Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
19,810 exploits
Referência
CVE-2017-11914
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain t
35RISK
open
Referência
CVE-2017-11918
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to
35RISK
open
Referência
CVE-2004-0798
Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to
50RISK
open
Referência
CVE-2019-13396
FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an in
50RISK
open
Referência
CVE-2017-8487
Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially cra
35RISK
open
Referência
Amaya Web Editor 11.0 - XML / HTML Parser
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary
50RISK
open
Referência
CVE-2018-8617
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
35RISK
open
Referência
CVE-2018-7756
RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP
35RISK
open
Referência
CVE-2018-6329
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL i
50RISK
open
Referência
CVE-2018-6329
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL i
50RISK
open
Referência
CVE-2017-11839
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows a
35RISK
open
Referência
CVE-2011-5165
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted rem
50RISK
open
Referência
CVE-2011-5165
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted rem
50RISK
open
Referência
CVE-2011-5165
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted rem
50RISK
open
Referência
CVE-2011-5165
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted rem
50RISK
open
Referência
CVE-2006-4318
Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands.
50RISK
open
Referência
Texas Imperial Software WFTPD 3.23 - 'SIZE' Remote Buffer Overflow
Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands.
50RISK
open
Referência
CVE-2014-3888
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM V
50RISK
open
Referência
CVE-2014-3888
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM V
50RISK
open
Referência
CVE-2017-6622
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote a
35RISK
open
Referência
CVE-2023-28503
Authentication bypass in UniRPC's udadmin service
75RISK
open
Referência
CVE-2018-8384
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
35RISK
open
Referência
CVE-2019-6447
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary fi
50RISK
open
Referência
CVE-2015-5477
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (
60RISK
open
Referência
CVE-2015-5477
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (
60RISK
open
Referência
CVE-2017-0059
CVE-2017-0059MEDIUMunder attack
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via
75RISK
open
Referência
CVE-2017-0059
CVE-2017-0059MEDIUMunder attack
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via
75RISK
open
Referência
CVE-2017-0059
CVE-2017-0059MEDIUMunder attack
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via
75RISK
open
Referência
CVE-2022-24223
AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.
50RISK
open
Referência
CVE-2015-2208
The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via she
50RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.