Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
3,462 exploits
Metasploit600
EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoD
60RISK
open ↗Metasploit600
EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL
40RISK
open ↗Metasploit600
EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include
100RISK
open ↗Metasploit600
CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerabi
60RISK
open ↗Metasploit600
PlaySMS index.php Unauthenticated Template Injection Code Execution
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
100RISK
open ↗Metasploit600
CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vu
30RISK
open ↗Metasploit500
Arista restricted shell escape (with privesc)
Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly oth
23RISK
open ↗Metasploit600
OpenSMTPD MAIL FROM Remote Code Execution
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to
100RISK
open ↗Metasploit600
Centreon Poller Authenticated Remote Command Execution
There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers mi
23RISK
open ↗Metasploit300
Ricoh Driver Privilege Escalation
An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attacker
38RISK
open ↗Metasploit300
WebLogic Server Deserialization RCE - BadAttributeValueExpException
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Su
100RISK
open ↗Metasploit0
WordPress InfiniteWP Client Authentication Bypass
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in in
40RISK
open ↗Metasploit300
"Cablehaunt" Cable Modem WebSocket DoS
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker
23RISK
open ↗Metasploit600
D-Link DIR-859 Unauthenticated Remote Command Execution
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated rem
100RISK
open ↗Metasploit600
D-Link Devices Unauthenticated Remote Command Execution in ssdpcgi
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the
60RISK
open ↗Metasploit600
IBM TM1 / Planning Analytics Unauthenticated Remote Code Execution
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated use
100RISK
open ↗Metasploit600
Citrix ADC (NetScaler) Directory Traversal RCE
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RISK
open ↗Metasploit300
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RISK
open ↗Metasploit300
TVT NVMS-1000 Directory Traversal
TVT NVMS-1000 devices allow GET /.. Directory Traversal
100RISK
open ↗Metasploit600
OpenBSD Dynamic Loader chpass Privilege Escalation
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be
38RISK
open ↗Metasploit300
Microsoft Windows Uninitialized Variable Local Privilege Elevation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
100RISK
open ↗Metasploit600
Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUp
100RISK
open ↗Metasploit600
Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload
100RISK
open ↗Metasploit300
Anviz CrossChex Buffer Overflow
Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.
50RISK
open ↗Metasploit600
Liferay Portal Java Unmarshalling via JSONWS RCE
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary c
100RISK
open ↗Metasploit300
QNAP QTS and Photo Station Local File Inclusion
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fi
100RISK
open ↗Metasploit300
QNAP QTS and Photo Station Local File Inclusion
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fi
100RISK
open ↗Metasploit300
QNAP QTS and Photo Station Local File Inclusion
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix the
100RISK
open ↗Metasploit300
WordPress Email Subscribers and Newsletter Hash SQLi Scanner
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to b
78RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.