Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
22,467 exploits
Exploit-DB
RosarioSIS 10.8.4 - CSV Injection
CVE-2023-29918MEDIUM28 Jul 2023
RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.
33RISK
open
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
CVE-2023-3843LOW28 Jul 2023
mooSocial mooDating URL question cross site scripting
43RISK
open
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
CVE-2023-3846LOW28 Jul 2023
mooSocial mooDating URL pages cross site scripting
43RISK
open
Exploit-DB
WordPress Plugin AN_Gradebook 5.0.1 - SQLi
CVE-2023-263628 Jul 2023
AN_GradeBook <= 5.0.1 - Subscriber+ SQLi
23RISK
open
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
CVE-2023-3845LOW28 Jul 2023
mooSocial mooDating URL ajax_invite cross site scripting
43RISK
open
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
CVE-2023-3847LOW28 Jul 2023
mooSocial mooDating URL users cross site scripting
43RISK
open
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
CVE-2023-3848LOW28 Jul 2023
mooSocial mooDating URL view cross site scripting
43RISK
open
Exploit-DB
copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)
CVE-2023-38501MEDIUM28 Jul 2023
copyparty vulnerable to reflected cross-site scripting via k304 parameter
48RISK
open
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
CVE-2023-3844LOW28 Jul 2023
mooSocial mooDating URL friends cross site scripting
43RISK
open
Exploit-DB
mooDating 1.2 - Reflected Cross-site scripting (XSS)
CVE-2023-3849LOW28 Jul 2023
mooSocial mooDating URL find-a-match cross site scripting
43RISK
open
Exploit-DB
pfSense v2.7.0 - OS Command Injection
CVE-2023-2725320 Jul 2023
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attac
60RISK
open
Exploit-DB
Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE.
CVE-2023-33148HIGH20 Jul 2023
Microsoft Office Elevation of Privilege Vulnerability
41RISK
open
Exploit-DB
RWS WorldServer 11.7.3 - Session Token Enumeration
CVE-2023-3835720 Jul 2023
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized a
23RISK
open
Exploit-DB
ABB FlowX v4.00 - Exposure of Sensitive Information
CVE-2023-1258MEDIUM19 Jul 2023
Flow-X disclosure of sensitive information to unauthenticated users
33RISK
open
Exploit-DB
Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution
CVE-2022-28171HIGH19 Jul 2023
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to t
53RISK
open
Exploit-DB
Online Piggery Management System v1.0 - unauthenticated file upload vulnerability
CVE-2023-3762919 Jul 2023
Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by send
43RISK
open
Exploit-DB
Icinga Web 2.10 - Authenticated Remote Code Execution
CVE-2022-24715HIGH15 Jul 2023
Arbitrary code execution for authenticated users in Icinga Web 2
46RISK
open
Exploit-DB
Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass
CVE-2019-1937CRITICAL15 Jul 2023
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability
85RISK
open
Exploit-DB
WinterCMS < 1.2.3 - Persistent Cross-Site Scripting
CVE-2023-37269LOW15 Jul 2023
Winter CMS vulnerable to stored XSS through privileged upload of SVG file
28RISK
open
Exploit-DB
BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)
CVE-2023-3616311 Jul 2023
Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote attacker to execute arbitrary code
23RISK
open
Exploit-DB
Spring Cloud 3.2.2 - Remote Command Execution (RCE)
CVE-2022-22963CRITICALunder attack11 Jul 2023
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is po
100RISK
open
Exploit-DB
Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution
CVE-2022-21907CRITICAL07 Jul 2023
HTTP Protocol Stack Remote Code Execution Vulnerability
70RISK
open
Exploit-DB
Microsoft Outlook Microsoft 365 MSO (Version 2306 Build 16.0.16529.20100) 32-bit - Remote Code Execution
CVE-2023-33131HIGH07 Jul 2023
Microsoft Outlook Remote Code Execution Vulnerability
41RISK
open
Exploit-DB
Lost and Found Information System v1.0 - SQL Injection
CVE-2023-3359206 Jul 2023
Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lf
23RISK
open
Exploit-DB
Microsoft Edge 114.0.1823.67 (64-bit) - Information Disclosure
CVE-2023-33145MEDIUM06 Jul 2023
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
33RISK
open
Exploit-DB
POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)
CVE-2023-3634803 Jul 2023
POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename p
23RISK
open
Exploit-DB
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE)
CVE-2023-33137HIGH03 Jul 2023
Microsoft Excel Remote Code Execution Vulnerability
41RISK
open
Exploit-DB
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)
CVE-2023-28285HIGH03 Jul 2023
Microsoft Office Remote Code Execution Vulnerability
41RISK
open
Exploit-DB
WP AutoComplete 1.0.4 - Unauthenticated SQLi
CVE-2022-4297CRITICAL03 Jul 2023
WP AutoComplete Search <= 1.0.4 - Unauthenticated SQLi
48RISK
open
Exploit-DB
FuguHub 8.1 - Remote Code Execution
CVE-2023-24078HIGH03 Jul 2023
Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the c
53RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.