Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
19,810 exploits
Referência
CVE-2019-10867
An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/c
50RISK
open ↗Referência
CVE-2019-10867
An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/c
50RISK
open ↗Referência
CVE-2017-8646
Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in t
35RISK
open ↗Referência
CVE-2017-8656
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code
35RISK
open ↗Referência
CVE-2017-8640
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary cod
35RISK
open ↗Referência
CVE-2017-8671
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary
35RISK
open ↗Referência
CVE-2017-8645
Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in t
35RISK
open ↗Referência
CVE-2018-8631
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet
35RISK
open ↗Referência
CVE-2017-11802
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker
35RISK
open ↗Referência
CVE-2013-0230
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP
50RISK
open ↗Referência
Samba 3.0.29 (Client) - 'receive_smb_raw()' Buffer Overflow (PoC)
Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote at
35RISK
open ↗Referência
CVE-2022-22960
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due t
98RISK
open ↗Referência
CVE-2022-22960
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due t
98RISK
open ↗Referência
CVE-2020-13951
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.
45RISK
open ↗Referência
Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) (1)
Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Window
50RISK
open ↗Referência
Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) (2)
Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Window
50RISK
open ↗Referência
Microsoft Windows Server 2000 SP4 (Advanced Server) - Message Queue (MS07-065)
Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Window
50RISK
open ↗Referência
CVE-2016-4264
The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attack
35RISK
open ↗Referência
CVE-2018-8466
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
35RISK
open ↗Referência
CVE-2018-8467
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
35RISK
open ↗Referência
CVE-2018-11646
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFavicon
50RISK
open ↗Referência
CVE-2018-11646
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFavicon
50RISK
open ↗Referência
CVE-2018-10594
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPS
50RISK
open ↗Referência
CVE-2018-10594
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPS
50RISK
open ↗Referência
CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISK
open ↗Referência
CVE-2022-22960
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due t
98RISK
open ↗Referência
CVE-2016-0099
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8
98RISK
open ↗Referência
CVE-2016-0099
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8
98RISK
open ↗Referência
CVE-2016-0099
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8
98RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.