Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
3,462 exploits
Metasploit0
Google Chrome 72 and 73 Array.map exploit
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploi
90RISK
open ↗Metasploit400
Cisco RV110W/RV130(W)/RV215W Routers Management Interface Remote Command Execution
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
85RISK
open ↗Metasploit600
elFinder PHP Connector exiftran Command Injection
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RISK
open ↗Metasploit300
Drupal RESTful Web Services unserialize() RCE
Drupal core - Highly critical - Remote Code Execution
100RISK
open ↗Metasploit600
WordPress Crop-image Shell Upload
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry ca
60RISK
open ↗Metasploit600
WordPress Crop-image Shell Upload
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can
60RISK
open ↗Metasploit300
Total.js prior to 3.2.4 Directory Traversal
index.js in Total.js Platform before 3.2.3 allows path traversal.
40RISK
open ↗Metasploit600
RARLAB WinRAR ACE Format Input Validation Remote Code Execution
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RISK
open ↗Metasploit300
OpenMRS Java Deserialization RCE
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated use
85RISK
open ↗Metasploit600
Schneider Electric Pelco Endura NET55XX Encoder
A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 wh
50RISK
open ↗Metasploit300
Cisco RV320/RV326 Configuration Disclosure
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
100RISK
open ↗Metasploit300
Microsoft Exchange Privilege Escalation Exploit
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of
23RISK
open ↗Metasploit600
Webmin Upload Authenticated RCE
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Dow
43RISK
open ↗Metasploit600
BMC Patrol Agent Privilege Escalation Cmd Execution
An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for l
38RISK
open ↗Metasploit300
ES File Explorer Open Port
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary fi
50RISK
open ↗Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins
60RISK
open ↗Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/
23RISK
open ↗Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/
100RISK
open ↗Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src
60RISK
open ↗Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and ea
100RISK
open ↗Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/
60RISK
open ↗Metasploit0
Docker Container Escape Via runC Overwrite
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc b
60RISK
open ↗Metasploit600
Mailcleaner Remote Code Execution
www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitra
30RISK
open ↗Metasploit600
LibreNMS addhost Command Injection
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to htm
60RISK
open ↗Metasploit600
ThinkPHP Multiple PHP Injection RCEs
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public/
100RISK
open ↗Metasploit600
ThinkPHP Multiple PHP Injection RCEs
An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP
100RISK
open ↗Metasploit600
Cisco Prime Infrastructure Runrshell Privilege Escalation
Cisco Small Business Switches Privileged Access Vulnerability
55RISK
open ↗Metasploit500
Linux Nested User Namespace idmap Limit Local Privilege Escalation
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalat
38RISK
open ↗Metasploit600
Nagios XI Magpie_debug.php Root Remote Code Execution
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
50RISK
open ↗Metasploit600
Nagios XI Magpie_debug.php Root Remote Code Execution
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP r
60RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.