Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
3,462 exploits
Metasploit600
QNAP QTS and QuTS Hero Unauthenticated Remote Code Execution in quick.cgi
QTS, QuTS hero, QuTScloud
70RISK
open ↗Metasploit300
WordPress Ultimate Member SQL Injection (CVE-2024-1071)
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugi
85RISK
open ↗Metasploit300
Rancher Audit Log Sensitive Information Leak
Rancher 'Audit Log' leaks sensitive information
36RISK
open ↗Metasploit600
runc (docker) File Descriptor Leak Privilege Escalation
runc container breakout through process.cwd trickery and leaked fds
61RISK
open ↗Metasploit600
Ivanti Connect Secure Unauthenticated Remote Code Execution
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x,
100RISK
open ↗Metasploit600
Ivanti Connect Secure Unauthenticated Remote Code Execution
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy
100RISK
open ↗Metasploit600
Ivanti Connect Secure Unauthenticated Remote Code Execution
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyIn
36RISK
open ↗Metasploit300
Zyxel parse_config.py Command Injection
A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.3
41RISK
open ↗Metasploit300
Jenkins cli Ampersand Replacement Arbitrary File Read
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RISK
open ↗Metasploit600
Fortra GoAnywhere MFT Unauthenticated Remote Code Execution
Authentication Bypass in GoAnywhere MFT
85RISK
open ↗Metasploit600
Gambio Online Webshop unauthenticated PHP Deserialization Vulnerability
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" paramete
55RISK
open ↗Metasploit600
Atlassian Confluence SSTI Injection
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated atta
100RISK
open ↗Metasploit300
GitLab Password Reset Account Takeover
Weak Password Recovery Mechanism for Forgotten Password in GitLab
100RISK
open ↗Metasploit600
Netis router MW5360 unauthenticated RCE.
NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter
65RISK
open ↗Metasploit600
Ivanti Connect Secure Unauthenticated Remote Code Execution
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a re
100RISK
open ↗Metasploit300
Wordpress POST SMTP Account Takeover
POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app API
85RISK
open ↗Metasploit600
Ivanti Connect Secure Unauthenticated Remote Code Execution
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x,
100RISK
open ↗Metasploit600
Barracuda ESG Spreadsheet::ParseExcel Arbitrary Code Execution
Remote Code Execution (RCE) Vulnerability
30RISK
open ↗Metasploit600
Barracuda ESG Spreadsheet::ParseExcel Arbitrary Code Execution
Arbitrary Code Execution (ACE) Vulnerability
71RISK
open ↗Metasploit600
MajorDoMo Command Injection
MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE:
50RISK
open ↗Metasploit600
WordPress Backup Migration Plugin PHP Filter Chain RCE
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RISK
open ↗Metasploit600
GL.iNet Unauthenticated Remote Command Execution via the logread module.
Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000
36RISK
open ↗Metasploit600
GL.iNet Unauthenticated Remote Command Execution via the logread module.
An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string
75RISK
open ↗Metasploit600
Chamilo v1.11.24 Unrestricted File Upload PHP Webshell
Chamilo LMS Unauthenticated Big Upload File Remote Code Execution
78RISK
open ↗Metasploit600
Splunk Authenticated XSLT Upload RCE
Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing
58RISK
open ↗Metasploit300
Control iD iDSecure Authentication Bypass (CVE-2023-6329)
Control iD iDSecure passwordCustom Authentication Bypass
75RISK
open ↗Metasploit600
WordPress Royal Elementor Addons RCE
Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload
60RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.