Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
22,467 exploits
Exploit-DB
Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover
Expedition: Missing Authentication Leads to Admin Account Takeover
100RISK
open ↗Exploit-DB
Backup and Staging by WP Time Capsule 1.22.21 - Unauthenticated Arbitrary File Upload
Backup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File Upload
85RISK
open ↗Exploit-DB
Watcharr 1.43.0 - Remote Code Execution (RCE)
An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the
41RISK
open ↗Exploit-DB
DataEase 2.4.0 - Database Configuration Information Exposure
DataEase has database configuration information exposure vulnerability
53RISK
open ↗Exploit-DB
Exclusive Addons for Elementor 2.6.9 - Stored Cross-Site Scripting (XSS)
Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
33RISK
open ↗Exploit-DB
Next.js Middleware 15.2.2 - Authorization Bypass
Authorization Bypass in Next.js Middleware
85RISK
open ↗Exploit-DB
IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow
IBM Security Verify Access HTTP open redirect
33RISK
open ↗Exploit-DB
Kubio AI Page Builder 2.5.1 - Local File Inclusion (LFI)
Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion
85RISK
open ↗Exploit-DB
Royal Elementor Addons and Templates 1.3.78 - Unauthenticated Arbitrary File Upload
Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload
60RISK
open ↗Exploit-DB
Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Explo
75RISK
open ↗Exploit-DB
Microchip TimeProvider 4100 (Configuration modules) 2.4.6 - OS Command Injection
Remote code Execution inTimeProvider® 4100
46RISK
open ↗Exploit-DB
AppSmith 1.47 - Remote Code Execution (RCE)
An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the
38RISK
open ↗Exploit-DB
ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials
Hard coded default credential contained in install package
41RISK
open ↗Exploit-DB
Vite 6.2.2 - Arbitrary File Read
Vite bypasses server.fs.deny when using `?raw??`
70RISK
open ↗Exploit-DB
Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure
Microsoft Office Spoofing Vulnerability
38RISK
open ↗Exploit-DB
Webmin Usermin 2.100 - Username Enumeration
A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid
48RISK
open ↗Exploit-DB
Elaine's Realtime CRM Automation 6.18.17 - Reflected XSS
A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to ex
33RISK
open ↗Exploit-DB
SAP NetWeaver - 7.53 - HTTP Request Smuggling
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and
100RISK
open ↗Exploit-DB
XWiki Standard 14.10 - Remote Code Execution (RCE)
XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks
53RISK
open ↗Exploit-DB
Progress Telerik Report Server 2024 Q1 (10.0.24.305) - Authentication Bypass
Registration Authentication Bypass Vulnerability
100RISK
open ↗Exploit-DB
Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE)
Rejetto HTTP File Server 2.3m Unauthenticated RCE
100RISK
open ↗Exploit-DB
Sonatype Nexus Repository 3.53.0-01 - Path Traversal
Nexus Repository 3 - Path Traversal
61RISK
open ↗Exploit-DB
CodeCanyon RISE CRM 3.7.0 - SQL Injection
CodeCanyon RISE Ultimate Project Manager save sql injection
38RISK
open ↗Exploit-DB
Litespeed Cache 6.5.0.1 - Authentication Bypass
WordPress LiteSpeed Cache plugin < 6.5.0.1 - Unauthenticated Account Takeover via Cookie Leak vulnerability
85RISK
open ↗Exploit-DB
MoziloCMS 3.0 - Remote Code Execution (RCE)
An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute a
46RISK
open ↗Exploit-DB
KubeSphere 3.4.0 - Insecure Direct Object Reference (IDOR)
An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSp
33RISK
open ↗Exploit-DB
NVIDIA Container Toolkit 1.16.1 - Time-of-check Time-of-Use (TOCTOU)
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with de
60RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.