There are lots of exploits, and every time someone publishes a rooting method that does not require "fastboot oem unlock" (gingerbreak, ashmem, mempodroid, exploid, etc) it's one of the CVEs being exploited.