Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,002cataloged exploits
31,582CVEs with public exploitation
AllExploit-DB 22,467Referência 19,780GitHub PoC 13,048VulnCheck XDB 8,060Nuclei 4,185Metasploit 3,462recentpopularrisk
3,462 exploits
Metasploit600
MajorDoMo Remote Command Injection via cycle_execs Race Condition
MajorDoMo Command Injection in rc/index.php via Race Condition
43RISK
open ↗Metasploit600
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution
Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
100RISK
open ↗Metasploit600
Tactical RMM Jinja2 SSTI Remote Code Execution
A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactica
36RISK
open ↗Metasploit600
Ivanti Endpoint Manager Mobile (EPMM) unauthenticated RCE
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
100RISK
open ↗Metasploit600
Ivanti Endpoint Manager Mobile (EPMM) unauthenticated RCE
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
100RISK
open ↗Metasploit500
SolarWinds Web Help Desk unauthenticated RCE
SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability
95RISK
open ↗Metasploit500
SolarWinds Web Help Desk unauthenticated RCE
SolarWinds Web Help Desk Security Control Bypass Vulnerability
100RISK
open ↗Metasploit500
HUSTOJ Admin users can zip-slip problem_import_qduoj.php, planting PHP files in webroot for RCE
HUSTOJ has Arbitrary File Write (Zip Slip) in Problem Import Modules that leads to RCE
63RISK
open ↗Metasploit500
GNU Inetutils Telnet Authentication Bypass Exploit CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open ↗Metasploit300
osTicket Arbitrary File Read via PHP Filter Chains in mPDF
osTicket (1.18.x < 1.18.3, 1.17.x < 1.17.7) PDF Export Arbitrary File Read
58RISK
open ↗Metasploit600
AVideo notify.ffmpeg.json.php Unauthenticated RCE via Salt Discovery
AVideo < 20.1 System Path Disclosure via Public API
28RISK
open ↗Metasploit300
MongoDB Memory Disclosure (CVE-2025-14847) - Mongobleed
Zlib compressed protocol header length confusion may allow memory read
100RISK
open ↗Metasploit600
AVideo notify.ffmpeg.json.php Unauthenticated RCE via Salt Discovery
AVideo < 20.1 User Information Disclosure via Public API
28RISK
open ↗Metasploit600
AVideo notify.ffmpeg.json.php Unauthenticated RCE via Salt Discovery
AVideo < 20.1 Unauthenticated RCE via Predictable Installation Salt
63RISK
open ↗Metasploit300
ChurchCRM Database Restore RCE 6.2.0
ChurchCRM vulnerable to RCE with database restore functionality
43RISK
open ↗Metasploit600
ChurchCRM Unauthenticated RCE via Setup Page
ChurchCRM has unauthenticated RCE in its Install Wizard
43RISK
open ↗Metasploit600
FreeBSD rtsold/rtsol DNSSL Command Injection
Remote code execution via ND6 Router Advertisements
56RISK
open ↗Metasploit600
HPE OneView unauthenticated RCE
A remote code execution issue exists in HPE OneView.
100RISK
open ↗Metasploit600
Control Web Panel /admin/index.php Unauthenticated RCE
An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. User input passed via the "key" GET parameter to /
56RISK
open ↗Metasploit600
FreePBX firmware file upload
FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header
63RISK
open ↗Metasploit600
FreePBX endpoint SQLi to RCE
FreePBX Endpoint Manager vulnerable to authenticated SQL injection in multiple configuration parameters
48RISK
open ↗Metasploit300
FreePBX Custom Extension SQL Injection
FreePBX Endpoint Manager vulnerable to authenticated SQL injection in multiple configuration parameters
48RISK
open ↗Metasploit300
FreePBX Custom Extension SQL Injection
FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header
63RISK
open ↗Metasploit600
FreePBX endpoint SQLi to RCE
FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header
63RISK
open ↗Metasploit600
FreePBX firmware file upload
FreePBX Endpoint Manager vulnerable to authenticated arbitrary file upload via fwbrand parameter
48RISK
open ↗Metasploit300
Gladinet CentreStack/Triofox Access Ticket Forge
Gladinet CentreStack and TrioFox Hard Coded AES Keys
98RISK
open ↗Metasploit600
Unauthenticated RCE in React Server Components (React2Shell)
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISK
open ↗Metasploit600
WordPress ACF Extended Unauthenticated RCE via prepare_form()
Advanced Custom Fields: Extended 0.9.0.5 - 0.9.1.1 - Unauthenticated Remote Code Execution in prepare_form
85RISK
open ↗Metasploit600
Eclipse Che machine-exec Unauthenticated RCE
Github.com/che-incubator/che-code: eclipse che — unauthenticated rce and secret exfiltration via tcp/3333
43RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.