Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
8,069 exploits
VulnCheck XDB
info-leak
CVE-2026-7515CRITICAL19 Jun 2026
BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style
48RISK
open
VulnCheck XDB
local
CVE-2021-3560HIGHunder attack19 Jun 2026
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privile
91RISK
open
VulnCheck XDB
initial-access
CVE-2026-10520CRITICAL19 Jun 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISK
open
VulnCheck XDB
initial-access
CVE-2021-27876HIGHunder attackransomware18 Jun 2026
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires suc
91RISK
open
VulnCheck XDB
initial-access
CVE-2026-10520CRITICAL18 Jun 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-54123CRITICAL18 Jun 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RISK
open
VulnCheck XDB
local
CVE-2025-21479HIGHunder attack18 Jun 2026
Incorrect Authorization in Graphics
71RISK
open
VulnCheck XDB
initial-access
CVE-2026-42208CRITICALunder attack18 Jun 2026
LiteLLM: SQL injection in Proxy API key verification
100RISK
open
VulnCheck XDB
info-leak
CVE-2026-7515CRITICAL18 Jun 2026
BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style
48RISK
open
VulnCheck XDB
initial-access
CVE-2026-39808CRITICAL18 Jun 2026
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F
75RISK
open
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALunder attack18 Jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISK
open
VulnCheck XDB
local
CVE-2021-3156HIGHunder attack17 Jun 2026
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISK
open
VulnCheck XDB
initial-access
CVE-2021-44228CRITICALunder attackransomware17 Jun 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISK
open
VulnCheck XDB
initial-access
CVE-2021-3442717 Jun 2026
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessibl
50RISK
open
VulnCheck XDB
client-side
CVE-2024-42009CRITICALunder attack17 Jun 2026
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to stea
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALunder attack17 Jun 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-8206CRITICAL17 Jun 2026
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2026-7465HIGH17 Jun 2026
Spectra Gutenberg Blocks <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution via Arbitrary PHP Function Call via Block Attributes
41RISK
open
VulnCheck XDB
initial-access
CVE-2026-49060CRITICAL17 Jun 2026
WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability
48RISK
open
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALunder attack17 Jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALunder attack17 Jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISK
open
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL17 Jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISK
open
VulnCheck XDB
info-leak
CVE-2025-49132CRITICAL16 Jun 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISK
open
VulnCheck XDB
initial-access
CVE-2026-50751CRITICALunder attackransomware16 Jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RISK
open
VulnCheck XDB
info-leak
CVE-2026-9082CRITICALunder attack16 Jun 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISK
open
VulnCheck XDB
info-leak
CVE-2024-23897CRITICALunder attackransomware16 Jun 2026
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RISK
open
VulnCheck XDB
remote-with-credentials
CVE-2025-49844CRITICAL16 Jun 2026
Redis Lua Use-After-Free may lead to remote code execution
85RISK
open
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALunder attackransomware16 Jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open
VulnCheck XDB
info-leak
CVE-2025-30208MEDIUM16 Jun 2026
Vite bypasses server.fs.deny when using `?raw??`
70RISK
open
VulnCheck XDB
initial-access
CVE-2026-0257HIGHunder attack15 Jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.