Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
22,467 exploits
Exploit-DB
Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure
CVE-2020-5330HIGH05 Apr 2023
Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22
46RISK
open
Exploit-DB
BTCPay Server v1.7.4 - HTML Injection
CVE-2023-0493MEDIUM05 Apr 2023
Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver
33RISK
open
Exploit-DB
ImageMagick 7.1.0-49 - Arbitrary File Read
CVE-2022-44268MEDIUM05 Apr 2023
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulti
55RISK
open
Exploit-DB
Apache Tomcat 10.1 - Denial Of Service
CVE-2022-2988505 Apr 2023
EncryptInterceptor does not provide complete protection on insecure networks
45RISK
open
Exploit-DB
Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)
CVE-2022-44877CRITICALunder attack05 Apr 2023
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execut
100RISK
open
Exploit-DB
Froxlor 2.0.3 Stable - Remote Code Execution (RCE)
CVE-2023-0315HIGH05 Apr 2023
Command Injection in froxlor/froxlor
78RISK
open
Exploit-DB
D-Link DIR-846 - Remote Command Execution (RCE) vulnerability
CVE-2022-46552HIGH05 Apr 2023
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan
46RISK
open
Exploit-DB
ImageMagick 7.1.0-49 - DoS
CVE-2022-44267MEDIUM05 Apr 2023
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert proc
55RISK
open
Exploit-DB
Liferay Portal 6.2.5 - Insecure Permissions
CVE-2021-33990CRITICAL05 Apr 2023
Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The
53RISK
open
Exploit-DB
Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)
CVE-2022-2846MEDIUM05 Apr 2023
Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS
33RISK
open
Exploit-DB
Answerdev 1.0.3 - Account Takeover
CVE-2023-0744CRITICAL05 Apr 2023
Improper Access Control in answerdev/answer
48RISK
open
Exploit-DB
itech TrainSmart r1044 - SQL injection
CVE-2021-36520HIGH05 Apr 2023
A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a evaluation/assign-evaluation?id= URI.
41RISK
open
Exploit-DB
Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)
CVE-2023-23286MEDIUM05 Apr 2023
Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the s
33RISK
open
Exploit-DB
ERPNext 12.29 - Cross-Site Scripting (XSS)
CVE-2022-2859805 Apr 2023
Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-contro
23RISK
open
Exploit-DB
Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)
CVE-2023-0214MEDIUM05 Apr 2023
XSS in Skyhigh Security SWG
33RISK
open
Exploit-DB
CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)
CVE-2022-48110MEDIUM05 Apr 2023
CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CK
33RISK
open
Exploit-DB
SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS)
CVE-2022-47870MEDIUM03 Apr 2023
A Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows r
33RISK
open
Exploit-DB
Art Gallery Management System Project v1.0 - SQL Injection (editid) authenticated
CVE-2023-2316303 Apr 2023
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parame
23RISK
open
Exploit-DB
sudo 1.8.0 to 1.9.12p1 - Privilege Escalation
CVE-2023-22809HIGH03 Apr 2023
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environmen
68RISK
open
Exploit-DB
GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin
CVE-2022-34125MEDIUM03 Apr 2023
front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive informati
33RISK
open
Exploit-DB
WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE
CVE-2020-25213CRITICALunder attack03 Apr 2023
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
100RISK
open
Exploit-DB
GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin
CVE-2022-34127HIGH03 Apr 2023
The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.p
41RISK
open
Exploit-DB
Roxy WI v6.1.0.0 - Improper Authentication Control
CVE-2022-31125CRITICAL03 Apr 2023
Authentication Bypass in Roxy-wi
53RISK
open
Exploit-DB
Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
CVE-2023-0084HIGH03 Apr 2023
Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting
46RISK
open
Exploit-DB
Paid Memberships Pro v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection
CVE-2023-23488CRITICAL03 Apr 2023
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerabilit
85RISK
open
Exploit-DB
GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration)
CVE-2022-31056CRITICAL03 Apr 2023
SQL injection with _actor parameter in GLPI
48RISK
open
Exploit-DB
Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)
CVE-2022-31126CRITICAL03 Apr 2023
Unauthenticated Remote Code Execution in Roxy-wi
75RISK
open
Exploit-DB
Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload
CVE-2022-31161CRITICAL03 Apr 2023
Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload
68RISK
open
Exploit-DB
Art Gallery Management System Project v1.0 - SQL Injection (cid) Unauthenticated
CVE-2023-2316203 Apr 2023
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter
23RISK
open
Exploit-DB
GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE)
CVE-2022-34128CRITICAL03 Apr 2023
The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data
48RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.