Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit300
Wordpress Plugin Catch Themes Demo Import RCE
CVE-2021-39352HIGH21 Oct 2021
Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Upload
48RISK
open
Metasploit400
Win32k NtGdiResetDC Use After Free Local Privilege Elevation
CVE-2021-40449HIGHunder attackransomware12 Oct 2021
Win32k Elevation of Privilege Vulnerability
100RISK
open
Metasploit600
WordPress Plugin Pie Register Auth Bypass to RCE
CVE-2025-34077CRITICAL08 Oct 2021
WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE
63RISK
open
Metasploit300
WordPress Plugin Perfect Survey 1.5.1 SQLi (Unauthenticated)
CVE-2021-2476205 Oct 2021
Perfect Survey < 1.5.2 - Unauthenticated SQL Injection
60RISK
open
Metasploit600
ManageEngine ADAudit Plus Authenticated File Write RCE
CVE-2021-4284701 Oct 2021
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
40RISK
open
Metasploit600
Microsoft Office Word Malicious MSHTML RCE
CVE-2021-40444HIGHunder attackransomware23 Sep 2021
Microsoft MSHTML Remote Code Execution Vulnerability
100RISK
open
Metasploit0
VMware vCenter vScalation Priv Esc
CVE-2021-2201521 Sep 2021
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and
18RISK
open
Metasploit600
VMware vCenter Server Analytics (CEIP) Service File Upload
CVE-2021-22005CRITICALunder attackransomware21 Sep 2021
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with netw
100RISK
open
Metasploit600
Hikvision IP Camera Unauthenticated Command Injection
CVE-2021-36260CRITICALunder attack18 Sep 2021
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation,
100RISK
open
Metasploit300
Wordpress BulletProof Security Backup Disclosure
CVE-2021-39327MEDIUM17 Sep 2021
BulletProof Security <= 5.1 Sensitive Information Disclosure
70RISK
open
Metasploit600
ManageEngine ServiceDesk Plus CVE-2021-44077
CVE-2021-44077CRITICALunder attack16 Sep 2021
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014
100RISK
open
Metasploit600
Microsoft OMI Management Interface Authentication Bypass
CVE-2021-38648HIGHunder attack14 Sep 2021
Open Management Infrastructure Elevation of Privilege Vulnerability
91RISK
open
Metasploit600
Microsoft OMI Management Interface Authentication Bypass
CVE-2021-38647CRITICALunder attackransomware14 Sep 2021
Open Management Infrastructure Remote Code Execution Vulnerability
100RISK
open
Metasploit600
ManageEngine ADSelfService Plus CVE-2021-40539
CVE-2021-40539CRITICALunder attackransomware07 Sep 2021
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resulta
100RISK
open
Metasploit300
Netgear PNPX_GetShareFolderList Authentication Bypass
CVE-2021-45511MEDIUM06 Sep 2021
Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021
33RISK
open
Metasploit300
WordPress Plugin Automatic Config Change to RCE
CVE-2021-4374CRITICAL06 Sep 2021
WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update
48RISK
open
Metasploit600
Atlassian Confluence WebWork OGNL Injection
CVE-2021-26084CRITICALunder attackransomware25 Aug 2021
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an un
100RISK
open
Metasploit300
Canon Driver Privilege Escalation
CVE-2021-3808507 Aug 2021
The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer pro
18RISK
open
Metasploit300
Pi-Hole Top Domains API Authenticated Exec
CVE-2021-32706HIGH04 Aug 2021
(Authenticated) Remote Code Execution Possible in Web Interface 5.5
48RISK
open
Metasploit600
ManageEngine OpManager SumPDU Java Deserialization
CVE-2020-2865326 Jul 2021
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution v
60RISK
open
Metasploit600
ManageEngine OpManager SumPDU Java Deserialization
CVE-2021-328726 Jul 2021
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the
30RISK
open
Metasploit300
Elasticsearch Memory Disclosure
CVE-2021-2214521 Jul 2021
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the abil
60RISK
open
Metasploit300
Windows SAM secrets leak - HiveNightmare
CVE-2021-36934HIGHunder attack20 Jul 2021
Windows Elevation of Privilege Vulnerability
98RISK
open
Metasploit300
Lexmark Driver Privilege Escalation
CVE-2021-3544915 Jul 2021
The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below,
18RISK
open
Metasploit600
Nagios XI Autodiscovery Webshell Upload
CVE-2021-3734315 Jul 2021
A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post au
23RISK
open
Metasploit300
Jetty WEB-INF File Disclosure
CVE-2021-34429MEDIUM15 Jul 2021
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characte
70RISK
open
Metasploit300
Jetty WEB-INF File Disclosure
CVE-2021-28164MEDIUM15 Jul 2021
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contai
70RISK
open
Metasploit600
Geutebruck Multiple Remote Command Execution
CVE-2021-33548HIGH08 Jul 2021
UDP Technology/Geutebrück camera devices: Command injection in preserve parameter leading to RCE
48RISK
open
Metasploit600
Geutebruck Multiple Remote Command Execution
CVE-2021-33551HIGH08 Jul 2021
UDP Technology/Geutebrück camera devices: Command injection in environment.lang parameter leading to RCE
48RISK
open
Metasploit600
Geutebruck Multiple Remote Command Execution
CVE-2021-33553HIGH08 Jul 2021
UDP Technology/Geutebrück camera devices: Command injection in command parameter leading to RCE
48RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.