Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
22,467 exploits
Exploit-DB
Grandstream GSD3710 1.0.11.13 - Stack Overflow
CVE-2022-2025CRITICAL05 Jun 2025
Grandstream GSD3710 Stack-based Buffer Overflow
48RISK
open
Exploit-DB
Apache Tomcat 10.1.39 - Denial of Service (DoS)
CVE-2025-31650HIGH05 Jun 2025
Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame
53RISK
open
Exploit-DB
Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
CVE-2025-30397HIGHunder attack05 Jun 2025
Scripting Engine Memory Corruption Vulnerability
76RISK
open
Exploit-DB
macOS LaunchDaemon iOS 17.2 - Privilege Escalation
CVE-2025-24085CRITICALunder attack05 Jun 2025
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, i
83RISK
open
Exploit-DB
WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
CVE-2025-4094CRITICAL29 May 2025
Digits < 8.4.6.1 - Auth Bypass via OTP Bruteforcing
53RISK
open
Exploit-DB
Windows File Explorer Windows 11 (23H2) - NTLM Hash Disclosure
CVE-2025-24071MEDIUM29 May 2025
Microsoft Windows File Explorer Spoofing Vulnerability
38RISK
open
Exploit-DB
Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
CVE-2024-0204CRITICAL29 May 2025
Authentication Bypass in GoAnywhere MFT
85RISK
open
Exploit-DB
SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
CVE-2024-28995HIGHunder attack29 May 2025
SolarWinds Serv-U L Directory Transversal Vulnerability
100RISK
open
Exploit-DB
Java-springboot-codebase 1.1 - Arbitrary File Read
CVE-2025-46822HIGH25 May 2025
Unauthenticated Arbitrary File Read via Absolute Path
56RISK
open
Exploit-DB
Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow
CVE-2022-2070CRITICAL25 May 2025
Grandstream GSD3710 Stack-based Buffer Overflow
48RISK
open
Exploit-DB
WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass
CVE-2025-2594HIGH25 May 2025
User Registration & Membership < 4.1.3 - Authentication Bypass
41RISK
open
Exploit-DB
CrushFTP 11.3.1 - Authentication Bypass
CVE-2025-31161CRITICALunder attackransomware18 May 2025
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unle
100RISK
open
Exploit-DB
Invision Community 5.0.6 - Remote Code Execution (RCE)
CVE-2025-47916CRITICAL18 May 2025
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The
85RISK
open
Exploit-DB
Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
CVE-2025-32370HIGH13 May 2025
Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uplo
41RISK
open
Exploit-DB
WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
CVE-2025-3605CRITICAL13 May 2025
Frontend Login and Registration Blocks <= 1.1.1 - Unauthenticated Privilege Escalation via Account Takeover
63RISK
open
Exploit-DB
TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
CVE-2024-11237HIGH13 May 2025
TP-Link VN020 F3v(T) DHCP DISCOVER Packet Parser TP-Thumper stack-based overflow
41RISK
open
Exploit-DB
SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
CVE-2025-27007CRITICAL09 May 2025
WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability
75RISK
open
Exploit-DB
WordPress Depicter Plugin 3.6.1 - SQL Injection
CVE-2025-2011HIGH09 May 2025
Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection via 's' Parameter
68RISK
open
Exploit-DB
Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
CVE-2025-27533MEDIUM09 May 2025
Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation
33RISK
open
Exploit-DB
Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
CVE-2025-47226MEDIUM06 May 2025
Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.
33RISK
open
Exploit-DB
Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
CVE-2025-24054MEDIUMunder attack01 May 2025
NTLM Hash Disclosure Spoofing Vulnerability
75RISK
open
Exploit-DB
unzip-stream 0.3.1 - Arbitrary File Write
CVE-2024-42471HIGH30 Apr 2025
Arbitrary File Write via artifact extraction in actions/artifact
41RISK
open
Exploit-DB
tar-fs 3.0.0 - Arbitrary File Write/Overwrite
CVE-2024-12905HIGH22 Apr 2025
An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted
41RISK
open
Exploit-DB
FoxCMS 1.2.5 - Remote Code Execution (RCE)
CVE-2025-29306CRITICAL19 Apr 2025
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.htm
75RISK
open
Exploit-DB
Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation
CVE-2024-11972CRITICAL18 Apr 2025
Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation
75RISK
open
Exploit-DB
KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated SQL Injection
CVE-2024-11728HIGH18 Apr 2025
KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Unauthenticated SQL Injection
61RISK
open
Exploit-DB
Langflow 1.3.0 - Remote Code Execution (RCE)
CVE-2025-3248CRITICALunder attackransomware18 Apr 2025
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RISK
open
Exploit-DB
Inventio Lite 4 - SQL Injection
CVE-2024-44541CRITICAL18 Apr 2025
evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action
48RISK
open
Exploit-DB
UJCMS 9.6.3 - User Enumeration via IDOR
CVE-2024-12483MEDIUM18 Apr 2025
Dromara UJCMS User ID id authorization
33RISK
open
Exploit-DB
Apache Commons Text 1.10.0 - Remote Code Execution
CVE-2022-4288918 Apr 2025
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
60RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.