Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
19,810 exploits
Referência
CVE-2018-8353
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet
35RISK
open ↗Referência
xoops module tinycontent 1.5 - Remote File Inclusion
PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the TinyContent 1.5 module for XOOPS all
35RISK
open ↗Referência
Boa 0.93.15 - HTTP Basic Authentication Bypass
The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent st
50RISK
open ↗Referência
TFTP Server 1.4 - ST Buffer Overflow
Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or ex
50RISK
open ↗Referência
CVE-2017-8548
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain
35RISK
open ↗Referência
CVE-2013-5014
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.40
50RISK
open ↗Referência
CVE-2013-5014
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.40
50RISK
open ↗Referência
CVE-2017-14494
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vect
35RISK
open ↗Referência
CVE-2018-16858
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could
68RISK
open ↗Referência
CVE-2018-16858
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could
68RISK
open ↗Referência
CVE-2026-33017
Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
100RISK
open ↗Referência
CVE-2018-12613
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute
60RISK
open ↗Referência
CVE-2015-0802
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl
50RISK
open ↗Referência
Sitellite CMS 4.2.12 - '559668.php' Remote File Inclusion
PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php in Sitellite CM
35RISK
open ↗Referência
CVE-2008-4687
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort param
50RISK
open ↗Referência
Mantis Bug Tracker 1.1.3 - Remote Code Execution
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort param
50RISK
open ↗Referência
CVE-2006-1652
Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-ass
50RISK
open ↗Referência
CVE-2006-1652
Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-ass
50RISK
open ↗Referência
CVE-2002-1120
Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP G
50RISK
open ↗Referência
CVE-2010-1681
Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to ex
50RISK
open ↗Referência
CVE-2020-24949
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a cr
50RISK
open ↗Referência
CVE-2015-7765
ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser a
50RISK
open ↗Referência
CVE-2015-7765
ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser a
50RISK
open ↗Referência
CVE-2013-3928
Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in Chasys Draw IES before 4.11.02 allows remote atta
50RISK
open ↗Referência
SugarCRM CE 6.3.1 - 'Unserialize()' PHP Code Execution
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers
50RISK
open ↗Referência
CVE-2014-6593
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.
50RISK
open ↗Referência
CVE-2014-6593
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.
50RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.