Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
19,791 exploits
Referência
CVE-2020-3243
Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
85RISK
open
Referência
CVE-2022-37042
CVE-2022-37042CRITICALunder attackransomware
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts fi
100RISK
open
Referência
CVE-2019-7192
CVE-2019-7192CRITICALunder attackransomware
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix the
100RISK
open
Referência
CVE-2021-24145
Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE
60RISK
open
Referência
CVE-2021-24145
Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE
60RISK
open
Referência
CVE-2021-20837
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movab
60RISK
open
Referência
CVE-2021-20837
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movab
60RISK
open
Referência
CVE-2020-35729
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
60RISK
open
Referência
CVE-2020-35729
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
60RISK
open
Referência
CVE-2020-35729
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
60RISK
open
Referência
CVE-2017-17411
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authe
60RISK
open
Referência
CVE-2016-9079
CVE-2016-9079HIGHunder attack
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been dis
100RISK
open
Referência
CVE-2016-9079
CVE-2016-9079HIGHunder attack
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been dis
100RISK
open
Referência
CVE-2015-2080
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive informat
60RISK
open
Referência
CVE-2018-17128
A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.
45RISK
open
Referência
ProFTPd - 'mod_mysql' Authentication Bypass
SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL co
45RISK
open
Referência
CVE-2023-5222
Viessmann Vitogate 300 Web Management Interface vitogate.cgi isValidUser hard-coded password
70RISK
open
Referência
CVE-2004-2466
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username
60RISK
open
Referência
CVE-2004-2466
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username
60RISK
open
Referência
CVE-2010-3653
The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrar
60RISK
open
Referência
CVE-2014-8361
CVE-2014-8361CRITICALunder attack
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClien
100RISK
open
Referência
CVE-2016-1542
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and U
60RISK
open
Referência
CVE-2016-1542
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and U
60RISK
open
Referência
CVE-2016-1542
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and U
60RISK
open
Referência
CVE-2018-7584
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer
45RISK
open
Referência
CVE-2018-7357
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper acc
55RISK
open
Referência
CVE-2018-8174
CVE-2018-8174HIGHunder attackransomware
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows
93RISK
open
Referência
CVE-2009-0658
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitra
60RISK
open
Referência
Adobe Acrobat Reader - JBIG2 Local Buffer Overflow (PoC) (2)
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitra
60RISK
open
Referência
CVE-2015-0240
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1
60RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.