Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit300
WebKitGTK+ WebKitFaviconDatabase DoS
CVE-2018-1164603 Jun 2018
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFavicon
50RISK
open
Metasploit600
Quest KACE Systems Management Command Injection
CVE-2018-11138CRITICALunder attackransomware31 May 2018
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by
100RISK
open
Metasploit300
Dolibarr Gather Credentials via SQL Injection
CVE-2018-1009430 May 2018
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vecto
60RISK
open
Metasploit600
IBM QRadar SIEM Unauthenticated Remote Code Execution
CVE-2018-1612MEDIUM28 May 2018
IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and
60RISK
open
Metasploit600
IBM QRadar SIEM Unauthenticated Remote Code Execution
CVE-2016-972228 May 2018
IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be r
43RISK
open
Metasploit600
IBM QRadar SIEM Unauthenticated Remote Code Execution
CVE-2018-141828 May 2018
IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM
50RISK
open
Metasploit500
VLC Media Player MKV Use After Free
CVE-2018-1152924 May 2018
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arb
50RISK
open
Metasploit600
Windscribe WindscribeService Named Pipe Privilege Escalation
CVE-2018-1147924 May 2018
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe s
38RISK
open
Metasploit300
MimiPenguin
CVE-2018-2078123 May 2018
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned f
18RISK
open
Metasploit600
DHCP Client Command Injection (DynoRoot)
CVE-2018-1111HIGH15 May 2018
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in
78RISK
open
Metasploit400
Windows SetImeInfoEx Win32k NULL Pointer Dereference
CVE-2018-8120HIGHunder attackransomware09 May 2018
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
100RISK
open
Metasploit600
Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability
CVE-2018-889708 May 2018
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) wa
43RISK
open
Metasploit300
LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator
CVE-2018-1058301 May 2018
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically p
60RISK
open
Metasploit600
osCommerce Installer Unauthenticated Code Execution
CVE-2018-25114CRITICAL30 Apr 2018
osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution
63RISK
open
Metasploit600
GitList v0.6.0 Argument Injection Vulnerability
CVE-2018-100053326 Apr 2018
klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in
40RISK
open
Metasploit600
Apache Tika Header Command Injection
CVE-2018-133525 Apr 2018
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to
60RISK
open
Metasploit300
Foxit PDF Reader Pointer Overwrite UAF
CVE-2018-995820 Apr 2018
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1
50RISK
open
Metasploit300
Foxit PDF Reader Pointer Overwrite UAF
CVE-2018-994820 Apr 2018
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader
50RISK
open
Metasploit0
Nagios XI Chained Remote Code Execution
CVE-2018-873317 Apr 2018
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an
43RISK
open
Metasploit0
Nagios XI Chained Remote Code Execution
CVE-2018-873517 Apr 2018
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execut
50RISK
open
Metasploit0
Nagios XI Chained Remote Code Execution
CVE-2018-873617 Apr 2018
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RC
50RISK
open
Metasploit0
Oracle Weblogic Server Deserialization RCE
CVE-2018-2628CRITICALunder attack17 Apr 2018
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). S
100RISK
open
Metasploit0
Nagios XI Chained Remote Code Execution
CVE-2018-873417 Apr 2018
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker
50RISK
open
Metasploit600
Pi-Hole Whitelist OS Command Execution
CVE-2025-34087CRITICAL15 Apr 2018
Pi-Hole AdminLTE Whitelist (now 'Web Allowlist') Remote Command Execution
63RISK
open
Metasploit600
H2 Web Interface Create Alias RCE
CVE-2018-1005409 Apr 2018
H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can
30RISK
open
Metasploit600
Drupal Drupalgeddon 2 Forms API Property Injection
CVE-2018-7600CRITICALunder attackransomware28 Mar 2018
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISK
open
Metasploit0
Safari Webkit Proxy Object Type Confusion
CVE-2017-1386115 Mar 2018
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS be
43RISK
open
Metasploit600
Mac OS X libxpc MITM Privilege Escalation
CVE-2018-423715 Mar 2018
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS b
43RISK
open
Metasploit0
Safari Webkit Proxy Object Type Confusion
CVE-2018-4233HIGH15 Mar 2018
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud
68RISK
open
Metasploit0
Safari Proxy Object Type Confusion
CVE-2018-4404HIGH15 Mar 2018
In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improve
61RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.