Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
19,791 exploits
Referência
CVE-2017-0145
CVE-2017-0145HIGHunder attackransomware
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISK
open
Referência
CVE-2024-7954
SPIP porte_plume Plugin Arbitrary PHP Execution
85RISK
open
Referência
CVE-2016-1525
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allow
60RISK
open
Referência
CVE-2010-3209
Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 allow remote attackers to execute arbitrary PHP code
23RISK
open
Referência
CVE-2024-13160
CVE-2024-13160CRITICALunder attack
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Up
100RISK
open
Referência
CVE-2025-37164
CVE-2025-37164CRITICALunder attack
A remote code execution issue exists in HPE OneView.
100RISK
open
Referência
CVE-2019-7195
CVE-2019-7195CRITICALunder attackransomware
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fi
100RISK
open
Referência
CVE-2018-7358
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper cha
55RISK
open
Referência
CVE-2019-17621
CVE-2019-17621CRITICALunder attack
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated rem
100RISK
open
Referência
CVE-2018-4878
CVE-2018-4878HIGHunder attackransomware
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to
93RISK
open
Referência
CVE-2018-14417
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particul
45RISK
open
Referência
CVE-2015-7547
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C
45RISK
open
Referência
CVE-2015-7547
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C
45RISK
open
Referência
CVE-2015-7547
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C
45RISK
open
Referência
CVE-2015-7547
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C
45RISK
open
Referência
CVE-2015-7547
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C
45RISK
open
Referência
CVE-2015-7547
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C
45RISK
open
Referência
CVE-2025-64446
CVE-2025-64446CRITICALunder attack
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISK
open
Referência
CVE-2016-2776
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly
60RISK
open
Referência
CVE-2020-0601
CVE-2020-0601HIGHunder attack
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) c
93RISK
open
Referência
CVE-2020-0601
CVE-2020-0601HIGHunder attack
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) c
93RISK
open
Referência
CVE-2020-2096
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a ref
60RISK
open
Referência
CVE-2020-25213
CVE-2020-25213CRITICALunder attack
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
100RISK
open
Referência
CVE-2014-2623
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown
60RISK
open
Referência
CVE-2014-2623
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown
60RISK
open
Referência
CVE-2014-2623
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown
60RISK
open
Referência
CVE-2014-2623
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown
60RISK
open
Referência
CVE-2022-24716
Path traversal in Icinga Web 2
78RISK
open
Referência
CVE-2018-15708
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP r
60RISK
open
Referência
CVE-2018-15708
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP r
60RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.