Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,053cataloged exploits
31,617CVEs with public exploitation
0lab-tested
8,060 exploits
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALunder attack29 Jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL28 Jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware28 Jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-48908CRITICAL28 Jun 2026
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISK
open
VulnCheck XDB
initial-access
CVE-2020-7247CRITICALunder attack28 Jun 2026
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to
100RISK
open
VulnCheck XDB
local
CVE-2023-0386HIGHunder attack28 Jun 2026
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities wa
86RISK
open
VulnCheck XDB
local
CVE-2026-31431HIGHunder attack27 Jun 2026
crypto: algif_aead - Revert to operating out-of-place
100RISK
open
VulnCheck XDB
local
CVE-2026-24061CRITICALunder attack27 Jun 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
local
CVE-2016-5195HIGHunder attack27 Jun 2026
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack27 Jun 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALunder attack27 Jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALunder attack27 Jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open
VulnCheck XDB
info-leak
CVE-2026-26980CRITICAL26 Jun 2026
Ghost has a SQL Injection in its Content API
75RISK
open
VulnCheck XDB
client-side
CVE-2025-8088HIGHunder attack26 Jun 2026
Path traversal vulnerability in WinRAR
93RISK
open
VulnCheck XDB
initial-access
CVE-2026-26980CRITICAL26 Jun 2026
Ghost has a SQL Injection in its Content API
75RISK
open
VulnCheck XDB
initial-access
CVE-2026-20253CRITICALunder attack26 Jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RISK
open
VulnCheck XDB
local
CVE-2025-61155MEDIUM25 Jun 2026
The GameDriverX64.sys kernel-mode anti-cheat driver (v7.23.4.7 and earlier) contains an access control vulnerability in
33RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-8110HIGHunder attack25 Jun 2026
File overwrite in file update API in Gogs
100RISK
open
VulnCheck XDB
local
CVE-2016-5195HIGHunder attack25 Jun 2026
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RISK
open
VulnCheck XDB
initial-access
CVE-2026-20230HIGH25 Jun 2026
Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability
53RISK
open
VulnCheck XDB
initial-access
CVE-2023-20198CRITICALunder attack25 Jun 2026
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-8181CRITICAL25 Jun 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISK
open
VulnCheck XDB
initial-access
CVE-2021-29441HIGH25 Jun 2026
Authentication bypass
78RISK
open
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALunder attack24 Jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISK
open
VulnCheck XDB
initial-access
CVE-2021-22205CRITICALunder attackransomware24 Jun 2026
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validati
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-58034MEDIUMunder attack24 Jun 2026
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vul
90RISK
open
VulnCheck XDB
initial-access
CVE-2021-42013CRITICALunder attackransomware24 Jun 2026
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-32432CRITICALunder attack24 Jun 2026
Craft CMS Allows Remote Code Execution
100RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware24 Jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
client-side
CVE-2024-21413CRITICALunder attack23 Jun 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.