Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
19,791 exploits
Referência
CVE-2018-1002105
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upg
70RISK
open ↗Referência
CVE-2018-9276
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RISK
open ↗Referência
CVE-2018-9276
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RISK
open ↗Referência
CVE-2018-9276
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RISK
open ↗Referência
Alt-N SecurityGateway 1.00-1.01 - Remote Stack Overflow
Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers t
60RISK
open ↗Referência
CVE-2010-1743
SQL injection vulnerability in projects.php in Scratcher allows remote attackers to execute arbitrary SQL commands via t
23RISK
open ↗Referência
CVE-2016-6603
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users v
45RISK
open ↗Referência
CVE-2016-6603
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users v
45RISK
open ↗Referência
CVE-2020-0674
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet
93RISK
open ↗Referência
CVE-2020-0674
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet
93RISK
open ↗Referência
CVE-2020-0674
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet
93RISK
open ↗Referência
CVE-2015-8103
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary co
60RISK
open ↗Referência
CVE-2015-8103
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary co
60RISK
open ↗Referência
CVE-2018-1160
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking
70RISK
open ↗Referência
CVE-2018-1160
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking
70RISK
open ↗Referência
CVE-2018-1160
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking
70RISK
open ↗Referência
CVE-2018-1160
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking
70RISK
open ↗Referência
CVE-2020-13151
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs)
60RISK
open ↗Referência
CVE-2020-13151
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs)
60RISK
open ↗Referência
CVE-2017-5816
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
60RISK
open ↗Referência
CVE-2017-5816
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
60RISK
open ↗Referência
CVE-2021-32305
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search paramet
60RISK
open ↗Referência
CVE-2015-2426
Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2
100RISK
open ↗Referência
CVE-2020-8644
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
100RISK
open ↗Referência
CVE-2018-10661
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
60RISK
open ↗Referência
CVE-2026-7113
NousResearch hermes-agent Webhooks Endpoint webhook.py missing authentication
33RISK
open ↗Referência
CVE-2026-7112
NousResearch hermes-agent API_SERVER_KEY api_server.py _check_auth improper authentication
33RISK
open ↗Referência
CVE-2026-7110
code-projects Invoice System in Laravel item cross site scripting
33RISK
open ↗Referência
CVE-2026-7109
code-projects Invoice System in Laravel API Endpoint item improper authorization
33RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.