Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
19,810 exploits
Referência
Microsoft Internet Explorer (Windows Vista) - XML Parsing Buffer Overflow
Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet
50RISK
open
Referência
Microsoft Internet Explorer - XML Parsing Remote Buffer Overflow
Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet
50RISK
open
Referência
CVE-2018-0934
ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution,
35RISK
open
Referência
CVE-2016-7240
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a de
35RISK
open
Referência
CVE-2012-6096
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga
50RISK
open
Referência
CVE-2012-6096
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga
50RISK
open
Referência
CVE-2021-32172
Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the
50RISK
open
Referência
BadBlue 2.72 - PassThru Remote Buffer Overflow
Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attacker
50RISK
open
Referência
CVE-2013-2347
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary
50RISK
open
Referência
CVE-2011-5010
apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via sh
50RISK
open
Referência
Euphonics Audio Player 1.0 - '.pls' Local Buffer Overflow
Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedi
50RISK
open
Referência
Euphonics Audio Player 1.0 - '.pls' Universal Local Buffer Overflow
Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedi
50RISK
open
Referência
CVE-2017-14496
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-su
35RISK
open
Referência
CVE-2025-55315
ASP.NET Security Feature Bypass Vulnerability
60RISK
open
Referência
VUPlayer 2.44 - '.m3u' UNC Name Buffer Overflow
Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote attackers to execute arbitrary code via a long st
50RISK
open
Referência
VUPlayer 2.44 - '.m3u' UNC Name Buffer Overflow (Metasploit)
Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote attackers to execute arbitrary code via a long st
50RISK
open
Referência
CVE-2019-12181
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
50RISK
open
Referência
CVE-2019-12181
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
50RISK
open
Referência
CVE-2015-2295
Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before
35RISK
open
Referência
CVE-2015-2295
Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before
35RISK
open
Referência
CVE-2013-6194
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a
50RISK
open
Referência
CVE-2015-8351
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_includ
35RISK
open
Referência
CVE-2015-8351
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_includ
35RISK
open
Referência
CVE-2023-30806
Sangfor Next-Gen Application Firewall PHPSESSID Command Injection
60RISK
open
Referência
CVE-2023-30805
Sangfor Next-Gen Application Firewall Login Un Param Command Injection
60RISK
open
Referência
CVE-2013-1362
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote att
50RISK
open
Referência
CVE-2017-14147
An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to ea
35RISK
open
Referência
CVE-2017-14147
An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to ea
35RISK
open
Referência
CVE-2010-4279
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which al
50RISK
open
Referência
CVE-2010-4279
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which al
50RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.