Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
19,791 exploits
Referência
CVE-2018-1002105
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upg
70RISK
open
Referência
CVE-2018-9276
CVE-2018-9276HIGHunder attack
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RISK
open
Referência
CVE-2018-9276
CVE-2018-9276HIGHunder attack
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RISK
open
Referência
CVE-2018-9276
CVE-2018-9276HIGHunder attack
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RISK
open
Referência
Alt-N SecurityGateway 1.00-1.01 - Remote Stack Overflow
Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers t
60RISK
open
Referência
CVE-2010-1743
SQL injection vulnerability in projects.php in Scratcher allows remote attackers to execute arbitrary SQL commands via t
23RISK
open
Referência
CVE-2016-6603
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users v
45RISK
open
Referência
CVE-2016-6603
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users v
45RISK
open
Referência
CVE-2021-24762
Perfect Survey < 1.5.2 - Unauthenticated SQL Injection
60RISK
open
Referência
CVE-2020-0674
CVE-2020-0674HIGHunder attack
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet
93RISK
open
Referência
CVE-2020-0674
CVE-2020-0674HIGHunder attack
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet
93RISK
open
Referência
CVE-2020-0674
CVE-2020-0674HIGHunder attack
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet
93RISK
open
Referência
CVE-2015-8103
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary co
60RISK
open
Referência
CVE-2015-8103
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary co
60RISK
open
Referência
CVE-2018-1160
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking
70RISK
open
Referência
CVE-2018-1160
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking
70RISK
open
Referência
CVE-2018-1160
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking
70RISK
open
Referência
CVE-2018-1160
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking
70RISK
open
Referência
CVE-2020-13151
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs)
60RISK
open
Referência
CVE-2020-13151
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs)
60RISK
open
Referência
CVE-2017-5816
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
60RISK
open
Referência
CVE-2017-5816
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
60RISK
open
Referência
CVE-2021-32305
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search paramet
60RISK
open
Referência
CVE-2015-2426
CVE-2015-2426HIGHunder attack
Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2
100RISK
open
Referência
CVE-2020-8644
CVE-2020-8644CRITICALunder attack
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
100RISK
open
Referência
CVE-2018-10661
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
60RISK
open
Referência
CVE-2026-7113
NousResearch hermes-agent Webhooks Endpoint webhook.py missing authentication
33RISK
open
Referência
CVE-2026-7112
NousResearch hermes-agent API_SERVER_KEY api_server.py _check_auth improper authentication
33RISK
open
Referência
CVE-2026-7110
code-projects Invoice System in Laravel item cross site scripting
33RISK
open
Referência
CVE-2026-7109
code-projects Invoice System in Laravel API Endpoint item improper authorization
33RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.