Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
8,078 exploits
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack22 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack22 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack22 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack22 Jan 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
initial-access
CVE-2023-51409CRITICAL22 Jan 2026
WordPress AI Engine plugin <= 1.9.98 - Unauthenticated Arbitrary File Upload vulnerability
75RISK
open
VulnCheck XDB
initial-access
CVE-2024-50498CRITICAL22 Jan 2026
WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability
75RISK
open
VulnCheck XDB
local
CVE-2021-4034HIGHunder attack22 Jan 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISK
open
VulnCheck XDB
local
CVE-2016-5195HIGHunder attack22 Jan 2026
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RISK
open
VulnCheck XDB
initial-access
CVE-2019-10149CRITICALunder attack21 Jan 2026
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message(
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-60021CRITICAL21 Jan 2026
Apache bRPC: Remote command injection vulnerability in heap builtin service
53RISK
open
VulnCheck XDB
initial-access
CVE-2021-36260CRITICALunder attack21 Jan 2026
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation,
100RISK
open
VulnCheck XDB
local
CVE-2023-52271MEDIUM21 Jan 2026
The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any (Protected Process
33RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2019-919321 Jan 2026
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_serve
60RISK
open
VulnCheck XDB
info-leak
CVE-2025-14847HIGHunder attack20 Jan 2026
Zlib compressed protocol header length confusion may allow memory read
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-21858CRITICAL20 Jan 2026
n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling
85RISK
open
VulnCheck XDB
initial-access
CVE-2026-21858CRITICAL20 Jan 2026
n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling
85RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL20 Jan 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
initial-access
CVE-2025-54068CRITICALunder attack20 Jan 2026
Livewire vulnerable to remote command execution during property update hydration
100RISK
open
VulnCheck XDB
local
CVE-2023-0386HIGHunder attack20 Jan 2026
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities wa
86RISK
open
VulnCheck XDB
info-leak
CVE-2026-20805MEDIUMunder attack19 Jan 2026
Desktop Window Manager Information Disclosure Vulnerability
63RISK
open
VulnCheck XDB
initial-access
CVE-2019-2725HIGHunder attackransomware19 Jan 2026
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supporte
100RISK
open
VulnCheck XDB
initial-access
CVE-2024-23897CRITICALunder attackransomware18 Jan 2026
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2026-23550CRITICAL17 Jan 2026
WordPress Modular DS plugin <= 2.5.1 - Privilege Escalation vulnerability
68RISK
open
VulnCheck XDB
initial-access
CVE-2017-7921CRITICALunder attack17 Jan 2026
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 16
100RISK
open
VulnCheck XDB
client-side
CVE-2024-46982HIGH17 Jan 2026
Cache Poisoning in next.js
53RISK
open
VulnCheck XDB
initial-access
CVE-2025-59287CRITICALunder attack16 Jan 2026
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
100RISK
open
VulnCheck XDB
initial-access
CVE-2023-22515CRITICALunder attackransomware16 Jan 2026
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited
100RISK
open
VulnCheck XDB
initial-access
CVE-2023-22515CRITICALunder attackransomware16 Jan 2026
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited
100RISK
open
VulnCheck XDB
initial-access
CVE-2021-36260CRITICALunder attack15 Jan 2026
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation,
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-11953CRITICALunder attack15 Jan 2026
Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests
90RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.