Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,062cataloged exploits
31,617CVEs with public exploitation
0lab-tested
AllExploit-DB 22,467Referência 19,791GitHub PoC 13,086VulnCheck XDB 8,069Nuclei 4,187Metasploit 3,462✓ verified onlyrecentpopularrisk
19,791 exploits
Referência
CVE-2015-3306
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RISK
open ↗Referência
CVE-2015-3306
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RISK
open ↗Referência
CVE-2015-3306
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RISK
open ↗Referência
CVE-2015-3306
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RISK
open ↗Referência
CVE-2015-3306
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RISK
open ↗Referência
CVE-2016-7089
WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifco
23RISK
open ↗Referência
CVE-2012-0392
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows
60RISK
open ↗Referência
CVE-2026-7730
privsim mcp-test-runner MCP index.ts child_process.spawn os command injection
33RISK
open ↗Referência
CVE-2026-7729
pixelsock directus-mcp MCP index.ts validateUrl server-side request forgery
33RISK
open ↗Referência
CVE-2026-56115
Bootimus 0.1.70 Broken Access Control via JWTMiddleware Authorization Bypass
41RISK
open ↗Referência
CVE-2026-7725
PrefectHQ prefect GitRepository Pull storage.py argument injection
33RISK
open ↗Referência
CVE-2026-7724
PrefectHQ prefect Webhook/Notification validate_restricted_url toctou
28RISK
open ↗Referência
CVE-2026-4110
Ultimate WooCommerce Auction Pro <= 2.4.5 - Reflected XSS via uwa_auctions_bids_list
33RISK
open ↗Referência
CVE-2026-10530
Pie Register < 3.8.4.10 - Unauthenticated Email Verification Bypass via Predictable Token
33RISK
open ↗Referência
CVE-2018-5189
Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain syste
23RISK
open ↗Referência
CVE-2026-7709
janeczku Calibre-Web Endpoint kobo_auth.py generate_auth_token improper authorization
33RISK
open ↗Referência
CVE-2026-7708
Open5GS UDR subscription.c ogs_dbi_subscription_data denial of service
33RISK
open ↗Referência
CVE-2026-7672
youlaitech youlai-boot Users Endpoint UserController.java getUserList sql injection
33RISK
open ↗Referência
CVE-2026-7671
CodeWise Tornet Scooter Mobile App TwoFactor excessive authentication
33RISK
open ↗Referência
CVE-2026-7669
sgl-project SGLang HuggingFace Transformer hf_transformers_utils.py get_tokenizer code injection
33RISK
open ↗Referência
CVE-2026-7669
sgl-project SGLang HuggingFace Transformer hf_transformers_utils.py get_tokenizer code injection
33RISK
open ↗Referência
CVE-2026-7668
MikroTik RouterOS SCEP Endpoint scep.p ASN1_STRING_data out-of-bounds
33RISK
open ↗Referência
CVE-2026-7653
r-huijts mcp-server-rijksmuseum MCP index.ts open_image_in_browser os command injection
33RISK
open ↗Referência
CVE-2026-7645
ruvnet sublinear-time-solver MCP server.js export_state path traversal
33RISK
open ↗Referência
CVE-2016-1611
Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.
23RISK
open ↗Referência
CVE-2026-7384
ezequiroga mcp-bases research_server.py search_papers path traversal
33RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.