Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,053cataloged exploits
31,617CVEs with public exploitation
0lab-tested
19,791 exploits
Referência
CVE-2019-3398
CVE-2019-3398HIGHunder attack
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote at
100RISK
open
Referência
CVE-2019-3398
CVE-2019-3398HIGHunder attack
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote at
100RISK
open
Referência
CVE-2019-3398
CVE-2019-3398HIGHunder attack
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote at
100RISK
open
Referência
CVE-2019-7256
CVE-2019-7256CRITICALunder attack
Linear eMerge E3-Series devices allow Command Injections.
100RISK
open
Referência
CVE-2019-7256
CVE-2019-7256CRITICALunder attack
Linear eMerge E3-Series devices allow Command Injections.
100RISK
open
Referência
CVE-2019-7256
CVE-2019-7256CRITICALunder attack
Linear eMerge E3-Series devices allow Command Injections.
100RISK
open
Referência
CVE-2019-7256
CVE-2019-7256CRITICALunder attack
Linear eMerge E3-Series devices allow Command Injections.
100RISK
open
Referência
CVE-2020-2555
CVE-2020-2555CRITICALunder attack
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Su
100RISK
open
Referência
CVE-2020-2555
CVE-2020-2555CRITICALunder attack
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Su
100RISK
open
Referência
CVE-2020-2555
CVE-2020-2555CRITICALunder attack
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Su
100RISK
open
Referência
CVE-2023-26360
CVE-2023-26360HIGHunder attack
Adobe ColdFusion Improper Access Control Arbitrary code execution
100RISK
open
Referência
CVE-2021-44790
Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier
45RISK
open
Referência
CVE-2018-9206
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
60RISK
open
Referência
CVE-2018-9206
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
60RISK
open
Referência
CVE-2015-2051
CVE-2015-2051HIGHunder attack
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute ar
100RISK
open
Referência
nweb2fax 0.2.7 - Multiple Vulnerabilities
viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to execute arbitrary code via shell metacharacters in t
23RISK
open
Referência
CVE-2023-0297
Code Injection in pyload/pyload
85RISK
open
Referência
CVE-2023-0297
Code Injection in pyload/pyload
85RISK
open
Referência
CVE-2020-11455
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileM
60RISK
open
Referência
LimeSurvey 4.1.11 - 'File Manager' Path Traversal
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileM
60RISK
open
Referência
CVE-2022-0824
Improper Access Control to Remote Code Execution in webmin/webmin
78RISK
open
Referência
CVE-2022-0824
Improper Access Control to Remote Code Execution in webmin/webmin
78RISK
open
Referência
CVE-2017-8291
CVE-2017-8291HIGHunder attack
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion
100RISK
open
Referência
CVE-2010-3962
CVE-2010-3962HIGHunder attack
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary cod
100RISK
open
Referência
CVE-2010-3962
CVE-2010-3962HIGHunder attack
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary cod
100RISK
open
Referência
CVE-2021-40444
CVE-2021-40444HIGHunder attackransomware
Microsoft MSHTML Remote Code Execution Vulnerability
100RISK
open
Referência
CVE-2021-40444
CVE-2021-40444HIGHunder attackransomware
Microsoft MSHTML Remote Code Execution Vulnerability
100RISK
open
Referência
CVE-2021-40444
CVE-2021-40444HIGHunder attackransomware
Microsoft MSHTML Remote Code Execution Vulnerability
100RISK
open
Referência
CVE-2018-17456
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x be
60RISK
open
Referência
CVE-2015-3306
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.