Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit300
Cisco IKE Information Disclosure
CVE-2016-6415HIGHunder attack29 Sep 2016
The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x
100RISK
open
Metasploit300
BIND TSIG Query Denial of Service
CVE-2016-277627 Sep 2016
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly
60RISK
open
Metasploit600
MagniComp SysInfo mcsiwrapper Privilege Escalation
CVE-2017-651623 Sep 2016
A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow
38RISK
open
Metasploit600
BuilderEngine Arbitrary File Upload Vulnerability and execution
CVE-2025-34100CRITICAL18 Sep 2016
BuilderEngine 3.5.0 RCE via Unauthenticated Arbitrary File Upload
63RISK
open
Metasploit500
Grandstream GXV31XX 'settimezone' Unauthenticated Command Execution
CVE-2019-1065501 Sep 2016
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.
23RISK
open
Metasploit0
WebKit not_number defineProperties UAF
CVE-2016-4657HIGHunder attack25 Aug 2016
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory
98RISK
open
Metasploit400
Safari Webkit JIT Exploit for iOS 7.1.2
CVE-2018-416225 Aug 2016
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud b
30RISK
open
Metasploit0
WebKit not_number defineProperties UAF
CVE-2016-4656HIGHunder attack25 Aug 2016
The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denia
91RISK
open
Metasploit0
WebKit not_number defineProperties UAF
CVE-2016-4655MEDIUMunder attack25 Aug 2016
The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.
90RISK
open
Metasploit400
Safari Webkit JIT Exploit for iOS 7.1.2
CVE-2016-466925 Aug 2016
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS b
38RISK
open
Metasploit400
AF_PACKET chocobo_root Privilege Escalation
CVE-2016-865512 Aug 2016
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cau
43RISK
open
Metasploit300
ColoradoFTP Server 1.3 Build 8 Directory Traversal Information Disclosure
CVE-2025-34110CRITICAL11 Aug 2016
ColoradoFTP Server <= 1.3 Build 8 Path Traversal Information Disclosure
63RISK
open
Metasploit300
Zabbix toggle_ids SQL Injection
CVE-2016-1013411 Aug 2016
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQ
40RISK
open
Metasploit300
Internet Explorer Iframe Sandbox File Name Disclosure Vulnerability
CVE-2016-332109 Aug 2016
Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the f
30RISK
open
Metasploit600
Trend Micro Smart Protection Server Exec Remote Code Injection
CVE-2016-626708 Aug 2016
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330
30RISK
open
Metasploit300
DLL Side Loading Vulnerability in VMware Host Guest Client Redirector
CVE-2016-533005 Aug 2016
Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 t
43RISK
open
Metasploit300
NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Default Configuration Load and Administrator Password Reset
CVE-2016-567604 Aug 2016
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillanc
50RISK
open
Metasploit600
NUUO NVRmini 2 / Crystal / NETGEAR ReadyNAS Surveillance Authenticated Remote Code Execution
CVE-2016-567504 Aug 2016
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 th
60RISK
open
Metasploit600
NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Unauthenticated Remote Code Execution
CVE-2016-567404 Aug 2016
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR Rea
60RISK
open
Metasploit600
SonicWall Global Management System XMLRPC set_time_zone Unauth RCE
CVE-2014-842022 Jul 2016
The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before
23RISK
open
Metasploit0
Oracle Weblogic Server Deserialization RCE - MarshalledObject
CVE-2016-351019 Jul 2016
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12
40RISK
open
Metasploit600
Tiki Wiki Unauthenticated File Upload Vulnerability
CVE-2025-34111CRITICAL11 Jul 2016
Tiki Wiki <= 15.1 ELFinder Unauthenticated File Upload RCE
63RISK
open
Metasploit500
NetBSD mail.local Privilege Escalation
CVE-2016-625307 Jul 2016
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or
38RISK
open
Metasploit300
WebNMS Framework Server Arbitrary Text File Download
CVE-2016-660104 Jul 2016
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows rem
60RISK
open
Metasploit300
WebNMS Framework Server Credential Disclosure
CVE-2016-660204 Jul 2016
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependen
50RISK
open
Metasploit600
WebNMS Framework Server Arbitrary File Upload
CVE-2016-660004 Jul 2016
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remot
60RISK
open
Metasploit300
WebNMS Framework Server Credential Disclosure
CVE-2016-660104 Jul 2016
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows rem
60RISK
open
Metasploit600
Riverbed SteelCentral NetProfiler/NetExpress Remote Code Execution
CVE-2025-34112CRITICAL27 Jun 2016
Riverbed SteelCentral NetProfiler / NetExpress 10.8.7 RCE
63RISK
open
Metasploit600
Panda Security PSEvents Privilege Escalation
CVE-2025-34109HIGH27 Jun 2016
Panda Security PSEvents.exe Insecure DLL Loading Privilege Escalation
36RISK
open
Metasploit600
SugarCRM REST Unserialize PHP Code Execution
CVE-2025-25034CRITICAL23 Jun 2016
SugarCRM PHP Deserialization RCE
63RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.