Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
19,791 exploits
Referência
CVE-2026-7095
code-projects Employee Management System edit.php cross site scripting
33RISK
open ↗Referência
CVE-2026-7094
ShadowCloneLabs GlutamateMCPServers puppeteer_navigate index.ts server-side request forgery
33RISK
open ↗Referência
CVE-2020-28949
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper
100RISK
open ↗Referência
CVE-2013-3214
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
60RISK
open ↗Referência
CVE-2018-6000
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpn
60RISK
open ↗Referência
CVE-2018-6000
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpn
60RISK
open ↗Referência
CVE-2018-17431
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication
60RISK
open ↗Referência
Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
ingress-nginx controller - configuration injection via unsanitized mirror annotations
78RISK
open ↗Referência
CVE-2019-12314
Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as
60RISK
open ↗Referência
CVE-2014-6037
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8
60RISK
open ↗Referência
CVE-2014-6037
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8
60RISK
open ↗Referência
CVE-2014-0556
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS
60RISK
open ↗Referência
CVE-2014-0556
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS
60RISK
open ↗Referência
CVE-2015-2857
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metach
60RISK
open ↗Referência
CVE-2015-2857
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metach
60RISK
open ↗Referência
CVE-2017-0213
Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Ser
93RISK
open ↗Referência
CVE-2017-8759
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely vi
93RISK
open ↗Referência
CVE-2022-24990
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agen
100RISK
open ↗Referência
CVE-2020-5722
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafte
100RISK
open ↗Referência
CVE-2020-5722
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafte
100RISK
open ↗Referência
CVE-2011-4885
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions pre
60RISK
open ↗Referência
CVE-2018-17463
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbit
100RISK
open ↗Referência
CVE-2009-2265
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable fil
60RISK
open ↗Referência
rConfig 3.9.4 - 'search.crud.php' Remote Command Injection
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nod
45RISK
open ↗Referência
CVE-2019-1620
Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability
85RISK
open ↗Referência
CVE-2019-1620
Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability
85RISK
open ↗Referência
CVE-2015-3035
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.