Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,159cataloged exploits
31,683CVEs with public exploitation
0lab-tested
19,810 exploits
Referência
CVE-2018-1217
Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection A
50RISK
open
Referência
CVE-2022-44149
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by
53RISK
open
Referência
CVE-2022-44149
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by
53RISK
open
Referência
CVE-2014-7186
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial o
35RISK
open
Referência
CVE-2014-6277
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi
35RISK
open
Referência
CVE-2022-1609
The School Management < 9.9.7 - Unauthenticated RCE via REST api
75RISK
open
Referência
CVE-2006-6184
Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote at
50RISK
open
Referência
CVE-2006-6184
Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote at
50RISK
open
Referência
Ripe Website Manager (CMS) 0.8.9 - Remote File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote attackers to e
35RISK
open
Referência
CVE-2017-11861
Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker t
35RISK
open
Referência
CVE-2018-8735
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execut
50RISK
open
Referência
CVE-2018-8735
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execut
50RISK
open
Referência
CVE-2016-1593
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remot
50RISK
open
Referência
CVE-2016-1593
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remot
50RISK
open
Referência
CVE-2016-1593
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remot
50RISK
open
Referência
CVE-2016-1593
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remot
50RISK
open
Referência
CVE-2026-7060
liyupi yu-picture MyBatis-Plus PictureServiceImpl.java PageRequest sql injection
33RISK
open
Referência
CVE-2020-28328
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain
50RISK
open
Referência
CVE-2020-28328
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain
50RISK
open
Referência
CVE-2020-28328
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain
50RISK
open
Referência
WordPress Core 5.8.2 - 'WP_Query' SQL Injection
SQL injection in WordPress
78RISK
open
Referência
CVE-2018-9948
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader
50RISK
open
Referência
CVE-2018-9948
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader
50RISK
open
Referência
CVE-2011-1565
Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphica
50RISK
open
Referência
CVE-2019-8394
CVE-2019-8394HIGHunder attack
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via l
98RISK
open
Referência
Mazens PHP Chat V3 (basepath) - Remote File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary
35RISK
open
Referência
CVE-2023-34039
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key g
75RISK
open
Referência
CVE-2023-34039
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key g
75RISK
open
Referência
CVE-2016-3115
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to
45RISK
open
Referência
CVE-2016-3115
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to
45RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.