Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
22,469 exploits
Exploit-DB
Adobe Connect 10 - Username Disclosure
Adobe Connect Improper Access Control Security feature bypass
70RISK
open ↗Exploit-DB
Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting (XSS)
Authenticated stored cross-site scripting (XSS) in the contact name field in the distribution list of MDaemon webmail 19
23RISK
open ↗Exploit-DB
Alt-N MDaemon webmail 20.0.0 - 'file name' Stored Cross Site Scripting (XSS)
Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code
23RISK
open ↗Exploit-DB
Pixelimity 1.0 - 'password' Cross-Site Request Forgery
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.
23RISK
open ↗Exploit-DB
Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation (1)
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISK
open ↗Exploit-DB
Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation (2)
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISK
open ↗Exploit-DB
Klog Server 2.4.1 - Command Injection (Authenticated)
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of
35RISK
open ↗Exploit-DB
Quick.CMS 6.7 - Remote Code Execution (Authenticated)
OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequentl
28RISK
open ↗Exploit-DB
MyBB Hide Thread Content Plugin 1.0 - Information Disclosure
The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading re
28RISK
open ↗Exploit-DB
CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated)
An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and r
23RISK
open ↗Exploit-DB
CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated)
In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. A
23RISK
open ↗Exploit-DB
Metasploit Framework 6.0.11 - msfvenom APK template command injection
Client-Side Command Injection in Rapid7 Metasploit
68RISK
open ↗Exploit-DB
Fuel CMS 1.4.1 - Remote Code Execution (2)
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This ca
60RISK
open ↗Exploit-DB
Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions
100RISK
open ↗Exploit-DB
Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting
A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_m
23RISK
open ↗Exploit-DB
Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
60RISK
open ↗Exploit-DB
Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated)
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions
63RISK
open ↗Exploit-DB
Atlassian Confluence Widget Connector Macro - SSTI
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from vers
100RISK
open ↗Exploit-DB
Wordpress Plugin Simple Job Board 2.9.3 - Authenticated File Read (Metasploit)
Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2
50RISK
open ↗Exploit-DB
Anchor CMS 0.12.7 - CSRF (Delete user)
A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.
28RISK
open ↗Exploit-DB
osTicket 1.14.2 - SSRF
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.
60RISK
open ↗Exploit-DB
Nagios XI 5.7.X - Remote Code Execution RCE (Authenticated)
An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature
60RISK
open ↗Exploit-DB
Laravel 8.4.2 debug mode - Remote code execution
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitra
100RISK
open ↗Exploit-DB
Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)
Apache Flink directory traversal attack: reading remote files through the REST API
100RISK
open ↗Exploit-DB
IPeakCMS 3.5 - Boolean-based blind SQLi
ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the
43RISK
open ↗Exploit-DB
Gitea 1.7.5 - Remote Code Execution
models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to rem
35RISK
open ↗Exploit-DB
Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated)
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
100RISK
open ↗Exploit-DB
PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation
In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes u
23RISK
open ↗Exploit-DB
Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission
The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory
23RISK
open ↗Exploit-DB
IncomCMS 2.0 - Insecure File Upload
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows un
60RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.