Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
19,791 exploits
Referência
CVE-2011-2921
ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified com
60RISK
open ↗Referência
CVE-2019-1619
Cisco Data Center Network Manager Authentication Bypass Vulnerability
85RISK
open ↗Referência
CVE-2019-1619
Cisco Data Center Network Manager Authentication Bypass Vulnerability
85RISK
open ↗Referência
CVE-2012-5958
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable
60RISK
open ↗Referência
CVE-2014-4511
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in
60RISK
open ↗Referência
CVE-2014-4511
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in
60RISK
open ↗Referência
CVE-2014-4511
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in
60RISK
open ↗Referência
CVE-2014-4511
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in
60RISK
open ↗Referência
CVE-2023-43208
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISK
open ↗Referência
Winamp 5.12 - '.pls' Remote Buffer Overflow (Perl) (2)
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with
60RISK
open ↗Referência
CVE-2015-5374
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01;
60RISK
open ↗Referência
CVE-2016-0792
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to ex
60RISK
open ↗Referência
CVE-2016-0792
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to ex
60RISK
open ↗Referência
CVE-2023-4634
Media Library Assistant <= 3.09 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution
85RISK
open ↗Referência
CVE-2009-2765
httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers
60RISK
open ↗Referência
CVE-2016-7200
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a de
93RISK
open ↗Referência
CVE-2016-7200
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a de
93RISK
open ↗Referência
CVE-2016-7200
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a de
93RISK
open ↗Referência
CVE-2018-0886
The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 S
45RISK
open ↗Referência
CVE-2022-28368
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (
60RISK
open ↗Referência
CVE-2020-15505
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1,
100RISK
open ↗Referência
CVE-2019-18935
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUp
100RISK
open ↗Referência
CVE-2019-18935
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUp
100RISK
open ↗Referência
CVE-2011-0276
HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.secu
60RISK
open ↗Referência
Microsoft Internet Explorer - 'MDAC' Remote Code Execution (MS06-014) (Metasploit) (2)
Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and dis
60RISK
open ↗Referência
Microsoft Internet Explorer - MDAC Remote Code Execution (MS06-014)
Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and dis
60RISK
open ↗Referência
CVE-2021-28164
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contai
70RISK
open ↗Referência
CVE-2010-1297
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrob
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.