Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit600
VMware View Planner Unauthenticated Log File Upload RCE
CVE-2021-2197802 Mar 2021
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input val
60RISK
open
Metasploit300
Microsoft Exchange ProxyLogon Collector
CVE-2021-26855CRITICALunder attackransomware02 Mar 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISK
open
Metasploit600
Microsoft Exchange ProxyLogon RCE
CVE-2021-26855CRITICALunder attackransomware02 Mar 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISK
open
Metasploit300
Microsoft Exchange ProxyLogon Scanner
CVE-2021-26855CRITICALunder attackransomware02 Mar 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISK
open
Metasploit600
Veritas Backup Exec Agent Remote Code Execution
CVE-2021-27876HIGHunder attackransomware01 Mar 2021
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires suc
91RISK
open
Metasploit600
Veritas Backup Exec Agent Remote Code Execution
CVE-2021-27878HIGHunder attackransomware01 Mar 2021
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires suc
91RISK
open
Metasploit600
Veritas Backup Exec Agent Remote Code Execution
CVE-2021-27877HIGHunder attackransomware01 Mar 2021
An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authenticat
98RISK
open
Metasploit300
FortiLogger Arbitrary File Upload Exploit
CVE-2021-337826 Feb 2021
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUpl
60RISK
open
Metasploit300
Unified Remote Auth Bypass to RCE
CVE-2022-3229CRITICAL25 Feb 2021
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication
55RISK
open
Metasploit600
IGEL OS Secure VNC/Terminal Command Injection RCE
CVE-2025-34082CRITICAL25 Feb 2021
IGEL OS Secure Terminal and Secure Shadow Remote Code Execution
63RISK
open
Metasploit600
SaltStack Salt API Unauthenticated RCE through wheel_async client
CVE-2021-2528225 Feb 2021
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable
40RISK
open
Metasploit600
SaltStack Salt API Unauthenticated RCE through wheel_async client
CVE-2021-2528125 Feb 2021
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel
40RISK
open
Metasploit300
Wifi Mouse RCE
CVE-2022-321825 Feb 2021
Necta WiFi Mouse (Mouse Server) client-side authentication bypass
40RISK
open
Metasploit0
VMware vCenter Server Unauthenticated OVA File Upload RCE
CVE-2021-21972CRITICALunder attackransomware23 Feb 2021
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor
100RISK
open
Metasploit600
Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection
CVE-2021-25296HIGHunder attack13 Feb 2021
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RISK
open
Metasploit600
Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection
CVE-2021-25297HIGHunder attack13 Feb 2021
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
98RISK
open
Metasploit600
Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection
CVE-2021-25298HIGHunder attack13 Feb 2021
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RISK
open
Metasploit200
Win32k ConsoleControl Offset Confusion
CVE-2021-1732HIGHunder attackransomware09 Feb 2021
Windows Win32k Elevation of Privilege Vulnerability
100RISK
open
Metasploit200
Win32k ConsoleControl Offset Confusion
CVE-2022-21882HIGHunder attack09 Feb 2021
Win32k Elevation of Privilege Vulnerability
98RISK
open
Metasploit600
Advantech iView Unauthenticated Remote Code Execution
CVE-2021-2265209 Feb 2021
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow a
30RISK
open
Metasploit600
Micro Focus Operations Bridge Reporter Unauthenticated Command Injection
CVE-2021-22502CRITICALunder attack09 Feb 2021
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The
100RISK
open
Metasploit600
NetMotion Mobility Server MvcUtil Java Deserialization
CVE-2021-2691408 Feb 2021
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code
40RISK
open
Metasploit300
NCR Command Center Agent Remote Code Execution
CVE-2021-312207 Feb 2021
CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (wit
40RISK
open
Metasploit600
Wordpress Plugin Modern Events Calendar - Authenticated Remote Code Execution
CVE-2021-2414529 Jan 2021
Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE
60RISK
open
Metasploit600
Sudo Heap-Based Buffer Overflow
CVE-2021-3156HIGHunder attack26 Jan 2021
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISK
open
Metasploit600
Apache Druid 0.20.0 Remote Command Execution
CVE-2021-2564621 Jan 2021
Authenticated users can override system configurations in their requests which allows them to execute arbitrary code.
60RISK
open
Metasploit600
Lucee Administrator imgProcess.cfm Arbitrary File Write
CVE-2021-21307HIGH15 Jan 2021
Remote Code Exploit in Lucee Admin
78RISK
open
Metasploit600
Unauthenticated remote code execution in Ignition
CVE-2021-3129CRITICALunder attackransomware13 Jan 2021
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitra
100RISK
open
Metasploit600
Microsoft Exchange Server DlpUtils AddTenantDlpPolicy RCE
CVE-2020-17132CRITICAL12 Jan 2021
Microsoft Exchange Remote Code Execution Vulnerability
65RISK
open
Metasploit600
Microsoft Exchange Server DlpUtils AddTenantDlpPolicy RCE
CVE-2020-16875HIGH12 Jan 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
48RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.