Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
19,791 exploits
Referência
CVE-2020-3243
Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
85RISK
open ↗Referência
CVE-2022-37042
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts fi
100RISK
open ↗Referência
CVE-2019-7192
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix the
100RISK
open ↗Referência
CVE-2021-24145
Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE
60RISK
open ↗Referência
CVE-2021-24145
Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE
60RISK
open ↗Referência
CVE-2021-20837
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movab
60RISK
open ↗Referência
CVE-2021-20837
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movab
60RISK
open ↗Referência
CVE-2020-35729
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
60RISK
open ↗Referência
CVE-2020-35729
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
60RISK
open ↗Referência
CVE-2020-35729
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
60RISK
open ↗Referência
CVE-2017-17411
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authe
60RISK
open ↗Referência
CVE-2016-9079
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been dis
100RISK
open ↗Referência
CVE-2016-9079
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been dis
100RISK
open ↗Referência
CVE-2015-2080
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive informat
60RISK
open ↗Referência
CVE-2018-17128
A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.
45RISK
open ↗Referência
ProFTPd - 'mod_mysql' Authentication Bypass
SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL co
45RISK
open ↗Referência
CVE-2023-5222
Viessmann Vitogate 300 Web Management Interface vitogate.cgi isValidUser hard-coded password
70RISK
open ↗Referência
CVE-2004-2466
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username
60RISK
open ↗Referência
CVE-2004-2466
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username
60RISK
open ↗Referência
CVE-2010-3653
The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrar
60RISK
open ↗Referência
CVE-2014-8361
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClien
100RISK
open ↗Referência
CVE-2016-1542
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and U
60RISK
open ↗Referência
CVE-2016-1542
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and U
60RISK
open ↗Referência
CVE-2016-1542
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and U
60RISK
open ↗Referência
CVE-2018-7584
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer
45RISK
open ↗Referência
CVE-2018-7357
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper acc
55RISK
open ↗Referência
CVE-2018-8174
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows
93RISK
open ↗Referência
CVE-2009-0658
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitra
60RISK
open ↗Referência
Adobe Acrobat Reader - JBIG2 Local Buffer Overflow (PoC) (2)
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitra
60RISK
open ↗Referência
CVE-2015-0240
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1
60RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.