Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
19,810 exploits
Referência
CVE-2010-2703
Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM)
60RISK
open
Referência
CVE-2017-8755
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary
45RISK
open
Referência
CVE-2016-1909
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0
60RISK
open
Referência
CVE-2016-1909
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0
60RISK
open
Referência
CVE-2018-10094
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vecto
60RISK
open
Referência
Powl 0.94 - 'htmledit.php' Remote File Inclusion
PHP remote file inclusion vulnerability in plugins/widgets/htmledit/htmledit.php in Powl 0.94 allows remote attackers to
45RISK
open
Referência
CVE-2012-4876
Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera
60RISK
open
Referência
CVE-2020-8518
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execu
60RISK
open
Referência
CVE-2016-2386
CVE-2016-2386CRITICALunder attack
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbi
100RISK
open
Referência
CVE-2016-2386
CVE-2016-2386CRITICALunder attack
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbi
100RISK
open
Referência
CVE-2016-2386
CVE-2016-2386CRITICALunder attack
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbi
100RISK
open
Referência
phpBG 0.9.1 - 'rootdir' Remote File Inclusion
Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allow remote attackers to execute arbitrary PHP code v
45RISK
open
Referência
CVE-2026-7068
D-Link DIR-825 nmbd sserver.c NMBD_process buffer overflow
41RISK
open
Referência
CVE-2021-4039
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to exec
70RISK
open
Referência
CVE-2015-2509
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remo
60RISK
open
Referência
CVE-2015-2509
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remo
60RISK
open
Referência
CVE-2018-8279
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft E
45RISK
open
Referência
CVE-2017-8895
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a u
60RISK
open
Referência
CVE-2013-4835
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authenti
60RISK
open
Referência
CVE-2011-3492
Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial
60RISK
open
Referência
CVE-2020-17456
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi pa
60RISK
open
Referência
CVE-2020-17456
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi pa
60RISK
open
Referência
Seowon SLR-120 Router - Remote Code Execution (Unauthenticated)
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi pa
60RISK
open
Referência
CVE-2014-5460
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remot
60RISK
open
Referência
CVE-2014-5460
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remot
60RISK
open
Referência
CVE-2014-5460
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remot
60RISK
open
Referência
CVE-2016-5675
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 th
60RISK
open
Referência
CVE-2020-11456
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and applicati
45RISK
open
Referência
LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and applicati
45RISK
open
Referência
CVE-2018-7490
uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversa
50RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.