Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
22,467 exploits
Exploit-DB
Nacos 2.0.3 - Access Control vulnerability
CVE-2021-4311603 Apr 2023
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on l
23RISK
open
Exploit-DB
sudo 1.8.0 to 1.9.12p1 - Privilege Escalation
CVE-2023-22809HIGH03 Apr 2023
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environmen
68RISK
open
Exploit-DB
GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration)
CVE-2022-31056CRITICAL03 Apr 2023
SQL injection with _actor parameter in GLPI
48RISK
open
Exploit-DB
sleuthkit 4.11.1 - Command Injection
CVE-2022-45639HIGH03 Apr 2023
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a cra
41RISK
open
Exploit-DB
Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload
CVE-2022-31161CRITICAL03 Apr 2023
Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload
68RISK
open
Exploit-DB
Reprise Software RLM v14.2BL4 - Cross-Site Scripting (XSS)
CVE-2022-30519MEDIUM01 Apr 2023
XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary c
33RISK
open
Exploit-DB
Enlightenment v0.25.3 - Privilege escalation
CVE-2022-37706HIGH01 Apr 2023
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and th
56RISK
open
Exploit-DB
Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS)
CVE-2022-4819701 Apr 2023
Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, Tree
38RISK
open
Exploit-DB
TP-Link TL-WR902AC firmware 210730 (V3) - Remote Code Execution (RCE) (Authenticated)
CVE-2022-48194HIGH01 Apr 2023
TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a De
53RISK
open
Exploit-DB
perfSONAR v4.4.5 - Partial Blind CSRF
CVE-2022-41413MEDIUM01 Apr 2023
perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attack
33RISK
open
Exploit-DB
Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated)
CVE-2022-44149HIGH01 Apr 2023
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by
53RISK
open
Exploit-DB
GitLab v15.3 - Remote Code Execution (RCE) (Authenticated)
CVE-2022-2884CRITICAL01 Apr 2023
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3
70RISK
open
Exploit-DB
Apache 2.4.x - Buffer Overflow
CVE-2021-4479001 Apr 2023
Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier
45RISK
open
Exploit-DB
Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE)
CVE-2022-44877CRITICALunder attack01 Apr 2023
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execut
100RISK
open
Exploit-DB
AD Manager Plus 7122 - Remote Code Execution (RCE)
CVE-2021-44228CRITICALunder attackransomware01 Apr 2023
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISK
open
Exploit-DB
rconfig 3.9.7 - Sql Injection (Authenticated)
CVE-2022-45030HIGH31 Mar 2023
A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may
41RISK
open
Exploit-DB
qubes-mirage-firewall v0.8.3 - Denial Of Service (DoS)
CVE-2022-46770HIGH31 Mar 2023
qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of s
61RISK
open
Exploit-DB
Cacti v1.2.22 - Remote Command Execution (RCE)
CVE-2022-46169CRITICALunder attack31 Mar 2023
Unauthenticated Command Injection
100RISK
open
Exploit-DB
EQ Enterprise management system v2.2.0 - SQL Injection
CVE-2022-45297CRITICAL31 Mar 2023
EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter.
48RISK
open
Exploit-DB
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
CVE-2022-24627CRITICAL30 Mar 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injec
68RISK
open
Exploit-DB
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
CVE-2022-24629CRITICAL30 Mar 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achie
60RISK
open
Exploit-DB
LISTSERV 17 - Reflected Cross Site Scripting (XSS)
CVE-2022-39195MEDIUM30 Mar 2023
A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary
48RISK
open
Exploit-DB
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
CVE-2022-2463230 Mar 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during f
28RISK
open
Exploit-DB
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
CVE-2022-2463030 Mar 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh
28RISK
open
Exploit-DB
LISTSERV 17 - Insecure Direct Object Reference (IDOR)
CVE-2022-40319HIGH30 Mar 2023
The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a
41RISK
open
Exploit-DB
CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token
CVE-2022-2841LOW30 Mar 2023
CrowdStrike Falcon Uninstallation authorization
28RISK
open
Exploit-DB
WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)
CVE-2022-1565HIGH29 Mar 2023
Import any XML or CSV File to WordPress <= 3.6.7 - Admin+ Malicious File Upload
46RISK
open
Exploit-DB
OPSWAT Metadefender Core - Privilege Escalation
CVE-2022-3227228 Mar 2023
OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5
23RISK
open
Exploit-DB
Tapo C310 RTSP server v1.3.0 - Unauthorised Video Stream Access
CVE-2022-37255HIGH28 Mar 2023
TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL07552646
41RISK
open
Exploit-DB
Pega Platform 8.1.0 - Remote Code Execution (RCE)
CVE-2022-24082CRITICAL28 Mar 2023
If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Inte
48RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.