Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
19,791 exploits
Referência
CVE-2015-2996
Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrar
60RISK
open ↗Referência
CVE-2018-1999002
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framewor
45RISK
open ↗Referência
CVE-2020-10915
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.
85RISK
open ↗Referência
CVE-2022-31814
pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metachar
85RISK
open ↗Referência
CVE-2019-4716
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated use
100RISK
open ↗Referência
CVE-2018-6961
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web U
100RISK
open ↗Referência
CVE-2020-14295
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead
60RISK
open ↗Referência
CVE-2020-14295
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead
60RISK
open ↗Referência
CVE-2013-7091
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zim
60RISK
open ↗Referência
CVE-2013-7091
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zim
60RISK
open ↗Referência
CVE-2022-2992
A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows
85RISK
open ↗Referência
CVE-2010-1743
SQL injection vulnerability in projects.php in Scratcher allows remote attackers to execute arbitrary SQL commands via t
23RISK
open ↗Referência
CVE-2026-1731
Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
100RISK
open ↗Referência
CVE-2020-2038
PAN-OS: OS command injection vulnerability in the management web interface
78RISK
open ↗Referência
CVE-2020-2038
PAN-OS: OS command injection vulnerability in the management web interface
78RISK
open ↗Referência
CVE-2020-11652
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISK
open ↗Referência
CVE-2020-11652
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISK
open ↗Referência
CVE-2017-5255
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web
60RISK
open ↗Referência
CVE-2013-3893
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 throug
100RISK
open ↗Referência
CVE-2013-1493
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and
60RISK
open ↗Referência
CVE-2014-0226
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denia
45RISK
open ↗Referência
CVE-2009-3129
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Conv
100RISK
open ↗Referência
CVE-2021-29447
WordPress Authenticated XXE attack when installation is running PHP 8
63RISK
open ↗Referência
CVE-2021-29447
WordPress Authenticated XXE attack when installation is running PHP 8
63RISK
open ↗Referência
CVE-2019-15975
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
85RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.