Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
3,462 exploits
Metasploit600
GetSimpleCMS Unauthenticated RCE
An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows
60RISK
open ↗Metasploit600
WP Database Backup RCE
WP Database Backup < 5.2 - Unauthenticated OS Command Injection
68RISK
open ↗Metasploit600
Pulse Secure VPN Arbitrary Command Execution
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1R
100RISK
open ↗Metasploit300
Pulse Secure VPN Arbitrary File Disclosure
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthent
100RISK
open ↗Metasploit600
Oracle Weblogic Server Deserialization RCE - AsyncResponseService
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supporte
100RISK
open ↗Metasploit600
SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker co
60RISK
open ↗Metasploit300
Spring Cloud Config Server Directory Traversal
Directory Traversal with spring-cloud-config-server
60RISK
open ↗Metasploit300
Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal
Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponen
18RISK
open ↗Metasploit300
Remote Mouse RCE
Emote Interactive Remote Mouse Server command injection due to weak encoding
63RISK
open ↗Metasploit600
Kentico CMS Staging SyncServer Unserialize Remote Command Execution
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions
100RISK
open ↗Metasploit600
Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation
This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to
38RISK
open ↗Metasploit600
Mac OS X Feedback Assistant Race Condition
A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A mali
43RISK
open ↗Metasploit600
Apache Tomcat CGIServlet enableCmdLineArguments Vulnerability
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0
60RISK
open ↗Metasploit300
AppXSvc Hard Link Privilege Escalation
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard li
98RISK
open ↗Metasploit300
WordPress Google Maps Plugin SQL Injection
In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize
40RISK
open ↗Metasploit600
AwindInc SNMP Service Command Injection
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote
60RISK
open ↗Metasploit600
AIS logistics ESEL-Server Unauth SQL Injection RCE
SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app)
50RISK
open ↗Metasploit300
CMS Made Simple Authenticated RCE via object injection
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php an
23RISK
open ↗Metasploit600
Atlassian Confluence Widget Connector Macro Velocity Template Injection
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from vers
100RISK
open ↗Metasploit600
Horde Form File Upload Vulnerability
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulner
23RISK
open ↗Metasploit0
Chrome 72.0.3626.119 FileReader UaF exploit for Windows 7 x86
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform
90RISK
open ↗Metasploit600
PostgreSQL COPY FROM PROGRAM Command Execution
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_serve
60RISK
open ↗Metasploit300
IBM BigFix Relay Server Sites and Package Enum
IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the upd
33RISK
open ↗Metasploit600
Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess th
60RISK
open ↗Metasploit600
Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x b
100RISK
open ↗Metasploit600
Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XX
100RISK
open ↗Metasploit300
Microsoft Windows NtUserMNDragOver Local Privilege Elevation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
98RISK
open ↗Metasploit300
CMS Made Simple (CMSMS) Showtime2 File Upload RCE
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard
50RISK
open ↗Metasploit300
Pimcore Unserialize RCE
An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/c
50RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.