Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit400
Overlayfs Privilege Escalation
CVE-2015-866016 Jun 2015
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr op
43RISK
open
Metasploit600
Ruby on Rails Web Console (v2) Whitelist Bypass Code Execution
CVE-2015-322416 Jun 2015
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-
50RISK
open
Metasploit300
D-Link Cookie Command Execution
CVE-2025-34125CRITICAL12 Jun 2015
D-Link DSP-W110A1 Cookie Command Injection
63RISK
open
Metasploit300
SysAid Help Desk Administrator Account Creation
CVE-2015-299303 Jun 2015
SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers t
50RISK
open
Metasploit300
SysAid Help Desk Database Credentials Disclosure
CVE-2015-299803 Jun 2015
SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensi
43RISK
open
Metasploit300
SysAid Help Desk Database Credentials Disclosure
CVE-2015-299603 Jun 2015
Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrar
60RISK
open
Metasploit300
SysAid Help Desk Arbitrary File Download
CVE-2015-299703 Jun 2015
SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the account
50RISK
open
Metasploit300
SysAid Help Desk Arbitrary File Download
CVE-2015-299603 Jun 2015
Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrar
60RISK
open
Metasploit600
SysAid Help Desk 'rdslogs' Arbitrary File Upload
CVE-2015-299503 Jun 2015
The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote at
50RISK
open
Metasploit600
SysAid Help Desk Administrator Portal Arbitrary File Upload
CVE-2015-299403 Jun 2015
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators t
50RISK
open
Metasploit300
PhoenixContact PLC Remote START/STOP Command
CVE-2014-919520 May 2015
Phoenix Contact Software ProConOs and MultiProg Missing Authentication for Critical Function
85RISK
open
Metasploit500
Adobe Flash Player Drawing Fill Shader Memory Corruption
CVE-2015-310512 May 2015
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466
60RISK
open
Metasploit500
Adobe Flash Player ShaderJob Buffer Overflow
CVE-2015-309012 May 2015
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460
60RISK
open
Metasploit300
Windows ClientCopyImage Win32k Exploit
CVE-2015-1701HIGHunder attackransomware12 May 2015
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local
98RISK
open
Metasploit300
Realtek SDK Miniigd UPnP SOAP Command Execution
CVE-2014-8361CRITICALunder attack24 Apr 2015
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClien
100RISK
open
Metasploit600
ProFTPD 1.3.5 Mod_Copy Command Execution
CVE-2015-330622 Apr 2015
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RISK
open
Metasploit600
GoAutoDial 3.3 Authentication Bypass / Command Injection
CVE-2015-284521 Apr 2015
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arb
60RISK
open
Metasploit600
GoAutoDial 3.3 Authentication Bypass / Command Injection
CVE-2015-284321 Apr 2015
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute
50RISK
open
Metasploit600
ABRT raceabrt Privilege Escalation
CVE-2015-331514 Apr 2015
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impac
38RISK
open
Metasploit600
Lenovo System Update Privilege Escalation
CVE-2015-221912 Apr 2015
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allo
38RISK
open
Metasploit600
Wordpress N-Media Website Contact Form Upload Vulnerability
CVE-2015-10137CRITICAL12 Apr 2015
Website Contact Form With File Upload <= 1.3.4 - Arbitrary File Upload
63RISK
open
Metasploit500
Apple OS X Rootpipe Privilege Escalation
CVE-2015-1130HIGHunder attack09 Apr 2015
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and o
86RISK
open
Metasploit300
Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft
CVE-2015-112608 Apr 2015
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not
18RISK
open
Metasploit300
Archer C7 Directory Traversal Vulnerability
CVE-2015-3035HIGHunder attack08 Apr 2015
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before
100RISK
open
Metasploit600
Novell ZENworks Configuration Management Arbitrary File Upload
CVE-2015-077907 Apr 2015
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11
60RISK
open
Metasploit600
Ceragon FibeAir IP-10 SSH Private Key Exposure
CVE-2015-093601 Apr 2015
Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remot
60RISK
open
Metasploit0
Firefox PDF.js Privileged Javascript Injection
CVE-2015-081631 Mar 2015
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource
50RISK
open
Metasploit0
Firefox PDF.js Privileged Javascript Injection
CVE-2015-080231 Mar 2015
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl
50RISK
open
Metasploit300
Airties login-cgi Buffer Overflow
CVE-2015-279731 Mar 2015
Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 502
60RISK
open
Metasploit600
Apport / ABRT chroot Privilege Escalation
CVE-2015-131831 Mar 2015
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a craf
38RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.