Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit0
Safari Proxy Object Type Confusion
CVE-2018-4233HIGH15 Mar 2018
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud
68RISK
open
Metasploit300
SAP Internet Graphics Server (IGS) XMLCHART XXE
CVE-2018-239314 Mar 2018
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML Exter
23RISK
open
Metasploit300
SAP Internet Graphics Server (IGS) XMLCHART XXE
CVE-2018-239214 Mar 2018
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML Exter
50RISK
open
Metasploit600
Unitrends Enterprise Backup bpserverd Privilege Escalation
CVE-2018-632914 Mar 2018
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL i
50RISK
open
Metasploit300
Flexense HTTP Server Denial Of Service
CVE-2018-806509 Mar 2018
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access v
60RISK
open
Metasploit300
HTTP SickRage Password Leak
CVE-2018-916008 Mar 2018
SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.
60RISK
open
Metasploit600
ManageEngine Applications Manager Remote Code Execution
CVE-2018-789007 Mar 2018
A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The pu
60RISK
open
Metasploit600
ClipBucket beats_uploader Unauthenticated Arbitrary File Upload
CVE-2018-766503 Mar 2018
An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter
23RISK
open
Metasploit300
Memcached Stats Amplification Scanner
CVE-2018-100011527 Feb 2018
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vuln
60RISK
open
Metasploit600
Nanopool Claymore Dual Miner APIs RCE
CVE-2018-100004909 Feb 2018
Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner
60RISK
open
Metasploit300
Claymore Dual GPU Miner Format String dos attack
CVE-2018-631706 Feb 2018
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format strin
50RISK
open
Metasploit0
Exodus Wallet (ElectronJS Framework) remote Code Execution
CVE-2018-100000625 Jan 2018
GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the pro
60RISK
open
Metasploit600
AsusWRT LAN Unauthenticated Remote Code Execution
CVE-2018-600022 Jan 2018
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpn
60RISK
open
Metasploit600
AsusWRT LAN Unauthenticated Remote Code Execution
CVE-2018-599922 Jan 2018
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, pro
60RISK
open
Metasploit500
CloudMe Sync v1.10.9
CVE-2018-689217 Jan 2018
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sy
60RISK
open
Metasploit300
glibc 'realpath()' Privilege Escalation
CVE-2018-100000116 Jan 2018
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before th
43RISK
open
Metasploit300
GitStack Unauthenticated REST API Requests
CVE-2018-595515 Jan 2018
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unau
60RISK
open
Metasploit500
GitStack Unsanitized Argument RCE
CVE-2018-595515 Jan 2018
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unau
60RISK
open
Metasploit600
Monstra CMS Authenticated Arbitrary File Upload
CVE-2017-1804818 Dec 2017
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for exa
30RISK
open
Metasploit600
Cambium ePMP1000 'get_chart' Shell via Command Injection (v3.1-3.5-RC7)
CVE-2017-525518 Dec 2017
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web
60RISK
open
Metasploit600
GoAhead Web Server LD_PRELOAD Arbitrary Module Load
CVE-2017-17562HIGHunder attack18 Dec 2017
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. T
100RISK
open
Metasploit600
Linksys WVBR0-25 User-Agent Command Execution
CVE-2017-1741113 Dec 2017
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authe
60RISK
open
Metasploit600
Apache Spark Unauthenticated Command Execution
CVE-2018-1177012 Dec 2017
From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the su
50RISK
open
Metasploit400
Commvault Communications Service (cvd) Command Injection
CVE-2017-1804412 Dec 2017
A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6. A certain mess
30RISK
open
Metasploit600
Palo Alto Networks readSessionVarsFromFile() Session Corruption
CVE-2017-15944CRITICALunder attack11 Dec 2017
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote
100RISK
open
Metasploit600
Mac OS X Root Privilege Escalation
CVE-2017-1387229 Nov 2017
An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The is
50RISK
open
Metasploit300
Clickjacking Vulnerability In CSRF Error Page pfSense
CVE-2017-100047921 Nov 2017
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged e
30RISK
open
Metasploit0
Microsoft Office CVE-2017-11882
CVE-2017-11882HIGHunder attackransomware15 Nov 2017
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Mi
100RISK
open
Metasploit500
Dup Scout Enterprise Login Buffer Overflow
CVE-2017-1369614 Nov 2017
A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9
40RISK
open
Metasploit500
Linux BPF Sign Extension Local Privilege Escalation
CVE-2017-1699512 Nov 2017
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial
50RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.