Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit600
phpMyAdmin Authenticated Remote Code Execution
CVE-2016-573423 Jun 2016
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to
60RISK
open
Metasploit300
NetBIOS Response "BadTunnel" Brute Force Spoof (NAT Tunnel)
CVE-2016-321314 Jun 2016
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and
40RISK
open
Metasploit300
NetBIOS Response "BadTunnel" Brute Force Spoof (NAT Tunnel)
CVE-2016-323614 Jun 2016
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and
40RISK
open
Metasploit600
Apache Shiro v1.2.4 Cookie RememberME Deserial RCE
CVE-2016-4437CRITICALunder attack07 Jun 2016
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attack
100RISK
open
Metasploit600
Tiki-Wiki CMS Calendar Command Execution
CVE-2025-34113HIGH06 Jun 2016
Tiki Wiki CMS Authenticated Command Injection in Calendar Module
36RISK
open
Metasploit400
Linux Kernel 4.6.3 Netfilter Privilege Escalation
CVE-2016-499803 Jun 2016
The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local
18RISK
open
Metasploit400
Linux Kernel 4.6.3 Netfilter Privilege Escalation
CVE-2016-499703 Jun 2016
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux
38RISK
open
Metasploit600
Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution
CVE-2016-308701 Jun 2016
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, a
60RISK
open
Metasploit600
ActiveMQ web shell upload
CVE-2016-3088CRITICALunder attack01 Jun 2016
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitr
100RISK
open
Metasploit600
WordPress WP Mobile Detector 3.5 Shell Upload
CVE-2016-15043CRITICAL31 May 2016
WP Mobile Detector <= 3.5 - Arbitrary File Upload
48RISK
open
Metasploit600
Magento 2.0.6 Unserialize Remote Code Execution
CVE-2016-401017 May 2016
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary
60RISK
open
Metasploit300
Internet Explorer 11 VBScript Engine Memory Corruption
CVE-2016-0189HIGHunder attack10 May 2016
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other
100RISK
open
Metasploit400
Linux BPF doubleput UAF Privilege Escalation
CVE-2016-455704 May 2016
The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly mai
43RISK
open
Metasploit600
IPFire proxy.cgi RCE
CVE-2025-34116HIGH04 May 2016
IPFire < 2.19 Core Update 101 proxy.cgi RCE
36RISK
open
Metasploit600
WordPress Ninja Forms Unauthenticated File Upload
CVE-2016-120904 May 2016
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via
50RISK
open
Metasploit600
ImageMagick Delegate Arbitrary Command Execution
CVE-2016-3714HIGHunder attack03 May 2016
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.
100RISK
open
Metasploit600
ImageMagick Delegate Arbitrary Command Execution
CVE-2016-797603 May 2016
The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams
23RISK
open
Metasploit600
Allwinner 3.4 Legacy Kernel Local Privilege Escalation
CVE-2016-1022530 Apr 2016
The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privil
18RISK
open
Metasploit500
Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion
CVE-2016-4117HIGHunder attack27 Apr 2016
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as
100RISK
open
Metasploit600
Apache Struts Dynamic Method Invocation Remote Code Execution
CVE-2016-308127 Apr 2016
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, a
60RISK
open
Metasploit600
pfSense authenticated graph status RCE
CVE-2016-1070918 Apr 2016
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_
30RISK
open
Metasploit300
HP Data Protector Encrypted Communication Remote Command Execution
CVE-2016-200418 Apr 2016
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary cod
60RISK
open
Metasploit600
op5 v7.1.9 Configuration Command Execution
CVE-2025-34115HIGH08 Apr 2016
OP5 Monitor <= 7.1.9 Authenticated Command Execution via command_test.php
36RISK
open
Metasploit600
ExaGrid Known SSH Key and Default Password
CVE-2016-156007 Apr 2016
ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and
60RISK
open
Metasploit600
ExaGrid Known SSH Key and Default Password
CVE-2016-156107 Apr 2016
ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, whic
60RISK
open
Metasploit600
Apache CouchDB Arbitrary Command Execution
CVE-2017-1263606 Apr 2016
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include pa
60RISK
open
Metasploit600
Apache CouchDB Arbitrary Command Execution
CVE-2017-1263506 Apr 2016
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB be
60RISK
open
Metasploit600
Apache Continuum Arbitrary Command Execution
CVE-2016-15057CRITICAL06 Apr 2016
Apache Continuum: Command injection leading to RCE
43RISK
open
Metasploit600
Novell ServiceDesk Authenticated File Upload
CVE-2016-159330 Mar 2016
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remot
50RISK
open
Metasploit300
MS16-032 Secondary Logon Handle Privilege Escalation
CVE-2016-0099HIGHunder attackransomware21 Mar 2016
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8
98RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.