Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit600
Cisco HyperFlex HX Data Platform Command Execution
CVE-2021-1498CRITICALunder attack05 May 2021
Cisco HyperFlex HX Command Injection Vulnerabilities
100RISK
open
Metasploit600
Cisco HyperFlex HX Data Platform Command Execution
CVE-2021-1497CRITICALunder attack05 May 2021
Cisco HyperFlex HX Command Injection Vulnerabilities
100RISK
open
Metasploit400
Dell DBUtil_2_3.sys IOCTL memmove
CVE-2021-21551HIGHunder attack04 May 2021
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privile
98RISK
open
Metasploit600
Wordpress Plugin Backup Guard - Authenticated Remote Code Execution
CVE-2021-2415504 May 2021
Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload
60RISK
open
Metasploit400
SuiteCRM Log File Remote Code Execution
CVE-2021-4284028 Apr 2021
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumsta
50RISK
open
Metasploit400
SuiteCRM Log File Remote Code Execution
CVE-2020-2832828 Apr 2021
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain
50RISK
open
Metasploit600
Git LFS Clone Command Exec
CVE-2021-21300HIGH26 Apr 2021
malicious repositories can execute remote code while cloning
58RISK
open
Metasploit300
Netgear R7000 backup.cgi Heap Overflow RCE
CVE-2021-3180221 Apr 2021
NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without au
23RISK
open
Metasploit500
Pi-Hole Remove Commands Linux Priv Esc
CVE-2021-29449MEDIUM20 Apr 2021
Multiple Privilege Escalation Vulnerabilities Pihole
28RISK
open
Metasploit300
Apache Tapestry HMAC secret key leak
CVE-2021-2785015 Apr 2021
Bypass of the fix for CVE-2019-0195
60RISK
open
Metasploit600
GitLab Unauthenticated Remote ExifTool Command Injection
CVE-2021-22205CRITICALunder attackransomware14 Apr 2021
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validati
100RISK
open
Metasploit600
GitLab Unauthenticated Remote ExifTool Command Injection
CVE-2021-22204MEDIUMunder attack14 Apr 2021
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code exec
100RISK
open
Metasploit0
Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE
CVE-2021-21220HIGHunder attack13 Apr 2021
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to po
100RISK
open
Metasploit300
Cockpit CMS NoSQLi to RCE
CVE-2020-3584713 Apr 2021
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
60RISK
open
Metasploit300
Cockpit CMS NoSQLi to RCE
CVE-2020-3584613 Apr 2021
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
40RISK
open
Metasploit500
2021 Ubuntu Overlayfs LPE
CVE-2021-3493HIGHunder attack12 Apr 2021
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting o
98RISK
open
Metasploit600
Cisco Small Business RV Series Authentication Bypass and Command Injection
CVE-2021-1473MEDIUM07 Apr 2021
Cisco Small Business RV Series Routers Vulnerabilities
40RISK
open
Metasploit600
Cisco Small Business RV Series Authentication Bypass and Command Injection
CVE-2021-1472MEDIUM07 Apr 2021
Cisco Small Business RV Series Routers Vulnerabilities
50RISK
open
Metasploit600
Microsoft Exchange ProxyShell RCE
CVE-2021-34523CRITICALunder attackransomware06 Apr 2021
Microsoft Exchange Server Elevation of Privilege Vulnerability
100RISK
open
Metasploit600
Microsoft Exchange ProxyShell RCE
CVE-2021-34473CRITICALunder attackransomware06 Apr 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISK
open
Metasploit600
Microsoft Exchange ProxyShell RCE
CVE-2021-31207MEDIUMunder attackransomware06 Apr 2021
Microsoft Exchange Server Security Feature Bypass Vulnerability
100RISK
open
Metasploit600
VMware vRealize Operations (vROps) Manager SSRF RCE
CVE-2021-2198330 Mar 2021
Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authent
50RISK
open
Metasploit600
VMware vRealize Operations (vROps) Manager SSRF RCE
CVE-2021-21975HIGHunder attackransomware30 Mar 2021
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor
100RISK
open
Metasploit300
GravCMS Remote Command Execution
CVE-2021-21425CRITICAL29 Mar 2021
Unauthenticated Arbitrary YAML Write/Update leads to Code Execution
85RISK
open
Metasploit0
macOS Gatekeeper check bypass
CVE-2021-30657MEDIUMunder attack25 Mar 2021
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2
90RISK
open
Metasploit0
macOS Gatekeeper check bypass
CVE-2022-2261625 Mar 2021
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey
18RISK
open
Metasploit600
Apache OFBiz SOAP Java Deserialization
CVE-2021-2629522 Mar 2021
RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI
60RISK
open
Metasploit600
rConfig Vendors Auth File Upload RCE
CVE-2022-44384HIGH17 Mar 2021
An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP fi
36RISK
open
Metasploit600
F5 iControl REST Unauthenticated SSRF Token Generation RCE
CVE-2021-22986CRITICALunder attackransomware10 Mar 2021
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.
100RISK
open
Metasploit600
Microsoft Exchange ProxyLogon RCE
CVE-2021-27065HIGHunder attackransomware02 Mar 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.