Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
22,467 exploits
Exploit-DB
Axigen < 10.3.3.47_ 10.2.3.12 - Reflected XSS
CVE-2022-3147008 Sep 2023
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12
50RISK
open
Exploit-DB
SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection
CVE-2023-4548MEDIUM08 Sep 2023
SPA-Cart eCommerce CMS GET Parameter search sql injection
38RISK
open
Exploit-DB
Wordpress Plugin Elementor 3.5.5 - Iframe Injection
CVE-2022-495308 Sep 2023
Elementor < 3.5.5 - Iframe Injection
23RISK
open
Exploit-DB
Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities
CVE-2023-3472308 Sep 2023
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information
23RISK
open
Exploit-DB
Ivanti Avalanche <v6.4.0.0 - Remote Code Execution
CVE-2023-32560HIGH04 Sep 2023
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disrup
78RISK
open
Exploit-DB
FileMage Gateway 1.10.9 - Local File Inclusion
CVE-2023-3902604 Sep 2023
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker t
43RISK
open
Exploit-DB
WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)
CVE-2022-25148CRITICAL04 Sep 2023
WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via current_page_id
85RISK
open
Exploit-DB
AdminLTE PiHole 5.18 - Broken Access Control
CVE-2022-23513MEDIUM04 Sep 2023
Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint
45RISK
open
Exploit-DB
SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS
CVE-2023-4547LOW04 Sep 2023
SPA-Cart eCommerce CMS search cross site scripting
55RISK
open
Exploit-DB
Credit Lite 1.5.4 - SQL Injection
CVE-2023-4407MEDIUM04 Sep 2023
Codecanyon Credit Lite POST Request account_statement sql injection
33RISK
open
Exploit-DB
Hyip Rio 2.1 - Arbitrary File Upload
CVE-2023-4382LOW04 Sep 2023
tdevs Hyip Rio Profile Settings settings cross site scripting
28RISK
open
Exploit-DB
Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)
CVE-2023-3775921 Aug 2023
Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticat
23RISK
open
Exploit-DB
TP-Link Archer AX21 - Unauthenticated Command Injection
CVE-2023-1389HIGHunder attack10 Aug 2023
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability i
100RISK
open
Exploit-DB
mooSocial 3.1.8 - Reflected XSS
CVE-2023-4173LOW08 Aug 2023
mooSocial mooStore index cross site scripting
43RISK
open
Exploit-DB
Social-Commerce 3.1.6 - Reflected XSS
CVE-2023-4174LOW08 Aug 2023
mooSocial mooStore cross site scripting
43RISK
open
Exploit-DB
Emagic Data Center Management Suite v6.0 - OS Command Injection
CVE-2023-37569HIGH08 Aug 2023
OS Command Injection Vulnerability in Emagic Data Center Management Suite
46RISK
open
Exploit-DB
Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)
CVE-2023-2968908 Aug 2023
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template in
35RISK
open
Exploit-DB
Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure
CVE-2023-4168MEDIUM08 Aug 2023
Templatecookie Adlisting Redirect ad-list information disclosure
60RISK
open
Exploit-DB
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
CVE-2023-279604 Aug 2023
EventON < 2.1.2 - Unauthenticated Event Access
50RISK
open
Exploit-DB
Shelly PRO 4PM v0.11.0 - Authentication Bypass
CVE-2023-3338304 Aug 2023
Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition t
23RISK
open
Exploit-DB
PHPJabbers Rental Property Booking 2.0 - Reflected XSS
CVE-2023-4117MEDIUM04 Aug 2023
PHP Jabbers Rental Property Booking index.php cross site scripting
33RISK
open
Exploit-DB
PHPJabbers Service Booking Script 1.0 - Reflected XSS
CVE-2023-4113MEDIUM04 Aug 2023
PHP Jabbers Service Booking Script index.php cross site scripting
48RISK
open
Exploit-DB
PHPJabbers Cleaning Business 1.0 - Reflected XSS
CVE-2023-4115MEDIUM04 Aug 2023
PHP Jabbers Cleaning Business index.php cross site scripting
48RISK
open
Exploit-DB
PHPJabbers Taxi Booking 2.0 - Reflected XSS
CVE-2023-4116MEDIUM04 Aug 2023
PHP Jabbers Taxi Booking index.php cross site scripting
48RISK
open
Exploit-DB
PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS
CVE-2023-4112MEDIUM04 Aug 2023
PHP Jabbers Shuttle Booking Software index.php cross site scripting
48RISK
open
Exploit-DB
WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS
CVE-2023-37979HIGH04 Aug 2023
WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Cross Site Scripting (XSS)
56RISK
open
Exploit-DB
Academy LMS 6.0 - Reflected XSS
CVE-2023-4119MEDIUM04 Aug 2023
Academy LMS courses cross site scripting
33RISK
open
Exploit-DB
PHPJabbers Night Club Booking 1.0 - Reflected XSS
CVE-2023-4114MEDIUM04 Aug 2023
PHP Jabbers Night Club Booking Software index.php cross site scripting
48RISK
open
Exploit-DB
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
CVE-2023-321904 Aug 2023
EventON < 2.1.2 - Unauthenticated Post Access via IDOR
38RISK
open
Exploit-DB
Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)
CVE-2023-3914731 Jul 2023
An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafte
23RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.