Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,810GitHub PoC 13,116VulnCheck XDB 8,069Nuclei 4,188Metasploit 3,462✓ verified onlyrecentpopularrisk
3,462 exploits
Metasploit400
Overlayfs Privilege Escalation
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr op
43RISK
open ↗Metasploit600
Ruby on Rails Web Console (v2) Whitelist Bypass Code Execution
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-
50RISK
open ↗Metasploit300
SysAid Help Desk Administrator Account Creation
SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers t
50RISK
open ↗Metasploit300
SysAid Help Desk Database Credentials Disclosure
SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensi
43RISK
open ↗Metasploit300
SysAid Help Desk Database Credentials Disclosure
Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrar
60RISK
open ↗Metasploit300
SysAid Help Desk Arbitrary File Download
SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the account
50RISK
open ↗Metasploit300
SysAid Help Desk Arbitrary File Download
Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrar
60RISK
open ↗Metasploit600
SysAid Help Desk 'rdslogs' Arbitrary File Upload
The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote at
50RISK
open ↗Metasploit600
SysAid Help Desk Administrator Portal Arbitrary File Upload
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators t
50RISK
open ↗Metasploit300
PhoenixContact PLC Remote START/STOP Command
Phoenix Contact Software ProConOs and MultiProg Missing Authentication for Critical Function
85RISK
open ↗Metasploit500
Adobe Flash Player Drawing Fill Shader Memory Corruption
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466
60RISK
open ↗Metasploit500
Adobe Flash Player ShaderJob Buffer Overflow
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460
60RISK
open ↗Metasploit300
Windows ClientCopyImage Win32k Exploit
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local
98RISK
open ↗Metasploit300
Realtek SDK Miniigd UPnP SOAP Command Execution
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClien
100RISK
open ↗Metasploit600
ProFTPD 1.3.5 Mod_Copy Command Execution
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RISK
open ↗Metasploit600
GoAutoDial 3.3 Authentication Bypass / Command Injection
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arb
60RISK
open ↗Metasploit600
GoAutoDial 3.3 Authentication Bypass / Command Injection
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute
50RISK
open ↗Metasploit600
ABRT raceabrt Privilege Escalation
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impac
38RISK
open ↗Metasploit600
Lenovo System Update Privilege Escalation
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allo
38RISK
open ↗Metasploit600
Wordpress N-Media Website Contact Form Upload Vulnerability
Website Contact Form With File Upload <= 1.3.4 - Arbitrary File Upload
63RISK
open ↗Metasploit500
Apple OS X Rootpipe Privilege Escalation
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and o
86RISK
open ↗Metasploit300
Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not
18RISK
open ↗Metasploit300
Archer C7 Directory Traversal Vulnerability
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before
100RISK
open ↗Metasploit600
Novell ZENworks Configuration Management Arbitrary File Upload
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11
60RISK
open ↗Metasploit600
Ceragon FibeAir IP-10 SSH Private Key Exposure
Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remot
60RISK
open ↗Metasploit0
Firefox PDF.js Privileged Javascript Injection
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource
50RISK
open ↗Metasploit0
Firefox PDF.js Privileged Javascript Injection
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl
50RISK
open ↗Metasploit300
Airties login-cgi Buffer Overflow
Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 502
60RISK
open ↗Metasploit600
Apport / ABRT chroot Privilege Escalation
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a craf
38RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.