Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
8,078 exploits
VulnCheck XDB
local
CVE-2021-22555HIGHunder attack02 Feb 2026
Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack02 Feb 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-32433CRITICALunder attack02 Feb 2026
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack01 Feb 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-29927CRITICAL01 Feb 2026
Authorization Bypass in Next.js Middleware
85RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack31 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
client-side
CVE-2025-48384HIGHunder attack31 Jan 2026
Git allows arbitrary code execution through broken config quoting
71RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware31 Jan 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack30 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
local
CVE-2026-21858CRITICAL30 Jan 2026
n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling
85RISK
open
VulnCheck XDB
client-side
CVE-2025-40554CRITICAL29 Jan 2026
SolarWinds Web Help Desk Authentication Bypass Vulnerability
75RISK
open
VulnCheck XDB
info-leak
CVE-2025-5419HIGHunder attack29 Jan 2026
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially expl
71RISK
open
VulnCheck XDB
initial-access
CVE-2019-11707HIGHunder attack29 Jan 2026
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow
83RISK
open
VulnCheck XDB
info-leak
CVE-2017-7921CRITICALunder attack28 Jan 2026
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 16
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack28 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack28 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-0920CRITICAL28 Jan 2026
LA-Studio Element Kit for Elementor <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter
48RISK
open
VulnCheck XDB
initial-access
CVE-2021-2449928 Jan 2026
Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution
50RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack27 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack27 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack27 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-54309CRITICALunder attack27 Jan 2026
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and
100RISK
open
VulnCheck XDB
initial-access
CVE-2024-50498CRITICAL27 Jan 2026
WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability
75RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware27 Jan 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
client-side
CVE-2026-21509HIGHunder attack27 Jan 2026
Microsoft Office Security Feature Bypass Vulnerability
93RISK
open
VulnCheck XDB
info-leak
CVE-2026-25253HIGH27 Jan 2026
OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically mak
41RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack27 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2009-310326 Jan 2026
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Window
60RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2026-24061CRITICALunder attack26 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
local
CVE-2023-3881726 Jan 2026
An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to th
23RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.