Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
3,462 exploits
Metasploit600
Microsoft UPnP Local Privilege Elevation Vulnerability
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows
91RISK
open ↗Metasploit600
Microsoft UPnP Local Privilege Elevation Vulnerability
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft W
91RISK
open ↗Metasploit600
Optergy Proton and Enterprise BMS Command Injection using a backdoor
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.
60RISK
open ↗Metasploit300
Microsoft Spooler Local Privilege Elevation Vulnerability
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writin
43RISK
open ↗Metasploit600
Microsoft Spooler Local Privilege Elevation Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
41RISK
open ↗Metasploit600
Windows Update Orchestrator unchecked ScheduleWork call
An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file oper
30RISK
open ↗Metasploit600
FreeSWITCH Event Socket Command Execution
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.
43RISK
open ↗Metasploit0
Kibana Timelion Prototype Pollution RCE
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker
100RISK
open ↗Metasploit600
Linear eMerge E3-Series Access Controller Command Injection
Linear eMerge E3-Series devices allow Command Injections.
100RISK
open ↗Metasploit600
Apache Solr Remote Code Execution via Velocity Template
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A V
100RISK
open ↗Metasploit600
rConfig install Command Execution
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to a
60RISK
open ↗Metasploit400
Nostromo Directory Traversal Remote Command Execution
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote co
100RISK
open ↗Metasploit300
ThinVNC Directory Traversal
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exi
60RISK
open ↗Metasploit600
Solaris xscreensaver log Privilege Escalation
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is a
91RISK
open ↗Metasploit600
Android Binder Use-After-Free Exploit
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interacti
100RISK
open ↗Metasploit300
File Sharing Wizard - POST SEH Overflow
File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Excepti
60RISK
open ↗Metasploit600
vBulletin widgetConfig RCE
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widge
100RISK
open ↗Metasploit600
PHPStudy Backdoor Remote Code execution
PHPStudy 2016-2018 Backdoor Remote Code Execution Vulnerability
63RISK
open ↗Metasploit600
Micro Focus (HPE) Data Protector SUID Privilege Escalation
Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30,
38RISK
open ↗Metasploit600
Bludit Directory Traversal Image File Upload Vulnerability
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .j
60RISK
open ↗Metasploit300
Metasploit HTTP(S) handler DoS
Rapid7 Metasploit HTTP Handler Denial of Service
48RISK
open ↗Metasploit600
Plantronics Hub SpokesUpdateService Privilege Escalation
A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application
38RISK
open ↗Metasploit600
Total.js CMS 12 Widget JavaScript Code Injection
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote
60RISK
open ↗Metasploit600
Cisco UCS Director default scpuser password
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability
85RISK
open ↗Metasploit600
Cisco UCS Director Unauthenticated Remote Code Execution
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability
85RISK
open ↗Metasploit600
Cisco UCS Director Unauthenticated Remote Code Execution
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability
48RISK
open ↗Metasploit300
Grafana 2.0 through 5.2.2 authentication bypass for LDAP and OAuth
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generat
30RISK
open ↗Metasploit600
Webmin password_change.cgi Backdoor
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnera
100RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.