Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,063cataloged exploits
31,617CVEs with public exploitation
0lab-tested
19,791 exploits
Referência
CVE-2023-25690
Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy
70RISK
open
Referência
CVE-2014-0497
CVE-2014-0497HIGHunder attack
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Ma
100RISK
open
Referência
CVE-2023-2796
EventON < 2.1.2 - Unauthenticated Event Access
50RISK
open
Referência
CVE-2021-24155
Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload
60RISK
open
Referência
CVE-2021-24155
Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload
60RISK
open
Referência
CVE-2017-14493
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execu
45RISK
open
Referência
CVE-2016-10073
The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the emai
60RISK
open
Referência
CVE-2016-10073
The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the emai
60RISK
open
Referência
Bea Weblogic Apache Connector - Code Execution / Denial of Service
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10
60RISK
open
Referência
CVE-2021-25094
Tatsu < 3.3.12 - Unauthenticated RCE
60RISK
open
Referência
CVE-2021-25094
Tatsu < 3.3.12 - Unauthenticated RCE
60RISK
open
Referência
CVE-2010-2075
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally
60RISK
open
Referência
CVE-2013-5311
Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL com
23RISK
open
Referência
CVE-2016-5195
CVE-2016-5195HIGHunder attack
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RISK
open
Referência
CVE-2016-5195
CVE-2016-5195HIGHunder attack
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RISK
open
Referência
CVE-2016-5195
CVE-2016-5195HIGHunder attack
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RISK
open
Referência
CVE-2016-5195
CVE-2016-5195HIGHunder attack
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RISK
open
Referência
CVE-2016-5195
CVE-2016-5195HIGHunder attack
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RISK
open
Referência
CVE-2016-5195
CVE-2016-5195HIGHunder attack
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RISK
open
Referência
CVE-2016-5195
CVE-2016-5195HIGHunder attack
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RISK
open
Referência
CVE-2016-5195
CVE-2016-5195HIGHunder attack
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RISK
open
Referência
CVE-2016-5195
CVE-2016-5195HIGHunder attack
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RISK
open
Referência
CVE-2016-5195
CVE-2016-5195HIGHunder attack
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RISK
open
Referência
CVE-2017-11317
CVE-2017-11317CRITICALunder attack
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload
100RISK
open
Referência
Sun Board 1.00.00 alpha - Remote File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.00 Alpha allow remote attackers to execute arbitrar
45RISK
open
Referência
CVE-2015-0779
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11
60RISK
open
Referência
CVE-2016-10174
CVE-2016-10174CRITICALunder attack
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cg
100RISK
open
Referência
CVE-2016-10174
CVE-2016-10174CRITICALunder attack
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cg
100RISK
open
Referência
CVE-2019-1935
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability
85RISK
open
Referência
CVE-2019-1935
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability
85RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.