated Time-Based SQL Injection
56RISK
open
VulnCheck XDB
local
CVE-2024-35250HIGHunder attack27 Feb 2026
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
91RISK
open
VulnCheck XDB
initial-access
CVE-2022-42475CRITICALunder attackransomware27 Feb 2026
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0
100RISK
open
VulnCheck XDB
initial-access
CVE-2022-21445CRITICALunder attack27 Feb 2026
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF
90RISK
open
VulnCheck XDB
initial-access
CVE-2026-23550CRITICAL26 Feb 2026
WordPress Modular DS plugin <= 2.5.1 - Privilege Escalation vulnerability
68RISK
open
VulnCheck XDB
initial-access
CVE-2026-27174CRITICAL26 Feb 2026
MajorDoMo Unauthenticated Remote Code Execution via Admin Console Eval
63RISK
open
VulnCheck XDB
client-side
CVE-2022-26134CRITICALunder attackransomware26 Feb 2026
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an un
100RISK
open
VulnCheck XDB
local
CVE-2022-36804HIGHunder attack26 Feb 2026
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 bef
100RISK
open
VulnCheck XDB
initial-access
CVE-2023-43208CRITICALunder attackransomware26 Feb 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-32433CRITICALunder attack26 Feb 2026
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISK
open
VulnCheck XDB
initial-access
CVE-2023-43208CRITICALunder attackransomware25 Feb 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISK
open
VulnCheck XDB
initial-access
CVE-2023-43208CRITICALunder attackransomware25 Feb 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISK
open
VulnCheck XDB
info-leak
CVE-2021-2291125 Feb 2026
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenti
60RISK
open
VulnCheck XDB
local
CVE-2022-24481HIGH25 Feb 2026
Windows Common Log File System Driver Elevation of Privilege Vulnerability
46RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2023-30258CRITICAL25 Feb 2026
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary com
85RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.