Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
22,469 exploits
Exploit-DB
Maian-Cart 3.8 - Remote Code Execution (RCE) (Unauthenticated)
CVE-2021-3217208 Oct 2021
Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the
50RISK
open
Exploit-DB
Google SLO-Generator 2.0.0 - Code Execution
CVE-2021-22557MEDIUM07 Oct 2021
Code execution in SLO Generator via YAML Payload
33RISK
open
Exploit-DB
Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read
CVE-2021-26086MEDIUMunder attack06 Oct 2021
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path tr
100RISK
open
Exploit-DB
Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution (RCE)
CVE-2021-41773HIGHunder attackransomware06 Oct 2021
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISK
open
Exploit-DB
Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read
CVE-2021-26085MEDIUMunder attackransomware05 Oct 2021
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authoriza
100RISK
open
Exploit-DB
WhatsUpGold 21.0.3 - Stored Cross-Site Scripting (XSS)
CVE-2021-4131801 Oct 2021
In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input.
23RISK
open
Exploit-DB
WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)
CVE-2021-2428729 Sep 2021
Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)
43RISK
open
Exploit-DB
WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting
CVE-2021-2428629 Sep 2021
Redirect 404 to Parent < 1.3.1 - Reflected Cross-Site Scripting (XSS)
43RISK
open
Exploit-DB
WordPress Plugin Contact Form 1.7.14 - Reflected Cross-Site Scripting (XSS)
CVE-2021-2427628 Sep 2021
Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS)
43RISK
open
Exploit-DB
WordPress Plugin Ultimate Maps 1.2.4 - Reflected Cross-Site Scripting (XSS)
CVE-2021-2427428 Sep 2021
Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)
43RISK
open
Exploit-DB
WordPress Plugin TranslatePress 2.0.8 - Stored Cross-Site Scripting (XSS) (Authenticated)
CVE-2021-2461028 Sep 2021
TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting
23RISK
open
Exploit-DB
WordPress Plugin Popup 1.10.4 - Reflected Cross-Site Scripting (XSS)
CVE-2021-2427528 Sep 2021
Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)
43RISK
open
Exploit-DB
XAMPP 7.4.3 - Local Privilege Escalation
CVE-2020-1110727 Sep 2021
An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged
28RISK
open
Exploit-DB
Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control
CVE-2021-4087523 Sep 2021
Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat ac
50RISK
open
Exploit-DB
WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery (CSRF)
CVE-2021-2427223 Sep 2021
Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)
23RISK
open
Exploit-DB
WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 - Reflected Cross-Site Scripting (XSS)
CVE-2021-2416923 Sep 2021
Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS)
43RISK
open
Exploit-DB
OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection (XXE)
CVE-2019-1335822 Sep 2021
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying opera
28RISK
open
Exploit-DB
Cloudron 6.2 - 'returnTo ' Cross Site Scripting (Reflected)
CVE-2021-4086822 Sep 2021
In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.
38RISK
open
Exploit-DB
WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated)
CVE-2021-29447HIGH20 Sep 2021
WordPress Authenticated XXE attack when installation is running PHP 8
63RISK
open
Exploit-DB
WordPress Plugin WooCommerce Booster Plugin 5.4.3 - Authentication Bypass
CVE-2021-34646CRITICAL17 Sep 2021
Booster for WooCommerce <= 5.4.3 Authentication Bypass
60RISK
open
Exploit-DB
Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai
CVE-2021-2404013 Sep 2021
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files c
28RISK
open
Exploit-DB
OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference (IDOR)
CVE-2021-4035206 Sep 2021
OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can re
23RISK
open
Exploit-DB
FlatCore CMS 2.0.7 - Remote Code Execution (RCE) (Authenticated)
CVE-2021-3960806 Sep 2021
Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a rem
35RISK
open
Exploit-DB
Compro Technology IP Camera - ' mjpegStreamer.cgi' Screenshot Disclosure
CVE-2021-4038202 Sep 2021
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. mjpegStreamer.cgi allo
28RISK
open
Exploit-DB
Compro Technology IP Camera - ' index_MJpeg.cgi' Stream Disclosure
CVE-2021-4038102 Sep 2021
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. index_MJpeg.cgi allows
28RISK
open
Exploit-DB
Compro Technology IP Camera - RTSP stream disclosure (Unauthenticated)
CVE-2021-4037902 Sep 2021
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. rstp://.../medias2 doe
28RISK
open
Exploit-DB
Compro Technology IP Camera - 'Multiple' Credential Disclosure
CVE-2021-4038002 Sep 2021
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. cameralist.cgi and set
28RISK
open
Exploit-DB
Compro Technology IP Camera - 'killps.cgi' Denial of Service (DoS)
CVE-2021-4037802 Sep 2021
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killp
28RISK
open
Exploit-DB
Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution (RCE) (Unauthenticated)
CVE-2021-26084CRITICALunder attackransomware01 Sep 2021
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an un
100RISK
open
Exploit-DB
WordPress Plugin ProfilePress 3.1.3 - Privilege Escalation (Unauthenticated)
CVE-2021-34621CRITICAL31 Aug 2021
ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation
75RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.