Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
19,810 exploits
Referência
CVE-2021-25296
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi
100RISK
open ↗Referência
Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure
BulletProof Security <= 5.1 Sensitive Information Disclosure
70RISK
open ↗Referência
CVE-2016-1560
ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and
60RISK
open ↗Referência
CVE-2017-6334
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute ar
100RISK
open ↗Referência
CVE-2017-6334
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute ar
100RISK
open ↗Referência
CVE-2017-6334
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute ar
100RISK
open ↗Referência
CVE-2017-8729
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current u
45RISK
open ↗Referência
CVE-2019-16724
File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Excepti
60RISK
open ↗Referência
CVE-2019-16724
File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Excepti
60RISK
open ↗Referência
File Sharing Wizard 1.5.0 - POST SEH Overflow
File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Excepti
60RISK
open ↗Referência
CVE-2016-10009
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute
53RISK
open ↗Referência
CVE-2016-10009
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute
53RISK
open ↗Referência
CVE-2016-10009
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute
53RISK
open ↗Referência
CVE-2015-2455
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2
35RISK
open ↗Referência
CVE-2018-6008
Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter
50RISK
open ↗Referência
CVE-2018-6008
Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter
50RISK
open ↗Referência
CVE-2017-11741
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo help
23RISK
open ↗Referência
CVE-2014-4880
Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote atta
60RISK
open ↗Referência
CVE-2014-0307
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause
60RISK
open ↗Referência
Ncaster 1.7.2 - 'archive.php' Remote File Inclusion
PHP remote file inclusion vulnerability in admin/addons/archive/archive.php in Ncaster 1.7.2 allows remote attackers to
45RISK
open ↗Referência
CVE-2014-0514
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows r
60RISK
open ↗Referência
CVE-2014-0514
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows r
60RISK
open ↗Referência
CVE-2014-0514
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows r
60RISK
open ↗Referência
Squid < 3.1 5 - HTTP Version Number Parsing Denial of Service
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service v
45RISK
open ↗Referência
CVE-2017-16709
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote
60RISK
open ↗Referência
CVE-2017-8540
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Serve
93RISK
open ↗Referência
CVE-2013-3623
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Managemen
60RISK
open ↗Referência
CVE-2010-2263
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or
60RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.