Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
19,810 exploits
Referência
ablespace 1.0 - Cross-Site Scripting / Blind SQL Injection
Multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0 allow remote attackers to inject arbitrary web scri
23RISK
open ↗Referência
e107 Plugin BLOG Engine 2.1.4 - SQL Injection
SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows re
23RISK
open ↗Referência
Winamp GEN_MSN Plugin - Heap Buffer Overflow (PoC)
Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute
23RISK
open ↗Referência
Cyberfolio 2.0 RC1 - 'av' Remote File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 RC1 and earlier, when register_globals is enabled,
23RISK
open ↗Referência
CVE-2017-6994
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchO
23RISK
open ↗Referência
CVE-2019-12279
Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). N
23RISK
open ↗Referência
Eskolar CMS 0.9.0.0 - Blind SQL Injection
Multiple SQL injection vulnerabilities in Eskolar CMS 0.9.0.0 allow remote attackers to execute arbitrary SQL commands v
23RISK
open ↗Referência
Page Manager CMS 2006-02-04 - Arbitrary File Upload
Unrestricted file upload vulnerability in upload.php in Page Manager 2006-02-04 allows remote attackers to execute arbit
23RISK
open ↗Referência
IP3 NetAccess < 4.1.9.6 - Arbitrary File Disclosure
Directory traversal vulnerability in portalgroups/portalgroups/getfile.cgi in IP3 NetAccess before firmware 4.1.9.6 allo
23RISK
open ↗Referência
CVE-2006-3683
PHP remote file inclusion vulnerability in poll.php in Flipper Poll 1.1 and earlier allows remote attackers to execute a
23RISK
open ↗Referência
CVE-2015-4073
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to exe
23RISK
open ↗Referência
CVE-2015-4073
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to exe
23RISK
open ↗Referência
CVE-2021-41382
Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface.
23RISK
open ↗Referência
CVE-2019-2107
In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. Th
23RISK
open ↗Referência
Mozilla Firefox 3.0.3 - User Interface Null Pointer Dereference Crash
The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial
23RISK
open ↗Referência
CVE-2018-1038
The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to
23RISK
open ↗Referência
F-Prot AntiVirus 4.6.6 - 'ACE' Denial of Service
FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to cause a denial of service (infinit
23RISK
open ↗Referência
CVE-2016-8377
An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vul
23RISK
open ↗Referência
CVE-2015-0097
Microsoft Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Excel 2010 SP2, PowerPoint 2010 SP2, and Word 2010 SP2 all
35RISK
open ↗Referência
CVE-2021-25297
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
98RISK
open ↗Referência
CVE-2026-32746
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption
53RISK
open ↗Referência
CVE-2012-4750
A Code Execution vulnerability exists in the memcpy function when processing AMF requests in Ezhometech EzServer 7.0, wh
23RISK
open ↗Referência
CVE-2018-11529
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arb
50RISK
open ↗Referência
CVE-2022-32272
OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5
23RISK
open ↗Referência
CVE-2024-12342
TP-Link VN020 F3v(T) Incomplete SOAP Request WANIPConnection denial of service
41RISK
open ↗Referência
CVE-2017-7042
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iClo
23RISK
open ↗Referência
EZWebAlbum - Remote File Disclosure
Directory traversal vulnerability in download.php in EZWebAlbum allows remote attackers to read arbitrary files via the
23RISK
open ↗Referência
CVE-2011-1715
Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other
23RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.