Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
19,810 exploits
Referência
CVE-2017-11914
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain t
35RISK
open ↗Referência
CVE-2017-11918
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to
35RISK
open ↗Referência
CVE-2004-0798
Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to
50RISK
open ↗Referência
CVE-2019-13396
FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an in
50RISK
open ↗Referência
CVE-2017-8487
Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially cra
35RISK
open ↗Referência
Amaya Web Editor 11.0 - XML / HTML Parser
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary
50RISK
open ↗Referência
CVE-2018-8617
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
35RISK
open ↗Referência
CVE-2018-7756
RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP
35RISK
open ↗Referência
CVE-2018-6329
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL i
50RISK
open ↗Referência
CVE-2018-6329
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL i
50RISK
open ↗Referência
CVE-2017-11839
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows a
35RISK
open ↗Referência
CVE-2011-5165
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted rem
50RISK
open ↗Referência
CVE-2011-5165
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted rem
50RISK
open ↗Referência
CVE-2011-5165
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted rem
50RISK
open ↗Referência
CVE-2011-5165
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted rem
50RISK
open ↗Referência
CVE-2006-4318
Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands.
50RISK
open ↗Referência
Texas Imperial Software WFTPD 3.23 - 'SIZE' Remote Buffer Overflow
Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands.
50RISK
open ↗Referência
CVE-2014-3888
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM V
50RISK
open ↗Referência
CVE-2014-3888
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM V
50RISK
open ↗Referência
CVE-2017-6622
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote a
35RISK
open ↗Referência
CVE-2018-8384
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
35RISK
open ↗Referência
CVE-2019-6447
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary fi
50RISK
open ↗Referência
CVE-2015-5477
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (
60RISK
open ↗Referência
CVE-2015-5477
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (
60RISK
open ↗Referência
CVE-2017-0059
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via
75RISK
open ↗Referência
CVE-2017-0059
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via
75RISK
open ↗Referência
CVE-2017-0059
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via
75RISK
open ↗Referência
CVE-2022-24223
AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.
50RISK
open ↗Referência
CVE-2015-2208
The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via she
50RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.