Public exploitation
Exploit catalog
Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.
71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
AllExploit-DB 22,469Referência 19,841GitHub PoC 13,140VulnCheck XDB 8,078Nuclei 4,190Metasploit 3,462✓ verified onlyrecentpopularrisk
19,810 exploits
Referência
CVE-2015-5477
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (
60RISK
open ↗Referência
CVE-2015-2208
The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via she
50RISK
open ↗Referência
CVE-2012-2115
SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote atta
23RISK
open ↗Referência
CVE-2009-4660
Stack-based buffer overflow in the AntServer Module (AntServer.exe) in BigAnt IM Server 2.50 allows remote attackers to
50RISK
open ↗Referência
CVE-2009-4660
Stack-based buffer overflow in the AntServer Module (AntServer.exe) in BigAnt IM Server 2.50 allows remote attackers to
50RISK
open ↗Referência
CVE-2015-1793
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly
50RISK
open ↗Referência
wanewsletter 2.1.3 - Remote File Inclusion
PHP remote file inclusion vulnerability in newsletter.php in WAnewsletter 2.1.3 and earlier allows remote attackers to e
35RISK
open ↗Referência
Feindt Computerservice News 2.0 - 'newsadmin.php?action' Remote File Inclusion
PHP remote file inclusion vulnerability in newsadmin.php in Feindt Computerservice News (News-Script) 2.0 allows remote
35RISK
open ↗Referência
CVE-2025-34152
Shenzhen Aitemi M300 Wi-Fi Repeater OS Command Injection via Time Parameter
75RISK
open ↗Referência
CVE-2016-1209
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via
50RISK
open ↗Referência
CVE-2017-8835
SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw
50RISK
open ↗Referência
CVE-2015-3306
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RISK
open ↗Referência
LimeSurvey (phpsurveyor) 1.49rc2 - Remote File Inclusion
Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to exe
35RISK
open ↗Referência
CVE-2018-16836
Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attac
50RISK
open ↗Referência
CVE-2015-4133
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 f
50RISK
open ↗Referência
CVE-2015-4133
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 f
50RISK
open ↗Referência
CVE-2015-4133
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 f
50RISK
open ↗Referência
CVE-2017-1000119
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise
50RISK
open ↗Referência
CVE-2015-8399
Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName p
50RISK
open ↗Referência
snapd < 2.37 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (1)
Local privilege escalation via snapd socket
53RISK
open ↗Referência
snapd < 2.37 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (2)
Local privilege escalation via snapd socket
53RISK
open ↗Referência
CVE-2018-7445
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remot
90RISK
open ↗Referência
CVE-2015-7602
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (d
50RISK
open ↗Referência
CVE-2015-7602
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (d
50RISK
open ↗Referência
CVE-2014-2849
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users
50RISK
open ↗Referência
CVE-2014-3913
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrar
50RISK
open ↗Referência
CVE-2014-3913
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrar
50RISK
open ↗Referência
CVE-2023-27179
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename paramet
68RISK
open ↗We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.