Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
19,791 exploits
Referência
CVE-2017-12629
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction wi
60RISK
open ↗Referência
CVE-2010-0249
Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and S
100RISK
open ↗Referência
CVE-2015-8556
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
28RISK
open ↗Referência
CVE-2019-9193
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_serve
60RISK
open ↗Referência
CVE-2019-9193
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_serve
60RISK
open ↗Referência
CVE-2019-9193
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_serve
60RISK
open ↗Referência
CVE-2020-8657
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include
100RISK
open ↗Referência
CVE-2018-10933
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client coul
85RISK
open ↗Referência
CVE-2015-5531
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unsp
60RISK
open ↗Referência
CVE-2015-5531
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unsp
60RISK
open ↗Referência
CVE-2015-5531
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unsp
60RISK
open ↗Referência
CVE-2015-5531
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unsp
60RISK
open ↗Referência
CVE-2014-8739
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery
60RISK
open ↗Referência
CVE-2014-8739
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery
60RISK
open ↗Referência
CVE-2022-26352
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form req
100RISK
open ↗Referência
CVE-2017-16806
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory
60RISK
open ↗Referência
CVE-2018-16509
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handlin
60RISK
open ↗Referência
CVE-2018-3810
Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unau
60RISK
open ↗Referência
CVE-2009-3023
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authen
60RISK
open ↗Referência
CVE-2009-3023
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authen
60RISK
open ↗Referência
CVE-2023-27253
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attac
60RISK
open ↗Referência
CVE-2015-8556
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
28RISK
open ↗Referência
CVE-2017-12636
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include pa
60RISK
open ↗Referência
CVE-2017-12636
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include pa
60RISK
open ↗Referência
CVE-2017-3066
Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier hav
100RISK
open ↗Referência
D-Link DWL-2600AP - Multiple OS Command Injection
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmwa
45RISK
open ↗Referência
CVE-2016-6600
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remot
60RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.