Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
3,462 exploits
Metasploit600
Cisco HyperFlex HX Data Platform Command Execution
Cisco HyperFlex HX Command Injection Vulnerabilities
100RISK
open ↗Metasploit600
Cisco HyperFlex HX Data Platform Command Execution
Cisco HyperFlex HX Command Injection Vulnerabilities
100RISK
open ↗Metasploit400
Dell DBUtil_2_3.sys IOCTL memmove
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privile
98RISK
open ↗Metasploit600
Wordpress Plugin Backup Guard - Authenticated Remote Code Execution
Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload
60RISK
open ↗Metasploit400
SuiteCRM Log File Remote Code Execution
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumsta
50RISK
open ↗Metasploit400
SuiteCRM Log File Remote Code Execution
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain
50RISK
open ↗Metasploit600
Git LFS Clone Command Exec
malicious repositories can execute remote code while cloning
58RISK
open ↗Metasploit300
Netgear R7000 backup.cgi Heap Overflow RCE
NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without au
23RISK
open ↗Metasploit500
Pi-Hole Remove Commands Linux Priv Esc
Multiple Privilege Escalation Vulnerabilities Pihole
28RISK
open ↗Metasploit600
GitLab Unauthenticated Remote ExifTool Command Injection
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validati
100RISK
open ↗Metasploit600
GitLab Unauthenticated Remote ExifTool Command Injection
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code exec
100RISK
open ↗Metasploit0
Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to po
100RISK
open ↗Metasploit300
Cockpit CMS NoSQLi to RCE
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
60RISK
open ↗Metasploit300
Cockpit CMS NoSQLi to RCE
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
40RISK
open ↗Metasploit500
2021 Ubuntu Overlayfs LPE
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting o
98RISK
open ↗Metasploit600
Cisco Small Business RV Series Authentication Bypass and Command Injection
Cisco Small Business RV Series Routers Vulnerabilities
40RISK
open ↗Metasploit600
Cisco Small Business RV Series Authentication Bypass and Command Injection
Cisco Small Business RV Series Routers Vulnerabilities
50RISK
open ↗Metasploit600
Microsoft Exchange ProxyShell RCE
Microsoft Exchange Server Elevation of Privilege Vulnerability
100RISK
open ↗Metasploit600
Microsoft Exchange ProxyShell RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISK
open ↗Metasploit600
Microsoft Exchange ProxyShell RCE
Microsoft Exchange Server Security Feature Bypass Vulnerability
100RISK
open ↗Metasploit600
VMware vRealize Operations (vROps) Manager SSRF RCE
Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authent
50RISK
open ↗Metasploit600
VMware vRealize Operations (vROps) Manager SSRF RCE
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor
100RISK
open ↗Metasploit300
GravCMS Remote Command Execution
Unauthenticated Arbitrary YAML Write/Update leads to Code Execution
85RISK
open ↗Metasploit0
macOS Gatekeeper check bypass
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2
90RISK
open ↗Metasploit0
macOS Gatekeeper check bypass
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey
18RISK
open ↗Metasploit600
Apache OFBiz SOAP Java Deserialization
RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI
60RISK
open ↗Metasploit600
rConfig Vendors Auth File Upload RCE
An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP fi
36RISK
open ↗Metasploit600
F5 iControl REST Unauthenticated SSRF Token Generation RCE
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.
100RISK
open ↗Metasploit600
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.