Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
19,810 exploits
Referência
CVE-2018-8145
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could
35RISK
open ↗Referência
CVE-2013-4730
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USE
50RISK
open ↗Referência
CVE-2015-0816
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource
50RISK
open ↗Referência
CVE-2013-3928
Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in Chasys Draw IES before 4.11.02 allows remote atta
50RISK
open ↗Referência
CVE-2019-13101
An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without
50RISK
open ↗Referência
CVE-2010-1870
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fishe
60RISK
open ↗Referência
Microsoft HTML Workshop 4.74 - Universal Buffer Overflow
Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allows context-dependent attackers to execute arbitrary
50RISK
open ↗Referência
CVE-2013-4988
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCoun
50RISK
open ↗Referência
CVE-2013-4988
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCoun
50RISK
open ↗Referência
CVE-2013-4988
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCoun
50RISK
open ↗Referência
CVE-2010-1870
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fishe
60RISK
open ↗Referência
CVE-2011-1566
Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA Syst
50RISK
open ↗Referência
CVE-2018-0953
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft
35RISK
open ↗Referência
CVE-2017-8601
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute
35RISK
open ↗Referência
CVE-2019-14530
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can
50RISK
open ↗Referência
CVE-2019-14530
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can
50RISK
open ↗Referência
CVE-2013-7260
Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before
50RISK
open ↗Referência
CVE-2019-6443
An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read
50RISK
open ↗Referência
CVE-2012-2962
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2
50RISK
open ↗Referência
CVE-2017-7310
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9
50RISK
open ↗Referência
CVE-2017-7310
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9
50RISK
open ↗Referência
CVE-2017-7310
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9
50RISK
open ↗Referência
CVE-2017-7310
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9
50RISK
open ↗Referência
CVE-2017-7310
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9
50RISK
open ↗Referência
CVE-2006-6576
Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (
50RISK
open ↗Referência
CVE-2006-6576
Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (
50RISK
open ↗Referência
CVE-2016-4657
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory
98RISK
open ↗Referência
CVE-2017-11394
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitr
50RISK
open ↗Referência
Euphonics Audio Player 1.0 (Windows XP SP3) - '.pls' Local Buffer Overflow
Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedi
50RISK
open ↗Referência
ProSysInfo TFTP Server TFTPDWIN 0.4.2 - 'UDP' Denial of Service
tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attackers to cause a denial of service via a long UDP p
35RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.