Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
19,810 exploits
Referência
CVE-2021-35064
KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits runn
60RISK
open ↗Referência
CVE-2012-6588
SQL injection vulnerability in links.php in MYRE Business Directory allows remote attackers to execute arbitrary SQL com
23RISK
open ↗Referência
CVE-2018-18323
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/
60RISK
open ↗Referência
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that ge
45RISK
open ↗Referência
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that ge
45RISK
open ↗Referência
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Ruby)
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that ge
45RISK
open ↗Referência
dagger Web engine 23jan2007 - Remote File Inclusion
PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows r
45RISK
open ↗Referência
CVE-2013-6117
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive informatio
60RISK
open ↗Referência
CVE-2013-6117
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive informatio
60RISK
open ↗Referência
LaVague 0.3 - 'printbar.php?views_path' Remote File Inclusion
PHP remote file inclusion vulnerability in views/print/printbar.php in LaVague 0.3 and earlier allows remote attackers t
45RISK
open ↗Referência
CVE-2014-8686
CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-
50RISK
open ↗Referência
CVE-2017-6736
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabiliti
93RISK
open ↗Referência
CVE-2021-21220
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to po
100RISK
open ↗Referência
CVE-2021-21220
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to po
100RISK
open ↗Referência
CVE-2022-28810
Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary
100RISK
open ↗Referência
CVE-2016-7288
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (m
45RISK
open ↗Referência
FileZilla FTP Server 0.9.21 - 'LIST/NLST' Denial of Service
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to t
60RISK
open ↗Referência
CVE-2017-8634
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current u
45RISK
open ↗Referência
CVE-2012-4869
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attacke
60RISK
open ↗Referência
CVE-2012-4869
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attacke
60RISK
open ↗Referência
CVE-2012-4869
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attacke
60RISK
open ↗Referência
CVE-2021-2109
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions
63RISK
open ↗Referência
CVE-2015-4495
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote
100RISK
open ↗Referência
ASUS DPC Proxy 2.0.0.16/19 - Remote Buffer Overflow
Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ASUS Remote Console (aka ARC or ASMB3) 2.0.0.19 an
60RISK
open ↗Referência
ZeroShell 1.0beta11 - Remote Code Execution
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell meta
60RISK
open ↗Referência
CVE-2021-45010
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7
45RISK
open ↗Referência
Novell eDirectory < 8.7.3 SP 10 / 8.8.2 - HTTP headers Denial of Service
dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU con
45RISK
open ↗Referência
CVE-2018-8453
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
98RISK
open ↗Referência
CVE-2018-8291
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft brow
45RISK
open ↗Referência
CVE-2018-8288
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft brow
45RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.