Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
19,810 exploits
Referência
ScozNews 1.2.1 - 'mainpath' Remote File Inclusion
Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbit
23RISK
open
Referência
CVE-2016-9244
A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may
45RISK
open
Referência
CVE-2016-9244
A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may
45RISK
open
Referência
b1gbb 2.24.0 - 'footer.inc.php?tfooter' Remote File Inclusion
PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB 2.24 allows remote attackers to execute arbitrary
45RISK
open
Referência
CVE-2017-17405
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and p
45RISK
open
Referência
CVE-2015-3087
Integer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and
45RISK
open
Referência
CVE-2013-2010
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
60RISK
open
Referência
CVE-2013-2010
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
60RISK
open
Referência
CVE-2020-8813
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a
60RISK
open
Referência
CVE-2020-8813
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a
60RISK
open
Referência
CVE-2020-8813
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a
60RISK
open
Referência
CVE-2020-8813
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a
60RISK
open
Referência
BigAnt Server 2.2 - Remote Overflow (SEH)
Stack-based buffer overflow in the AntServer module (AntServer.exe) in BigAnt IM Server in BigAnt Messenger 2.2 allows r
60RISK
open
Referência
CVE-2020-11698
An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp
60RISK
open
Referência
CVE-2020-11698
An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp
60RISK
open
Referência
CVE-2018-20526
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.
60RISK
open
Referência
CVE-2018-20526
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.
60RISK
open
Referência
CVE-2005-2428
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hid
60RISK
open
Referência
CVE-2015-8249
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and e
60RISK
open
Referência
CVE-2015-8249
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and e
60RISK
open
Referência
CVE-2019-9978
CVE-2019-9978MEDIUMunder attack
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RISK
open
Referência
CVE-2019-9978
CVE-2019-9978MEDIUMunder attack
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RISK
open
Referência
CVE-2019-9978
CVE-2019-9978MEDIUMunder attack
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RISK
open
Referência
CVE-2018-0824
CVE-2018-0824HIGHunder attack
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized
100RISK
open
Referência
CVE-2014-5073
vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands
60RISK
open
Referência
CVE-2014-5073
vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands
60RISK
open
Referência
CVE-2017-17560
An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquer
60RISK
open
Referência
CVE-2021-40449
CVE-2021-40449HIGHunder attackransomware
Win32k Elevation of Privilege Vulnerability
100RISK
open
Referência
SapLPD 6.28 (Windows x86) - Remote Buffer Overflow
Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to
60RISK
open
Referência
CVE-2014-7868
Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT
45RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.