Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
22,469 exploits
Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php.
23RISK
open ↗Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php.
23RISK
open ↗Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "Blood Pressure" field on the patients/register-repo
23RISK
open ↗Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field.
23RISK
open ↗Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "Personal Address" field on staff/register.php
23RISK
open ↗Exploit-DB
Adtran Personal Phone Manager 10.8.1 - 'Multiple' Reflected Cross-Site Scripting (XSS)
The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These
23RISK
open ↗Exploit-DB
Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access)
Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can ena
23RISK
open ↗Exploit-DB
Adtran Personal Phone Manager 10.8.1 - 'emailAddress' Stored Cross-Site Scripting (XSS)
The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. T
23RISK
open ↗Exploit-DB
Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration
AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. T
28RISK
open ↗Exploit-DB
RemoteClinic 2 - 'Multiple' Cross-Site Scripting (XSS)
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php.
23RISK
open ↗Exploit-DB
GravCMS 1.10.7 - Unauthenticated Arbitrary File Write (Metasploit)
Unauthenticated Arbitrary YAML Write/Update leads to Code Execution
85RISK
open ↗Exploit-DB
Horde Groupware Webmail 5.2.22 - Stored XSS
An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library befor
23RISK
open ↗Exploit-DB
htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)
htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php.
23RISK
open ↗Exploit-DB
Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)
An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected u
43RISK
open ↗Exploit-DB
jQuery 1.0.3 - Cross-Site Scripting (XSS)
Potential XSS vulnerability in jQuery
85RISK
open ↗Exploit-DB
MariaDB 10.2 - 'wsrep_provider' OS Command Execution
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, a
35RISK
open ↗Exploit-DB
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - RCE
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacter
35RISK
open ↗Exploit-DB
CITSmart ITSM 9.1.2.22 - LDAP Injection
CITSmart before 9.1.2.23 allows LDAP Injection.
28RISK
open ↗Exploit-DB
CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authenticated)
CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete."
23RISK
open ↗Exploit-DB
jQuery 1.2 - Cross-Site Scripting (XSS)
jQuery has a potential XSS vulnerability
55RISK
open ↗Exploit-DB
ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow
An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensi
28RISK
open ↗Exploit-DB
vsftpd 2.3.4 - Backdoor Command Execution
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISK
open ↗Exploit-DB
PrestaShop 1.7.6.7 - 'location' Blind Sql Injection
Blind SQL Injection in PrestaShop
28RISK
open ↗Exploit-DB
DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)
DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php.
23RISK
open ↗Exploit-DB
Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adja
23RISK
open ↗Exploit-DB
Composr 10.0.36 - Remote Code Execution
Composr 10.0.36 allows upload and execution of PHP files.
28RISK
open ↗Exploit-DB
Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via a
23RISK
open ↗Exploit-DB
Dell OpenManage Server Administrator 9.4.0.0 - Arbitrary File Read
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities.
60RISK
open ↗Exploit-DB
Composr CMS 10.0.36 - Cross Site Scripting
Composr 10.0.36 allows XSS in an XML script.
23RISK
open ↗Exploit-DB
Google Chrome 86.0.4240 V8 - Remote Code Execution
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially explo
60RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.