Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
19,810 exploits
Referência
CVE-2017-12477
It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xin
50RISK
open
Referência
CVE-2017-6077
CVE-2017-6077CRITICALunder attack
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitra
90RISK
open
Referência
CVE-2011-0654
Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in
50RISK
open
Referência
CVE-2017-11809
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker
35RISK
open
Referência
SerWeb 0.9.4 - 'load_lang.php' Remote File Inclusion
PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to exe
35RISK
open
Referência
linksnet newsfeed 1.0 - Remote File Inclusion
PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to
35RISK
open
Referência
CVE-2008-5180
Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of ser
45RISK
open
Referência
Microsoft Office - Communicator 'SIP' Remote Denial of Service
Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of ser
45RISK
open
Referência
CVE-2016-3088
CVE-2016-3088CRITICALunder attack
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitr
100RISK
open
Referência
CVE-2013-7409
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possib
50RISK
open
Referência
CVE-2013-7409
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possib
50RISK
open
Referência
CVE-2013-7409
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possib
50RISK
open
Referência
CVE-2013-7409
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possib
50RISK
open
Referência
CVE-2013-7409
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possib
50RISK
open
Referência
CVE-2025-2747
CVE-2025-2747CRITICALunder attack
Kentico Xperience <= 13.0.178 Staging Sync Server None Password Type Authentication Bypass
100RISK
open
Referência
CVE-2013-7409
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possib
50RISK
open
Referência
CVE-2013-7409
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possib
50RISK
open
Referência
CVE-2013-7409
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possib
50RISK
open
Referência
CVE-2013-7409
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possib
50RISK
open
Referência
CVE-2024-28000
WordPress LiteSpeed Cache plugin <= 6.3.0.1 - Unauthenticated Privilege Escalation vulnerability
75RISK
open
Referência
Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
WordPress LiteSpeed Cache plugin <= 6.3.0.1 - Unauthenticated Privilege Escalation vulnerability
75RISK
open
Referência
CVE-2025-2747
CVE-2025-2747CRITICALunder attack
Kentico Xperience <= 13.0.178 Staging Sync Server None Password Type Authentication Bypass
100RISK
open
Referência
CVE-2018-0775
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due t
35RISK
open
Referência
CVE-2018-0774
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due t
35RISK
open
Referência
CVE-2019-18426
CVE-2019-18426HIGHunder attack
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.
83RISK
open
Referência
PHP::HTML 0.6.4 - 'PHPhtml.php' Remote File Inclusion
PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute
35RISK
open
Referência
XOOPS Module XT-Conteudo - 'spaw_root' Remote File Inclusion
PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the XT-Conteudo module for XOOPS allows
35RISK
open
Referência
CVE-2010-1554
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows r
50RISK
open
Referência
CVE-2016-6662
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.2
35RISK
open
Referência
CVE-2017-9833
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read
50RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.