Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
4,188 exploits
Nucleimedium
Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.1
48RISK
open ↗Nucleimedium
Advantech R-SeeNet - Cross-Site Scripting
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web application
55RISK
open ↗Nucleimedium
Advantech R-SeeNet - Cross-Site Scripting
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web application
43RISK
open ↗Nucleimedium
Advantech R-SeeNet - Cross-Site Scripting
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web application
43RISK
open ↗Nucleicritical
Advantech R-SeeNet 2.4.12 - OS Command Injection
An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.
55RISK
open ↗Nucleimedium
D-Link DIR-3040 1.13B03 - Information Disclosure
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially craft
40RISK
open ↗Nucleicritical
Lantronix PremierWave 2050 8.9.0.0R4 - Remote Command Injection
An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix Prem
55RISK
open ↗Nucleicritical
VMware vSphere Client (HTML5) - Remote Code Execution
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor
100RISK
open ↗Nucleimedium
VMware vSphere - Server-Side Request Forgery
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of UR
100RISK
open ↗Nucleihigh
vRealize Operations Manager API - Server-Side Request Forgery
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor
100RISK
open ↗Nucleicritical
VMware View Planner <4.6 SP1- Remote Code Execution
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input val
60RISK
open ↗Nucleicritical
VMware vSphere Client (HTML5) - Remote Code Execution
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual
100RISK
open ↗Nucleicritical
VMware vCenter Server - Arbitrary File Upload
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with netw
100RISK
open ↗Nucleimedium
vCenter Server - Improper Access Control
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A mali
70RISK
open ↗Nucleihigh
Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to exe
23RISK
open ↗Nucleihigh
VMWare Workspace ONE UEM - Server-Side Request Forgery
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and
100RISK
open ↗Nucleimedium
FortiWeb - Cross Site Scripting
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version
23RISK
open ↗Nucleimedium
Elasticsearch 7.10.0-7.13.3 - Information Disclosure
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the abil
60RISK
open ↗Nucleihigh
GitLab CI Lint API - Server-Side Request Forgery
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab af
70RISK
open ↗Nucleicritical
GitLab CE/EE - Remote Code Execution
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validati
100RISK
open ↗Nucleihigh
Gitlab CE/EE 10.5 - Server-Side Request Forgery
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE
53RISK
open ↗Nucleicritical
Micro Focus Operations Bridge Reporter - Remote Code Execution
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The
100RISK
open ↗Nucleicritical
EVlink City < R8 V3.4.0.1 - Authentication Bypass
A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to
30RISK
open ↗Nucleimedium
Revive Adserver <5.1.0 - Open Redirect
Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg
50RISK
open ↗Nucleimedium
Ruby on Rails - Open Redirect via Host Header Injection
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Sp
40RISK
open ↗Nucleicritical
Rocket.Chat <=3.13 - NoSQL Injection
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenti
60RISK
open ↗Nucleicritical
F5 iControl REST - Remote Command Execution
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.
100RISK
open ↗Nucleimedium
MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (
23RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.