Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit600
Authenticated RCE in Splunk (SimpleXML dashboard PDF generation)
CVE-2022-43571HIGH02 Nov 2022
Remote Code Execution through dashboard PDF generation component in Splunk Enterprise
41RISK
open
Metasploit600
Clinic's Patient Management System 1.0 - Unauthenticated RCE
CVE-2022-40471CRITICAL31 Oct 2022
Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via p
68RISK
open
Metasploit600
VMware NSX Manager XStream unauthenticated RCE
CVE-2021-39144HIGHunder attack25 Oct 2022
XStream is vulnerable to a Remote Command Execution attack
100RISK
open
Metasploit600
SolarWinds Information Service (SWIS) .NET Deserialization From AMQP RCE
CVE-2022-38108HIGH19 Oct 2022
SolarWinds Platform Deserialization of Untrusted Data
48RISK
open
Metasploit600
Zimbra sudo + postfix privilege escalation
CVE-2022-3569HIGH13 Oct 2022
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalat
36RISK
open
Metasploit600
Apache Commons Text RCE
CVE-2022-4288913 Oct 2022
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
60RISK
open
Metasploit600
Fortinet FortiOS, FortiProxy, and FortiSwitchManager authentication bypass.
CVE-2022-40684CRITICALunder attackransomware10 Oct 2022
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 an
100RISK
open
Metasploit600
GitLab GitHub Repo Import Deserialization RCE
CVE-2022-2992CRITICAL06 Oct 2022
A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows
85RISK
open
Metasploit600
Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload
CVE-2022-21587CRITICALunder attackransomware01 Oct 2022
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload).
100RISK
open
Metasploit600
Microsoft Exchange ProxyNotShell RCE
CVE-2022-41082HIGHunder attackransomware28 Sep 2022
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISK
open
Metasploit600
Microsoft Exchange ProxyNotShell RCE
CVE-2022-41040HIGHunder attackransomware28 Sep 2022
Microsoft Exchange Server Elevation of Privilege Vulnerability
100RISK
open
Metasploit600
mySCADA MyPRO Authenticated Command Injection (CVE-2023-28384)
CVE-2023-28384HIGH22 Sep 2022
CVE-2023-28384
48RISK
open
Metasploit300
Remote Control Collection RCE
CVE-2022-4978CRITICAL20 Sep 2022
Steppschuh Remote Control Server 3.1.1.12 Unauthenticated RCE
63RISK
open
Metasploit300
Mobile Mouse RCE
CVE-2023-31902CRITICAL20 Sep 2022
RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).
63RISK
open
Metasploit500
Ubuntu Enlightenment Mount Priv Esc
CVE-2022-37706HIGH13 Sep 2022
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and th
56RISK
open
Metasploit300
Syncovery For Linux Web-GUI Session Token Brute-Forcer
CVE-2022-3653606 Sep 2022
An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and be
18RISK
open
Metasploit600
Syncovery For Linux Web-GUI Authenticated Remote Command Execution
CVE-2022-3653406 Sep 2022
Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote c
30RISK
open
Metasploit500
pfSense plugin pfBlockerNG unauthenticated RCE as root
CVE-2022-31814CRITICAL05 Sep 2022
pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metachar
85RISK
open
Metasploit600
Symmetricom SyncServer Unauthenticated Remote Command Execution
CVE-2022-40022CRITICAL31 Aug 2022
Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.
85RISK
open
Metasploit400
WatchGuard XTM Firebox Unauthenticated Remote Command Execution
CVE-2022-26318CRITICALunder attack29 Aug 2022
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulner
100RISK
open
Metasploit600
Bitbucket Git Command Injection
CVE-2022-36804HIGHunder attack24 Aug 2022
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 bef
100RISK
open
Metasploit600
FLIR AX8 unauthenticated RCE
CVE-2022-3706119 Aug 2022
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This
60RISK
open
Metasploit300
Rancher Authenticated API Credential Exposure
CVE-2021-36782CRITICAL18 Aug 2022
Rancher: Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object
63RISK
open
Metasploit500
VMware Workspace ONE Access CVE-2022-31660
CVE-2022-3166002 Aug 2022
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A m
18RISK
open
Metasploit600
Softing Secure Integration Server v1.22 Remote Code Execution
CVE-2022-1373HIGH27 Jul 2022
Softing Secure Integration Server Relative Path Traversal
41RISK
open
Metasploit600
Softing Secure Integration Server v1.22 Remote Code Execution
CVE-2022-2334HIGH27 Jul 2022
Softing Secure Integration Server Uncontrolled Search Path Element
36RISK
open
Metasploit600
Webmin Package Updates RCE
CVE-2022-3644626 Jul 2022
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
60RISK
open
Metasploit600
Apache Spark Unauthenticated Command Injection RCE
CVE-2022-33891HIGHunder attack18 Jul 2022
Apache Spark shell command injection vulnerability via Spark UI
100RISK
open
Metasploit600
Roxy-WI Prior to 6.1.1.0 Unauthenticated Command Injection RCE
CVE-2022-31137CRITICAL06 Jul 2022
Unauthenticated Remote Code Execution in Roxy-WI
85RISK
open
Metasploit600
ManageEngine ADAudit Plus CVE-2022-28219
CVE-2022-2821929 Jun 2022
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote
60RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.