Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
19,810 exploits
Referência
CVE-2015-5477
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (
60RISK
open
Referência
CVE-2015-2208
The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via she
50RISK
open
Referência
CVE-2012-2115
SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote atta
23RISK
open
Referência
CVE-2009-4660
Stack-based buffer overflow in the AntServer Module (AntServer.exe) in BigAnt IM Server 2.50 allows remote attackers to
50RISK
open
Referência
CVE-2009-4660
Stack-based buffer overflow in the AntServer Module (AntServer.exe) in BigAnt IM Server 2.50 allows remote attackers to
50RISK
open
Referência
CVE-2015-1793
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly
50RISK
open
Referência
wanewsletter 2.1.3 - Remote File Inclusion
PHP remote file inclusion vulnerability in newsletter.php in WAnewsletter 2.1.3 and earlier allows remote attackers to e
35RISK
open
Referência
Feindt Computerservice News 2.0 - 'newsadmin.php?action' Remote File Inclusion
PHP remote file inclusion vulnerability in newsadmin.php in Feindt Computerservice News (News-Script) 2.0 allows remote
35RISK
open
Referência
CVE-2025-34152
Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via Time Parameter
75RISK
open
Referência
CVE-2016-1209
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via
50RISK
open
Referência
CVE-2017-8835
SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw
50RISK
open
Referência
CVE-2015-3306
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RISK
open
Referência
LimeSurvey (phpsurveyor) 1.49rc2 - Remote File Inclusion
Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to exe
35RISK
open
Referência
CVE-2018-16836
Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attac
50RISK
open
Referência
CVE-2014-2364
Advantech WebAccess Stack-Based Buffer Overflow
68RISK
open
Referência
CVE-2015-4133
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 f
50RISK
open
Referência
CVE-2015-4133
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 f
50RISK
open
Referência
CVE-2015-4133
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 f
50RISK
open
Referência
CVE-2017-1000119
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise
50RISK
open
Referência
CVE-2015-8399
Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName p
50RISK
open
Referência
CVE-2023-28502
Stack buffer overflow in UniRPC's udadmin_server service
75RISK
open
Referência
snapd < 2.37 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (1)
Local privilege escalation via snapd socket
53RISK
open
Referência
snapd < 2.37 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (2)
Local privilege escalation via snapd socket
53RISK
open
Referência
CVE-2018-7445
CVE-2018-7445CRITICALunder attack
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remot
90RISK
open
Referência
CVE-2015-7602
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (d
50RISK
open
Referência
CVE-2015-7602
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (d
50RISK
open
Referência
CVE-2014-2849
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users
50RISK
open
Referência
CVE-2014-3913
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrar
50RISK
open
Referência
CVE-2014-3913
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrar
50RISK
open
Referência
CVE-2023-27179
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename paramet
68RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.