Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
19,810 exploits
Referência
CVE-2019-0211
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privilege
83RISK
open ↗Referência
CVE-2014-5519
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a dev
50RISK
open ↗Referência
CVE-2014-5519
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a dev
50RISK
open ↗Referência
CVE-2021-27877
An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authenticat
98RISK
open ↗Referência
CVE-2016-7203
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a de
35RISK
open ↗Referência
CVE-2015-6973
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to
35RISK
open ↗Referência
CVE-2015-6973
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to
35RISK
open ↗Referência
CVE-2016-7237
Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, W
35RISK
open ↗Referência
CVE-2022-23221
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IG
60RISK
open ↗Referência
CVE-2016-10175
The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. Thi
50RISK
open ↗Referência
CVE-2011-0404
Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows
50RISK
open ↗Referência
CVE-2011-0404
Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows
50RISK
open ↗Referência
PHPMytourney - 'menu.php' Remote File Inclusion
PHP remote file inclusion vulnerability in menu.php in phpMytourney allows remote attackers to execute arbitrary PHP cod
35RISK
open ↗Referência
TugZip 3.00 Archiver - '.zip' Local Buffer Overflow
Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) or execute arbitrary
50RISK
open ↗Referência
Mercury Mail Transport System 4.01b - PH SERVER Remote Overflow
Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long requ
50RISK
open ↗Referência
CVE-2020-7115
The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon succ
35RISK
open ↗Referência
Mercury/32 Mail SMTPD - Remote Stack Overrun (PoC)
Stack-based buffer overflow in the MercuryS SMTP server in Mercury Mail Transport System, possibly 4.51 and earlier, all
50RISK
open ↗Referência
GeekLog 2.x - 'ImageImageMagick.php' Remote File Inclusion
PHP remote file inclusion vulnerability in ImageImageMagick.php in Geeklog 2.x allows remote attackers to execute arbitr
35RISK
open ↗Referência
CVE-2015-1486
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers t
50RISK
open ↗Referência
CVE-2017-11764
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code
35RISK
open ↗Referência
CVE-2013-5019
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resour
50RISK
open ↗Referência
CVE-2013-5019
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resour
50RISK
open ↗Referência
CVE-2013-5019
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resour
50RISK
open ↗Referência
CVE-2013-5019
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resour
50RISK
open ↗Referência
CVE-2016-2296
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pag
50RISK
open ↗Referência
LAN Management System (LMS) 1.9.6 - Remote File Inclusion
PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remo
35RISK
open ↗Referência
MiniBill 1.2.5 - 'run_billing.php' Remote File Inclusion
PHP remote file inclusion vulnerability in crontab/run_billing.php in MiniBill 1.2.5 allows remote attackers to execute
35RISK
open ↗Referência
AdminBot 9.0.5 - 'live_status.lib.php' Remote File Inclusion
PHP remote file inclusion vulnerability in lib/live_status.lib.php in AdminBot MX 9.0.5 allows remote attackers to execu
35RISK
open ↗Referência
TROforum 0.1 - 'admin.php?site_url' Remote File Inclusion
PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary
35RISK
open ↗Referência
CVE-2022-44149
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by
53RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.